Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
159 lines (106 sloc) 5.27 KB
passtab - a light-weight system for managing passwords
"We're all good at securing small pieces of paper. I recommend that people write
their passwords down on a small piece of paper, and keep it with their other
valuable small pieces of paper: in their wallet." [1] -- Bruce Schneier
passtab is a tool to help store passwords in your wallet.
passtab is a light-weight system for managing passwords using a Tabula Recta
[3]. passtab builds on the idea of "writing down your passwords" [1,2] and
attempts to provide a simple interface for password management. The idea for
this project was inspired by a blog post written by John Graham-Cumming [2].
One of the main features of passtab is the ability to generate a special Tabula
Recta [3] consisting of random characters (generated using a cryptographically
secure random number generator). One can then create passwords by selecting a
row and column from the Tabula Recta. Here's a simple example, suppose we have
the following Tabula Recta:
| A B C D E F G H I J K L M N
A | _ u } I ` } R ) a < L : a A
B | - o ( : p # O % . _ ; ' j L
C | w c ( c y 2 h y ~ N O * > w
D | o : R m L % V , d H r Y B j
E | 9 , < 0 J p a o ) O w 0 w #
F | C j i } i z 2 $ O R 5 @ T I
G | Q - E m 8 N c / + u W Y V >
H | , y } U Y i j i q w q c - 4
I | K j W H e ; I ? E 7 H v 2 +
J | g * 7 4 E } a h Y z < " : w
K | . _ } I / J k 1 a D ^ ; p K
L | ` < A L c z } } I P ? 4 y T
M | F D < 8 < 0 R B t 9 X o B 2
N | I r O E m o a + Y W w ; : 7
And suppose we want to get our password for logging into webmail at We
decide to use the first and last letter of the domain name as the start
row/column of the password and we want a password 8 characters in length. So we
start at the intersection of 'A' and 'E' and read off 8 characters diagonally
resulting in the password: '#h,)RWc
Defining a scheme for selecting the starting row/column for a given password is
completely up to the user and can be as simple or as complex as one desires.
The direction for reading the password is also up to the user to define (left,
right, diagonally, etc.). See John Graham-Cumming's excellent blog post [2] for
more examples.
passtab provides the ability to generate these Password Tabula Recta's in PDF
format for printing (and storing in your wallet) along with other advanced
features for storing and retrieving passwords.
- List all options:
$ passtab --help
- Generate a Tabula Recta using the default header and alphabet
$ passtab
- Generate a Tabula Recta in PDF format
$ passtab -f pdf -o password-recta.pdf
- Generate a Tabula Recta using a custom header and default alphabet
$ passtab -b A,B,C,D,E,F,G,H,I,J,K,L,M,
- Generate a Tabula Recta using a custom header and alphabet
$ passtab -b A,B,C,D,E,F,G,H,I,J,K,L,M, -a 'a,b,c,d,e,f,g,1,2,3,4,5,!,@,#,$'
passtab can optionally store the Tabula Recta in addition to generating the PDF
file. This allows one to have both a hard copy and electronic version of the
Tabula Recta. passtab stores the Tabula Recta files in JSON format. Here's some
example uses for working with the stored Tabula Recta:
- Generate a Tabula Recta in PDF and JSON
$ passtab --dbsave
this generates 2 files: passtab.pdf and ~/.passtab_db
- Fetch the password starting at row 'A' and column 'E'
$ passtab -g A:E
by default passtab creates passwords 13 characters in length
moving diagonally (SE) from the start position
- Fetch the password 4 characters in length moving left (WEST) starting at A:E
$ passtab -g A:E -s 4:W
- Fetch the password 4 characters in length moving diagonally (SE) starting at A:E
skipping every 3 character
$ passtab -g A:E -s 4:SE -x 3
passtab will read ~/.passtab when starting up. See the sample file in the docs/
directory (docs/passtab-config.sample) for a more complete example.
Here's an example:
# passtab config
# My WebMail
You can define tags in passtab for quick access to passwords. Using the
passtab config file above we can now do:
- Fetch the password for the "webmail" tag defined in our ~/.passtab
$ passtab -t webmail
- Fetch the password for "webmail" and copy to clipboard
$ passtab -t webmail --chomp | xclip
- Print all meta-data (user, website, etc.) for "webmail"
$ passtab -t webmail -v
- Export all tags (passwords, usernames, and urls)
$ passtab -e -v
passtab was written by Andrew E. Bruno <>