Prefix input to make hash lookup harder

[tomlankhorst]

Right now, sha1(input) is exposed in the URL. For short and well-known passwords, hashes can be looked up easily. E.g. https://www.google.com/search?q=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 This URL exposes the password, and it's saved in browsing history. By prefixing the password with a string, such lookups are harder.

This breaks existing passwords.

Far better would be a real salt, but that would require the salt state to be embedded in the page (https://en.wikipedia.org/wiki/Salt_(cryptography)).