I use a password scheme where I keep a small number of easy to remember personal passwords. Instead of using the passwords directly for each service, I run them through a hashing algorithm first, as a sort of a seed, together with the name of the actual service. I then use the resulting hash as my actual password for the service. (There’s some more to it, I add some extra fixed letters to satisfy some normal password requirements, but let’s look away from that in this question.)
The pattern looks like this (using SHA512, and keeping just the 12 first characters of the resulting hash):
"my_p4SSWord!" + => SHA512 => "d4679b768229" "Facebook" "my_p4SSWord!" + => SHA512 => "182c5c2d4a2c" "LinkedIn"
The pattern allows me, not to remember all of my online passwords, but to remember how to easily re-create them, whenever I need to.
There are lots of online services for calculating hashes, and I currently use this one:
My question to the security experts is, how secure is this personal scheme of mine really? I truncate the hashes to just 12 characters. How does that affect the real crackability of my passwords? Also, I also use SHA512. How does it affect my scheme, as a contrast to using for instance bcrypt?