home.social

#passgen — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #passgen, aggregated by home.social.

  1. @YesIKnowIT

    > ostechnix.com/4-easy-ways-to-g
    My preferred :
    openssl rand 14 -base64
    gpg --gen-random --armor 1 14
    ... but the passwords are not easy to remember. A good argument to use a password manager.

    I ended up writing (github.com/codesections/pass-g) to solve that problem. It's another xkcd-style solution, though with a bigger dictionary and more customization options than many takes on that solution

  2. @[email protected] @codesections

    > Perl has the advantage of being installed *everywhere*.

    That's an interesting perspective. One of the reasons I wrote (which is a rewrite of xkpasswd with some added features) was that I was tired of installing for just that one program.

  3. @gentoorebel

    Also, on the subject of "why yes I rewrote that in bash, why?", you might be interested in one of my side projects: , a full passphrase generator based off similar principles to diceware or other word-list based passphrase generators. It's pure bash and plays well with standard input/output.

    passgen.codesections.com

  4. @brennen Agreed! has a man page—and, yeah, it took about as long to write as the program itself, but it was worth it!

  5. @peanutbutter144

    I'm also a happy user of pass—so happy that I built a bit of a companion app called (passgen.codesections.com).

    It's a passphrase generator that uses the same style as pass. (Because a passphrase will be both more secure and easier to type than a password) It pipes it output to standard out, so it works well with pass: you can generate a new password and store it with pass with `pass-gen -e | pass -e USERNAME`

    End of self promotion, but yeah, pass is really great!

  6. @mike @Qwxlea

    Interesting. I wouldn't say that I live in the shell—rather, I live in the *terminal*. I use zsh commands a lot, of course, but I also write bash, python, or javascript scripts frequently; I don't feel the need to link everything together.

    I wonder if some of this comes from a developer vs. sysadmin use cases. I write a fair bit of bash—including , my most developed project so far—but I don't think I've every written an *inline* script.

    Interesting perspective!

  7. @kev Another language I'd put in the mix for those goals is . It's not quite as versatile as others, but it's still very powerful. It's what and my own are written in, for example. And for simple automation in environment, it really can't be beat.

    Plus, anyone who is comfortable with the command line is halfway to knowing .

    The second half of The Linux Command Line has a great introduction to bash. Plus, it's free under a CC license: linuxcommand.org/tlcl.php

  8. @manulfk

    I'm a big fan of , which is a CLI tool that stores passwords in a -encrypted repo (there are non-CLI clients for it) passwordstore.org/

    I like pass so much that I wrote a passphrase generator in the same spirit, called (passgen.codesections.com). It's a tool that generates passphrases that are secure and easier to type in (for those occasions when you can't paste from a password manager).

  9. @puffinux Oh, this is fun—I'll try to stick to your format:
    Programs I use with () as my OS:

    + dmenu (display manager)
    (browser)
    (text editor)
    + qutebrowser (mastodon)
    + (IRX)
    + vim (encrypted chat)
    (email)
    (image viewer)
    (screenshots)
    (terminal emulator)
    (terminal multiplexer)
    (PDF viewer)
    + (password manager)

  10. @d4klutz I'm a huge fan of passwordstore.org/ — so much so that I built a passhrase generator in the same spirit (though it works with other managers too)

    https://passgen codesections.com

  11. Turns out that the top I've used or favorited on Mastodon are:

    (65)
    (60)
    (51)
    (41)
    (39)
    (32)
    (30)
    (27)
    (18)
    (17)

    I'm pretty happy with that as a summary of my conversations on here.

    (Thanks to @[email protected] 's useful mastodon-archive tool for generating this info. github.com/kensanata/mastodon-)

  12. @crodges

    If you're a big user of , you might also like my current project, . passgen.codesections.com

    It's CLI app that generates passphrases that can be piped on to pass. For example, `pass-gen -e | pass add <username>` generates a new passphrase and pipes the adds it to a pass store.

    passgen creates passphrases that are much easier to type in if a site ever blocks you from pasting or if you need to use a different computer—and they're even more secure.

    @coffee

  13. @coffee

    Definitely going to be trying this out when I get some time later this afternoon—it sounds very cool!

    (Welcome to the club of members who've worked on companion software to . I didn't expect to have company in that particular club!)

  14. Just how concerned should I be by a message from Gmail saying that someone attempted to reset my password from Texas (no where near where I live)? I've already changed my password ( made it easy to come up with a new one), and I have two-factor authentication enabled. And gmail isn't my primary email, but it's still one I don't want to have compromised.

    I figure it's probably someone with a similar email address miss-typing their address, but wanted to ask how worried I should be.

  15. @alatiera
    I disagree, at least for nouns. Imagine I want to toot about a new version of an open-source project. Which sounds better:

    > I just released v0.5 of , the passphrase generator that follows the philosophy.

