Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A password generator for website logins based on a single, private passphrase. This is a self-contained, statically compiled application which runs on the command line and does not require an internet connection.
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.



This project is inspired by oneshallpass but is written in Go instead of javascript, and runs on the command line as a self-contained, statically compiled binary, instead of a web browser.

The technical implementation is similar, i.e., HMAC-SHA512() hashing a combination of the host, username, generator and indicator numbers, but using scrypt instead of PBKDF2 for generating the shared private key (dk) value from the passphrase.

Building and Installing

This code requires Go's scrypt package before building:

$ go get
$ go build go-one-password.go

Update your $PATH to include the folder where go-one-password was built, and add a shorter alias, if you prefer (e.g., "g1p", assuming that doesn't conflict with anything on your system).


The core idea is that by remembering just one quality passphrase (known only by you), you can generate unique and secure passwords for multiple website logins.

There are many different ways of selecting a quality passphrase, but if you cannot come up with one on your own, there are several free sites which can pick one for you.

Once you settle on a passphrase, just make sure you commit it to memory; it's not stored anywhere by this code, and if lost or forgotten, is unrecoverable.

If you forget how to use go-one-password type it (or whatever alias you've used for it) in a shell prompt followed by "-help":

$ g1p -help
Usage of g1p:
  -host="": (required) the website you want to login to (e.g. "")
  -plen=16: (optional) set the resulting password length (the default is 16)
  -spec="": (optional) if the website requires one or more "special" characters in the password (e.g., "#%*" etc.) specify one or more of them here
  -user="": (required) the username or email address you use to login

Usage Examples

Here's how to use it in practice (the passphrase is asked in an interactive prompt, instead of from a command line argument, because we don't want to save the passphrase in your shell history by accident):

$ g1p -host -user
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for logging in as user is:


This is another example, for when the site requires one or more "special" characters:

$ g1p -host -user -spec="#%"
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for logging in as user is:


Something went wrong with that request. Please try again.