pass_tool is a simple python script that is readily memorisable and perfectly unsuspicious to have.
It allows you to use a "seed" or "master password" to provide secure randomly generated passwords.
This way, with only the script you can recover all your passwords but no data is stored!
I was inspired by and it works similar to the electrum wallet seeds.
amnesia@amnesia:~/Persistent/pass_tool$ ./pass_tool
Seed:
URL: reddit.com
uname: dnm_throwaway_001
460324d6d99b9caf0e8300ae
The seed area is empty because it's entered as a password. It is recommended that this be a secure password (>60 bits of entropy).
The generator itself provides about 94bits of entropy passwords. The first 24 chars of the hexidecimal output of a SHA512(url+uname+SHA512(seed)), the passwords aren't relatable so even if one account is hacked they cant gain access to your other accounts.
I use this script for throwaway accounts I might want to reaccess. However it could be used as an alternative to keepassx for example. I must re-iterate the security is entirely down to the quaility and saftey of your seed.
NO DATA IS STORED. Forget the seed or url or username and you will never regenerate that data!
The code:
#!/usr/bin/env python
import hashlib, getpass
seed = getpass.getpass('Seed: ')
passwd = hashlib.sha512()
passwd.update(seed)
seed = passwd.hexdigest()
while 1:
passwd = hashlib.sha512()
url = raw_input('URL: ')
uname = raw_input('uname: ')
passwd.update(seed)
passwd.update(url)
passwd.update(uname)
print passwd.hexdigest()[0:24]
(Previous post didn't make it)
Is there anywhere where there's more info on the script/a download page?
I quite a lot about scripting and coding but I have no Python knowledge and I think this script does indeed sound very useful, thanks for sharing!