The main repository. Contains both Python and Javascript implementations.
| Revision | 0eda3b1990cb95ef22853e3d130428713cc84552 (tree) |
|---|---|
| Time | 2019-02-24 04:47:25 |
| Author | Eric Hopper <hopper@omni...> |
| Commiter | Eric Hopper |
Make --help better. Update README.md for recent changes.
| @@ -41,7 +41,7 @@ | ||
| 41 | 41 | ```text |
| 42 | 42 | $ ./makepw.py --help |
| 43 | 43 | usage: makepw.py [-h] [--iterations ITERS] [--site SITE] [--extra] [--old] |
| 44 | - [--no-check] | |
| 44 | + [--format FORMAT] [--list-formats] [--random] [--no-check] | |
| 45 | 45 | |
| 46 | 46 | Generate a site password from a master password and a site name. |
| 47 | 47 |
| @@ -51,26 +51,39 @@ | ||
| 51 | 51 | Number of hash iterations. Defaults to 200000. For the |
| 52 | 52 | original behavior of a non-iterated hash, use an |
| 53 | 53 | iteration count of 0. |
| 54 | - --site SITE, -s SITE Last two components of site domain name (aka | |
| 55 | - slashdot.org). | |
| 56 | - --extra, -e Add just a few more bits of entropy to the result | |
| 57 | - while still satisfying the requires of both upper and | |
| 58 | - lowercase, a digit and a symbol. | |
| 54 | + --site SITE, -s SITE Unique site or account identifier, usually the last | |
| 55 | + two components of site domain name (aka slashdot.org). | |
| 56 | + --extra, -e Backwards compatility - equivalent to --format | |
| 57 | + stupid_policy14 | |
| 59 | 58 | --old, -o Use old non-PBKDF2 function for generating the |
| 60 | - password. | |
| 59 | + password. Not relevant with -r | |
| 60 | + --format FORMAT, -f FORMAT | |
| 61 | + Output format of resulting password. Defaults to | |
| 62 | + 'stupid_policy13'. Use --list-formats for a list of | |
| 63 | + supported formats. | |
| 64 | + --list-formats, -l Print out a list of supported formats, like --help, | |
| 65 | + this short-circuits any other function. | |
| 66 | + --random, -r Use the OS secure random number generation to creae a | |
| 67 | + random password instead of asking for a master | |
| 68 | + password. Useful for generating master passwords, or | |
| 69 | + with the xkcd algorithm. Implies --no-check and | |
| 70 | + ignores the site name and --iterations. | |
| 61 | 71 | --no-check, -n Do not print out hash for check_site site. This hash |
| 62 | 72 | can help you tell if you entered the wrong password. |
| 63 | 73 | ``` |
| 64 | 74 | |
| 65 | 75 | ## How It Works ## |
| 66 | 76 | |
| 67 | -It uses the PKCS#5 v2.0 PBKDF2 with a large (but configurable) number | |
| 68 | -of iterations to make sure that even if an attacker manages to get the | |
| 69 | -plaintext password for a given site, it will be practically impossible | |
| 70 | -for them to reverse the hash and figure out the master password. | |
| 77 | +When not using `--random` mode, it uses the PKCS#5 v2.0 PBKDF2 with a | |
| 78 | +large (but configurable) number of iterations to make sure that even if | |
| 79 | +an attacker manages to get the plaintext password for a given site, it | |
| 80 | +will be practically impossible for them to reverse the hash and figure | |
| 81 | +out the master password. | |
| 71 | 82 | |
| 72 | 83 | ## Known Bugs ## |
| 73 | 84 | |
| 74 | 85 | It has a small bug in which it skips 'Z', 'z' and '9' for generating the |
| 75 | -uppercase, lowercase and digit characters. This bug should be faithfully | |
| 76 | -replicated to all the various implementations. | |
| 86 | +uppercase, lowercase and digit characters. When implementing this for | |
| 87 | +some other language, this this bug should be faithfully replicated to | |
| 88 | +maintain compatibility and allow people to use any implementation for | |
| 89 | +re-creating a password they created with a different implementation. |
| @@ -130,21 +130,22 @@ | ||
| 130 | 130 | "use an iteration count of 0.") |
| 131 | 131 | parser.add_argument('--site', '-s', |
| 132 | 132 | metavar='SITE', type=str, |
| 133 | - help="Last two components of site domain name " | |
| 134 | - "(aka slashdot.org).") | |
| 133 | + help="Unique site or account identifier, usually the" | |
| 134 | + " last two components of site domain name (aka" | |
| 135 | + " slashdot.org).") | |
| 135 | 136 | parser.add_argument('--extra', '-e', action='store_true', default=False, |
| 136 | - help="Add just a few more bits of entropy to the " | |
| 137 | - "result while still satisfying the requires of both " | |
| 138 | - "upper and lowercase, a digit and a symbol.") | |
| 137 | + help="Backwards compatility - equivalent to " | |
| 138 | + "--format stupid_policy14") | |
| 139 | 139 | parser.add_argument('--old', '-o', action='store_true', default=False, |
| 140 | 140 | help="Use old non-PBKDF2 function for generating the " |
| 141 | - "password.") | |
| 141 | + "password. Not relevant with -r") | |
| 142 | 142 | parser.add_argument('--format', '-f', |
| 143 | 143 | metavar='FORMAT', type=str, default=None, |
| 144 | - help="Output format of resulting password. This will" | |
| 145 | - " supercede the -eargument. Use --list-formats for a" | |
| 144 | + help="Output format of resulting password. Defaults" | |
| 145 | + " to 'stupid_policy13'. Use --list-formats for a" | |
| 146 | 146 | " list of supported formats.") |
| 147 | 147 | parser.add_argument('--list-formats', '-l', action='store_true', |
| 148 | + default="stupid_policy13", | |
| 148 | 149 | help="Print out a list of supported formats," |
| 149 | 150 | " like --help, this short-circuits any other function.") |
| 150 | 151 | parser.add_argument('--random', '-r', action='store_true', |
Fork
README.md
makepw.py