pgen password generator

See down for instructions, notes and suchlike.

pgen

Hash:
Testcase: -- this helps you check the secret key is correct
Schema: -- this transforms the secret key, $S, and input $I to hash
Secret: -- choose a secret phrase, memorise it, and tell nobody
Input: -- enter the name of the password, e.g. 'mywebsite' or 'paypal'
Length: -- number of characters to produce
Punctuation: -- replace @ and # with X for sites that don't like punctuation
Test output:
Pgen output:

Instructions

Set the schema (or stick with the default). Set the secret key (this is not displayed, but be aware that if someone has physical access they can recover the value using the Javascript console, so always close this tab/window when done. Pick the hash you want. To check you have the secret key typed correctly, use a test case. That is, a string, such as 'MrFlibble', or 'HexVision' that you won't use elsewhere, and memorise the first 3-4 characters of the output. For example, with SHA-256 and schema($I,$S), and secret key 'hex', the first three characters produced are '@7z'. It is quite practical to use the empty string as the test case. Also, ensure you have set the correct length.

Once everything is set, enter input strings into the Input box, and press Return. For example, for amazon, you can enter 'amazon', and for facebook, you can enter 'facebook'. If the schema or secret key is changed even slightly, or a different hash is chosen, the output will be vastly different. Thus provided you keep the secret key secret, and remember hash and schema settings, you can then use the output strings as passwords. Usefully, this method requires essentially no storage, and can be reproduced on a standard Linux command line (or the Apple Mac OSX command line, provided you have the hash, cut and xxd commands available). Joyfully, there are no subscription fees, no encrypted database to worry about, and you can even see how it works. -- John Chalisque

If you would like a local copy, download this file, and md5.min.js and sha.js. The sha.js file comes from jsSHA 2.0.1 (from here), and the md5.min.js file comes from JavaScript-MD5 (from here).

Alternatively, pgen-selfcont.html is a self-contained HTML file, with the javascript for the hash functions included.

Linux command line

The sha pgens do the same thing as


echo -n "schema($I,$S)" | sha256sum | cut -f1 -d\  | xxd -r -p | base64 -w0 | cut -c1-16 | tr '+/' '@#'

where "schema($I,$S)" is the schema used, and the cut command is adjusted to length.

The MD5n pgen works like


echo "schema($I,$S)" | md5sum | cut -f1 -d\  | base64 -w0 | cut -c1-16 | tr '+/' '@#'

and the MD5 pgen works like

echo -n "schema($I,$S)" | md5sum | cut -f1 -d\  | base64 -w0 | cut -c1-16 | tr '+/' '@#'

(note the -n in the second echo command, to omit newline).

Notes

Important: in the schema, $S expands to the secret, and $I to the input. Do NOT have the string $I occur in your secret. You can have $S occur in the input, and it will NOT expand to the secret. But if you put $I in the secret, the input will get substituted. Feel free to hack the Javascript if you want things to work differently.

Source code

Finally, for those on Linux, Mac, anything *NIX, or Windows with cygwin and the hashing programs, xxd, cut and base64 installed, the following is a script for the command line which produces the same passwords as this page.


#!/bin/bash
# Copyright John Chalisque Allsup, 2016
# Released as Free Software under the terms of the GNU GPLv2

I="$1"
if [ -z "$HASH" ]; then HASH=sha512sum; fi
if [ -z "$SCHEMA" ]; then SCHEMA='schema($I,$S)'; fi
if [ -z "$PLENGTH" ]; then PLENGTH=16; fi
((PL=PLENGTH));
if ((PL<8)); then ((PL=8)); fi
if ((PL>32)); then ((PL=32)); fi
eval "echo -n \"$SCHEMA\"" | $HASH | cut -f1 -d\  | xxd -r -p | base64 -w0 | cut -c1-$PL | tr '+/' '@#'

This program is Free Software, released under the GPL version 2, as is the following, which does the MD5 and MD5n generators. Note that these are weaker, but still most likely sound for home users.

#!/bin/bash
# Copyright John Chalisque Allsup, 2016
# Released as Free Software under the terms of the GNU GPLv2

I="$1"
if [ -z "$HASH" ]; then HASH=md5sum; fi
if [ "$HASH" = "MD5n" ]; then HASH=md5sum; NL=""; else NL="-n"; fi
if [ -z "$SCHEMA" ]; then SCHEMA='schema($I,$S)'; fi
if [ -z "$PLENGTH" ]; then PLENGTH=16; fi
((PL=PLENGTH));
if ((PL<8)); then ((PL=8)); fi
if ((PL>32)); then ((PL=32)); fi
eval "echo $NL \"$SCHEMA\"" | $HASH | cut -f1 -d\  | base64 -w0 | cut -c1-$PL | tr '+/' '@#'