Implementing user-defined salt to address pwdhash vulnerabilities

[lpmbgithub]

Hello good people;

I have been using your pwdhash app for Android for sometime now. I initially started hashing my own passwords using keygrinder.com but the developer, Alex King, died in 2015 and until the domain recently expired, the website did not use https:// anyway.

I have been aware for sometime that the pwdhash implementation from Stamford had significant vulnerabilities that were described here: researchgate

I have found an alternative implementation of pwdhash that appears to address the concerns in the article above: https://gwuk.github.io/PwdHash2/pwdhash2/

Would you consider upgrading your implementation to allow a customised client side salt like the site above? Additionally - what would be your thoughts about creating a website that allowed for password generation irrespective of OS? The Stamford site is no longer being supported and will likely die at some stage (I assume) and doesn't support the user defined salt.