The Deal
I’m offering I was offering a $100 Amazon.com gift certificate or a donation to your favorite open source project to the first person who can write me a Firefox Extension that matches the criteria outlined below. Most of the work has been done for you by many open source developers. It just needs a a little UI wiring (check the mock-up at the end of the post).

Basic Idea
Not too long ago someone came up with a good implementation of a password generator (Too Many Passwords) that is easy to use and will generate good passwords for you so that you don’t end up either forgetting them or using the lame shortcut of having only a few passwords for all your sites (a strong one for important sites like your bank, and maybe a couple other less strong ones). PwdHash is a similar idea but as a Firefox Extension. Both are free and open source, and I know that there are other similar extensions and web sites, but nothing I’ve seen so far is as easy to use, or as well integrated with Firefox as I’d like, and thus, I’m posting this bounty. Essentially, I’m asking you to improve upon the idea in the first link (Too Many Passwords), and convert it into a Firefox Extension.

Why Not Do It Myself?
Because I know very little about Firefox Extensions and would rather spend my time working on my own projects. It would take me many hours for me to piece together the knowledge required to get this working as I want it, but hardly any time for someone who is already familiar with writing Firefox Extensions, because all of the heavy lifting has already been written by other people. All that’s left is wiring up the GUI. I think it’s worth $100 to me and the community to have this built, and I think that someone familiar with writing Firefox Extensions should be able to finish it in about three hours which seems a fair trade.

Details

Most of the details are covered in “The Fine Print” and the mock-up below. The only other thing, in case it wasn’t blazingly obvious, is that when you launch this via the Tools menu or a Right click it should be a some sort of XUL pop-up window that won’t be blocked by pop-up blockers. It would be best if you could make the JavaScript easy to be separated from the extension so that I, or someone else, can use it to make a web based version, but this isn’t a criteria for winning. If you’ve got questions, or any of this seems a little vague, or you think a criteria should be changed, please contact me.

The Fine Print

• I’m open to suggestions and changes on any of these requirements.
• It is perfectly acceptable to build upon existing code (including but not limited to either of the links above) as long as the result can be open sourced and the licenses don’t appear to conflict.
• The only programming language involved must be JavaScript and it should not call out to any external programs. I want this to be easy for people to extend.
• Must work on Linux, OS X, and Windows. If you’re only using JavaScript this should be a non-issue. I’ll test it on all platforms the first business-day after I get the submission.
• Unless you can convince me otherwise it should use SHA1 instead of MD5. Yes, they’ve both been “broken” but SHA1 is less broken. And yes, there are open source JavaScript implementations of SHA1.
• Passwords should be in hex (base 64) format so as to avoid any whack characters that sites might not accept.
• The password generation should algorithm should be essentially the same as that of the first link except with SHA1 instead of MD5. That is to say, it should hash the password, then use that plus the contents of the “Domain (location)” field to generate a hash and then use the first n characters of that as the password.
• Must include all required images and make no calls to any web site. It doesn’t matter what images you use in your submission. I’ll probably replace them with something else anyway. But please use the little lock icon that follows this list beside the menu items. I may replace that too though. ;)
• The lock icon displayed on the form should be the unlocked lock if the site is not using https, and the locked one if they are. If you can think of other non-obnoxious visual indicators (maybe different background images) to warn users that the site they’re currently on isn’t using using SSL feel free to add them in. Hooking into the way Firefox does it in the address bar would be optimal but I don’t know if this is possible.
• The insertion into a text field or copying to a clipboard should happen when someone clicks one of the “n char” buttons, not when they click the radio button.
• All criteria specified in the following mock-up must be met.
• I’ll take care of the documentation, so you don’t have to bother.
• The resulting extension will be open sourced and full credit will be given (unless you’d prefer to remain anonymous).
• Feel free to optionally make it launchable via some key combination or F-key as long as it doesn’t conflict with anything you can think of.
• I’ll need instructions (or a link to existing ones) on how to bundle your source code into a Firefox Extension.
• The winner is the first project (.zip, .tgz, .bz2) that shows up in my e-mail, meets all the criteria, can be successfully built from source by me, and works in my Firefox.
• I’ll e-mail the winner the gift certificate number upon receipt of working code that I can build from source and meets all the criteria. If you choose to have me donate to an open source project instead the project must have some easy way for me to make the donation (my definition of “easy”).

Lock icons:

Mockup