password generator that uses name and url/website
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 7 of 7
  1. #1
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,399
    Linux (Fedora) Firefox 62.0

    password generator that uses name and url/website

    Without taking into account user id, or website id, the gnome password generator generates passwords using certain rules, .

    Is there a password generator that takes three arguments.

    Code:
    Name: [leslie                            ]
    Salt    : [text to add to a hash  for example could be yyyy-mm-dd]
    site    :[fedoraforum.org]  length [10]
    and provides an output that is a string of a specific length?

    The gome-password-generator is somewhat close to the needs. It does not take into account website or url.

    Obviously, if the fields "name","salt","site" and "length" are invariant, the same password will be generated.
    I did a simple test by putting my logon name, a date for a salt, and this website as site into a file and I ran sha1sum against that file

    Code:
    leslie
    fedoraform.org 10
    20181006
    sha1sum produced:
    25c5c9f5d2d9816cab6097b0aa31490e7be40df8

    The tweaking needed is to add a some upper/lower and special characters to the output string and to truncate it to length 10.

    Suggestions please. Do I write my own?
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  2. #2
    Join Date
    Jan 2010
    Posts
    7,349
    Linux Chrome 69.0.3497.100

    Re: password generator that uses name and url/website

    There's a program mkpasswd that takes various arguments, I believe it will allow you to choose length and things like including special characters. Not sure of its name in Fedora, I use it in FreeBSD. You can also use openssl and random to generate passwords, but I don't remember how many arguments you give it.

    openssl rand -base64 32 gives a nice long one. Ending that with 12, rather than 32 gives you things like wCD6I+ukHbH2pQyK. I suppose you could use that and add what you wanted, though that's a pain. And there's pwgen which generates pronounceable passwords. (Again I just know the FreeBSD name, but assume it's available for Linux and it has various parameters.

  3. #3
    Join Date
    Oct 2010
    Location
    Canberra
    Posts
    2,993
    Linux Firefox 60.0

    Re: password generator that uses name and url/website

    First, to answer your question:
    Create a mapping table. The sha1sum appears to be a hexadecimal string. Hence all you need to do is read pairs of characters from the string, convert them to a number and use that to index a 256 character array containing the characters you want in the password.

    Secondly, I'm not sure I understand your idea. If not done correctly we will all be able to predict all of your passwords.
    To do it with any hope of being secure the salt would have to be a strong random number. In which case, what purpose do the other fields have? You still have to store the random number.

    User error. Please replace user and try again

  4. #4
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,399
    Linux (Fedora) Firefox 62.0

    Re: password generator that uses name and url/website

    Quote Originally Posted by ocratato
    First, to answer your question:
    Create a mapping table. The sha1sum appears to be a hexadecimal string. Hence all you need to do is read pairs of characters from the string, convert them to a number and use that to index a 256 character array containing the characters you want in the password.

    Secondly, I'm not sure I understand your idea. If not done correctly we will all be able to predict all of your passwords.
    To do it with any hope of being secure the salt would have to be a strong random number. In which case, what purpose do the other fields have? You still have to store the random number.
    Hi Ocratato
    =========
    What I want for a pw generator is:
    a) accept an address (eg fedoraforum.org)
    b) accept my unencrypted password which I would ilke to keep constant (I visit many many sites)
    c) accept a salt string that I will change every few weeks/months.
    d) have a mapping table that goes from hex to some other string, with special characters and with ability to have total length specified by website specifications.
    I do use a password manager with firefox, but sometimes I just want to stop remembering what I used with what website and just have a rule to tell me the password that I can copy/paste into the appropriate field.
    Gnome's password manager is almost what I want dl gnome-password-generator
    It offers Char set a-zA-Z0-9 /All printable excl space/alpha-lower/hex/decimal/ base64 (a-zA-Z,0-9,'/+)
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  5. #5
    Join Date
    Oct 2010
    Location
    Canberra
    Posts
    2,993
    Linux Firefox 60.0

    Re: password generator that uses name and url/website

    A few thoughts:

    I would use a pass phrase rather than a pass word. They are more secure and frequently easier to remember.

    If you change the salt, then the generated password will be changed (obviously) so do you intend to give the site the new password? Otherwise it sort of defeats the point of having a generator so you don't need to store all the passwords.

    You may need more than one mapping table. Different sites have different restrictions on what are allowable characters - some require specials while others don't allow them. You then need some way of recording which table you used for a site.

    You will also need to save what the password length used was for each site.

    It seems to me that you will need to store the parameters into a database (indexed by the url):
    url --> userid, salt, table, length
    If you keep the pass phrase separate (or only in your memory) then the database will not be able to be used by anyone that acquires the info.

    I would design the code so that the pass phrase was in memory for the shortest possible time.

    User error. Please replace user and try again

  6. #6
    Join Date
    Oct 2018
    Location
    Virginia Beach
    Posts
    3
    FreeBSD Firefox 62.0

    Re: password generator that uses name and url/website

    Have you looked at pass?

  7. #7
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,399
    Linux (Fedora) Firefox 62.0

    Re: password generator that uses name and url/website

    Hi Ocratato,
    The idea of a password phrase is not convenient for me. For all websites except yahoo.com, these site sometimes send me a note that they were hit by a hacker, and I need to change the pwd. I don't always recall the pwd. With using phrases, I would run into problems.
    I am using "lastpass" as a firefox add-on. It is convenient, it does the fill-in invisibly, making it a tough time trying to work when it is not installed, such as on my cellphone.

    I will check android apps for a password manager. I hope one exists and if it is convenient I will see if I can use it for both Android and Linux.
    Thank you all for the ideas, including the review of pass.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

Similar Threads

  1. md5 generator
    By ahmad_fedora in forum Using Fedora
    Replies: 1
    Last Post: 14th April 2008, 11:31 PM
  2. Replies: 3
    Last Post: 10th August 2007, 07:39 AM
  3. Password prompt for my default website
    By xyleo in forum Servers & Networking
    Replies: 2
    Last Post: 3rd July 2006, 09:01 AM
  4. packet generator
    By anant_shah in forum Servers & Networking
    Replies: 1
    Last Post: 2nd January 2006, 10:21 PM
  5. New: gnome-password-generator 1.3 (FC1,FC2,stable)
    By fedora-package-announce-admin@fedora.us in forum Advisories & Updates
    Replies: 0
    Last Post: 9th May 2004, 03:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •