stateless password generator
C Shell Makefile Objective-C
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
arg_parser
config
encoders
libscrypt
man
poison
readpass
test
.travis.yml
Makefile
README.md
defaults.md
genpass.c
genpass.gif
getpass

README.md

genpass

Build Status

A stateless password generator.

genpass

Quick start

Ubuntu based systems (LTS versions)

  1. Set up the minos archive:

    $ sudo add-apt-repository ppa:minos-archive/main
    
  2. Install:

    $ sudo apt-get update && sudo apt-get install genpass
    

Other Linux distributions

  1. Compile from source

    $ make
    
  2. Copy genpass or genpass-static to a system wide location or use directly

    $ cp genpass genpass-static /usr/local/bin/
    

Only for the dynamic genpass binary

  1. Install libscrypt from your prefered source. On Ubuntu/Debian it's named libscrypt0

    $ sudo apt-get install libscrypt0
    
  2. Or use the bundled ./libscrypt/libscrypt.so.0 one.

    $ sudo cp ./libscrypt/libscrypt.so.0 /usr/lib/
    

Linux static binaries can also be retrieved with static-get, for x86|amd64 platforms

  1. Fetch static binaries

    $ sh <(wget -qO- s.minos.io/s) -x genpass
    
  2. Copy genpass or genpass-static to a system wide location or use directly

    $ cp genpass-*/genpass genpass-*/genpass-static /usr/local/bin/
    

Usage

First time usage:

$ genpass
Name: Guy Mann
Site: github.com
Master password: passwd #it won't be shown
4?Hs>Jf#r*X9>7rznOS?4L=ysh&X>M/?8F>?^P(hW

This will prompt you for your name, site and master password. The first time it's executed it will take a relative long time (a couple of minutes) to get back. It'll create a cache key and will save it to ~/.genpass-cache, then it will combine it with the master password and the site string to generate the final password. The cache key file should be guarded with moderate caution. If it gets leaked possible attackers may have an easier time guessing your master password (although it still will be considerably harder than average brute force attacks).

General use

$ genpass [options] [site]

Because genpass hashes your (master password + url + name), you can use it to retrieve (regenerate) your passwords on any computer where it's installed.

It's recommended to defined cost, length and other parameters explicitly, default values will change between versions as computers get updated on CPU/RAM.

Default values for version 2016.10.30 are:

Parameter Value
Cache cost (Scrypt N) 2^20
Cost (Scrypt N) 2^14
Scrypt r 8 bits
Scrypt p 16 bits
Key length 32 bytes, 256 bits
Encoding z85

Past default values are listed in the defaults.md file.

In addition, you can setup a configuration file using the --config option. An example is provided here: genpass-example.ini.

Scheme

The scheme uses two levels of hash computations (although with the -1 parameter it can use only one). The first level is executed once when a user begins to use a new machine for the first time. This computation is parameterized to take a relatively long time (around 60 seconds on this implementation) and its result are cached for future password calculations by the same user. The next level is used to compute site-specific passwords. It takes as input the calculation produced from the first level as well as the name of the site or account for which the user is interested, the computation time is parameterized to be fast (around .1 seconds in our implementation).

Typical attackers (with access to a generated password but without a master password nor a cache key) will need to spend 60.1 seconds on average per try and will have little room for parallelization, legitimate users on the other hand will require 0.1s after the initial cache key is calculated. This way the scheme strives for the best balance between security and usability.

The algorithm has been updated to use a key derivation function specifically designed to be computationally intensive on CPU, RAM and custom hardware attacks, scrypt. The original paper uses a sha1 iteration logarithm which can be parallelized and is fast on modern hardware(2010), fast is bad on key derived functions.