My Secure Password System

On my linux machines (with ash, sharutils and md5sum installed), I
have the following script:

--- BEGIN /usr/bin/makepass

#!/bin/bash

A="$(echo "$*$SUGAR" | md5sum | uuencode -m - | head -n2 | tail -n1)" 
echo "${A:0:16}"

--- END

The md5sum command can be changed to essentially any cryptographic hash
generator. What happens is stuff goes in one end, and random looking
stuff comes out the other. Importantly, same input means same output, and
figuring out the input given only the output is something only organisations
like GCQH and NSA can even contemplate taking on, and even they are asking
the government to pass laws to make things like this easier.

On linux, run ash. This is because ash does not remember what you type.
Set and export an environment variable (here named SUGAR) so that someone
with a keylogger will have a hard time.

With the variable set, you can type something like

makepass facebook.com://john.allsup

and out will come something like

OTkwYzBmY2Q1M2Fh

(I'll leave you to guess at what I used for SUGAR there ;-) )

And also,

makepass "facebook.com::john.allsup :-)"

produces

ODk4OTk1N2U0N2Fi

given the same sugar. (p.s. I will never use this SUGAR in practice.)

Use this as your password, and memorise by rote this simple script.

Then, for a website, compose a scheme that takes a domain name and
an username and combines it to produce something like the

    "facebook.com::john.allsup :-)"

you see above. So long as you remenber the sugar, this can be the same
for nearly all your internet passwords, since it cannot be recovered
from the passwords you use (or at least, not unless you are the NSA).
Importantly, if you are not a terrorist, you can probably trust the NSA
not to have time to waste reading your facebook messages.

So basically,
1. Have a scheme which takes a domain name and a user name or something
and produces an input string. Make this personal.
2. Have a sugar which is constant across a large number of websites.
3. Use a different sugar for things like your bank, just in case.
4. Use this to generate passwords, and if you want longer ones, simply
change 
    echo "${A:0:16}"
to something like
    echo "${A:0:24}"
(the hash function you use is the limit on how long this can get.)

Then you have something better than keypass, which is basically
a two line bash script on any computer with a working terminal,
bash shell, md5sum and uuencode programs. If you know anything about
what these programs do, you can of course modify it slightly if you like.
But do you really need to?

John