    Or:

    > I just released v0.5 of passgen, the passphrase generator that follows the unix philosophy.

    The first clearly and correctly signals that the hashtag is a link to related content; by my lights, it's much better. You disagree?

  16. @bryangruneberg

    I might have mentioned this already, but I wrote a companion-app of sorts to pass. My app, , generates secure random passphrases (instead of passwords), since they're much easier to type whenever you can't paste. It's designed to work well with (well, with anything that accepts standard input, but pass is what I use). To generate a new passphrase for pass, you'd just run `pass-gen -e | pass add <username>`.

    More info at passgen.codesections.com
    j

  17. @ObjFW
    I think that depends some on your workflow. I'm of the "commit early, commit often" school of thought—it makes `git bisect` so useful! So, for example, my project already has over 50 commits. github.com/codesections/pass-g If I'd tooted about each one, I'm sure it would have annoyed people.

    What I've done instead is to toot about each of the four versions I've released, which (hopefully!) isn't annoying.

  18. @fleischie28

    One question, though:

    For the version, did you consider using `dev/urandom` to generate your random numbers? That would give you much stronger random numbers, suitable for more secure use. For example, you could use `$(( $MIN + $(od -An -N2 -i /dev/urandom) % ($MAX - $MIN + 1) ))` to generate an integer between MAX and MIN (and then divide to get it within your 0–1) range).

    That's the basic approach to randomness I take in (passgen.codesections.com/)

  19. @besserwisser
    <mostly_joking_self_promotion>
    Well, in that case, I've written a password generator you should try!

    is a CLI app to generate secure passphrases that are easy to type (for when you can't paste). And it follows the , and lets you pipe it's output to standard-out (or, optionally, have it in your clipboard). passgen.codesections.com/

    </mostly_joking_self_promotion>

  20. @tek @_cr0_tab

    (And, if people aren't as comfortable with computers but still take seriously, they might also be interested in the project that inspired , which provides instructions for generating random passphrases by rolling dice. eff.org/dice)

  21. @tek @_cr0_tab

    I'm a huge fan of (passwordstore.org/). It's primarily a CLI app, but it also has several GUI clients, which might be better for a 101 space.

    <self_promotion>Also, if they'd be interested in a password *generator*, I wrote , which generates secure, memorable/pronounceable passwords using a user-configurable set of wordlists (by default, the wordlists from the EFF) Fully open source, of course

    passgen.codesections.com/

    </self_promotion>

  22. @unicornfarts @Artek I don't really know apg, but from a quick look, I think passwords would be *more* memorable. It's configurable to use any of a bunch of different wordlists, but by default it uses a combined list taken from several lists, so you'd get a password like skirt?UNSTEADY?legend?SUPERJET?livable?DINGBAT?507?

  23. @Artek @unicornfarts

    <self_promotion> Even if you don't use a password manager, could I interest you in a password *generator*? I wrote , a password generator that creates secure passphrases that are easy to type (for those times when you can't just copy and paste). And, if you ever do use or another password manager, plays nicely and pipes it's output to standard-out (or lets you copy it)

    passgen.codesections.com/

    Fully , of course.

    </self_promotion>

  24. @thor

    I recently moved from KeePassXC to (passwordstore.org/), and have been incredibly happy with it.

    (Its simplicity was actually what inspired me to write , (passgen.codesections.com/) which plays nicely with pass—you can generate a passphrase with passgen and pipe it right into pass.
    Of course, pass can generate its own passwords, but I wanted more flexibility)

  25. @Jamest @greyone @ThatTupperKid

    <blatant_FOSS_self_promotion> If you're changing to a better FOSS password manager, you might also be interested in the FOSS password generator that I wrote, . The hook with it is that it generates passphrases that are super secure & also easy to type when, for whatever reason, you can't paste from your password manager. passgen.codesections.com/</self_promotion>

    Glad you're staying!

  26. @gwmngilfen @timapple @mooshoe @nextcloud plug for , the command line tool I wrote that generates secure, easy-to-type passhrases. I wrote it for those times when you can't copy/paste from your password manager—with pen and paper, that's *every* time. So passgen seems like an especially good fit for your use case.

    passgen.codesections.com

  27. @hinterwaeldler The xkcd example is actually true! (with some caveats)

    The same idea is what powers the CLI I wrote, , which generates xkcd-style passwords with insanely high entropy (perfect for when you can't paste from a password manager.) passgen.codesections.com/

    I blogged about the details a couple weeks ago (codesections.com/blog/how-secu), but the short version is that it depends on how many *words* are on the list you use to generate the password—not how many letters are in each word

  28. (my CLI for generating secure, random, and *pronounceable* passphrases, useful for having passwords that aren't a pain to type in when you can't paste from your password manager) now has a website:

    passgen.codesections.com

    (Actually, because I'm indecisive about the hyphen in the title and like 301 redirects, pass-gen.codesections.com works too)