Skip to content

Latest commit

 

History

History
216 lines (131 loc) · 4.13 KB

manual.md

File metadata and controls

216 lines (131 loc) · 4.13 KB

Manual

Name

pw - A deterministic password generator.

Synopsis

pw [switches] [--] [arguments]

Description

pw is a deterministic password generator that lets you create passwords based on your master password with the following method.

base64(sha3_512("master_password,then,comma,separated,values"))

Usage

If you don’t have a master password yet:

pw --init
OpenSSL command 
openssl rand -base64 16 | tr -d '\n' | openssl dgst -binary -sha3-512 | openssl enc -A -base64

Generates 16 random bytes that are encoded into Base64, then passed to the password generator.

Set your user—taupiqueur@kanto—password:

pw --length=10 kanto taupiqueur

Sign up Google:

pw --length=10 google.com taupiqueur.kanto
OpenSSL command 
printf 'Strong password,google.com,taupiqueur.kanto' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

Pet name:

pw --length=10 google.com taupiqueur.kanto Bunny
OpenSSL command 
printf 'Strong password,google.com,taupiqueur.kanto,Bunny' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

Sign up Apple:

pw --length=10 apple.com [email protected]
OpenSSL command 
printf 'Strong password,apple.com,[email protected]' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

Show password before hashing:

pw --show google.com taupiqueur.kanto
Show password 
Strong password,google.com,taupiqueur.kanto

The method format is comma-separated values, from generic to specific.

Copy password:

pw --copy google.com taupiqueur.kanto

Attempt to set the terminal clipboard content using the xterm escape sequence.

Advanced usage

If a special character is required, just add an apostrophe—for prime.

On the contrary, if special characters are not allowed, use the --alphanumeric-only option to drop the +, / and = characters from the Base64 table.

The option exists to mitigate the need to tweak your password in a second pipe—and probably a third pipe for copying.

Finally, you might want to specify a version to your password:

pw --length=10 kanto taupiqueur 2
OpenSSL command 
printf 'Strong password,kanto,taupiqueur,2' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

In practice?

Depending on my situation here are the tools I use:

  • I use pw to create passwords I need to remember and remember one password.
  • I use Google Password Manager and the Suggest strong password feature for passwords I want to be random.

Options

The options are as follows:

-i
--init

Generate a secure, random password.

-l <length>
--length=<length>

Specifies the password length.

-a
--alphanumeric-only

Remove non-alphanumeric characters.

-s
--show

Show password.

-c
--copy

Copy password.

Attempt to set the terminal clipboard content using the xterm escape sequence.

-

Read master password from stdin.

-r
--rescue

Rescue mode.

Print all password methods to date.

-h
--help

Show this help.

-V
--version

Show version.

Environment

The following environment variables have an effect on pw.

MASTER_PASSWORD

Specifies the master password.