Made with Bash. The script should just run on the standard Linux distros - no further installation necessary.
Passgen is meant to generate strong, valid, random-looking passwords deterministically from any given text-string or key. You don't need to remember or store the generated password, because you can always generate it as long as you remember the text-string you provided. There lies its security. To generate the same password on a different machine, however, you'd need to note down the PASSGEN_SALT that is output.
Every password generation requires an effectively single-threaded process that takes a significant time (mostly <1m though). This is because the algorithm uses a Hashcash-like proof-of-work procedure targeted for 20 bit partial hash-collision, viz. the final hash must have 20/4=5 zeroes in its hex representation. All the hashes are SHA512. The algorithm is so designed that a minimum amount of work must always be done.
Also, it cannot be predicted beforehand exactly how much time the password generation would take. For some values of the given text-string, the time taken may be way over the 1m mark. Hopefully, this unpredictability and requirement of single-threadedness would make brute-force hacks slow.
Non-interactive:
timeout <max number of seconds you can have your patience e.g. 60> \
./passgen [-w <no. of chars in the desired password>] <string that you can remember>
Example:
timeout 60 ./passgen -w 10 'Iluvbash'
timeout 60 ./passgen 'patience is a virtue'
Interactive:
timeout 60 ./passgen
Tip: If password generation is taking too much time, try some other text-string.
- Passwords are bound to the device they are generated on, if the environment variable
PASSGEN_SALT
is not set. In other words, whenPASSGEN_SALT
has no value, runningpassgen
on the same machine will always output the same password and take nearly the same time, but running it on different machines will give different output and require different times. Therefore, to generate the same password in similar time in two different machines, doexport PASSGEN_SALT=<your chosen value>
before runningpassgen
. - Every password essentially contains at least one special character, one upper-case letter, one lower-case letter and one numeral. The default width for generated passwords is 8 characters.