This page contains scripts that may be used to create 20 digit passwords on the command line. These are compatible with the online SS64 password generator and will produce the same passwords.
# Bash version
strongpw() {
read -rs -p 'Encryption key: ' key
echo '' # line break
echo -n "$key:$1" | sha256sum | perl -ne "s/([0-9a-f]{2})/print chr hex \$1/gie" | base64 | tr +/ Ea | cut -b 1-20
}
# OS X bash version
strongpw() {
read -rs -p 'Encryption key: ' key
echo '' # line break
echo -n "$key:$1" | shasum -a 256 | perl -ne "s/([0-9a-f]{2})/print chr hex \$1/gie" | base64 | tr +/ Ea | cut -b 1-20
}
Written by Benoit Mortgat who has also kindly provided a zip file containing both a bash module and a PowerShell module. These can be loaded as part of your startup profile making them easily available.
Also available on GitHub, pull requests are welcome.
Examples:
$ strongpw paypal
Encryption key:
5h8RDZxO6xyXbaLrxKE6
Command-line scripts can be an aid to cracking passwords. If you enter a password into a website which saves the password as plain text (no password hashing) and if that website is subsequently hacked, the attacker would have one of your passwords. The attacker could then run a brute force or dictionary attack through the same hash algorithm until they find a match with the first password, the attacker would then have your master password.
The way to protect yourself against this type of attack is to ensure that your Master Password is long enough (with enough entropy) that such an attack would take an impractical length of time to complete.
Related:
Are the SS64.com password generators a good approach? - StackExchange
Password security and a comparison of Password Generators
PasswordStore.org - Unix password manager (command line)
“Excellence is not an act but a habit. The things you do the most are the things you will do the best” ~ Marva Collins