How can I re-use my password and still protect the password if it is exposed from one source?

You are trying to solve a problem that you shouldn't have in the first place: Password Reuse

The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.

The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!

What about my suggested scheme?

You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.

There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers

Why are Offline Password Managers better?

Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "".

Because SN2\ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).

The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.

I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?

Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.

I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.

The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.

The final problem is sites like,, and which all need to share a password.

I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).