#passgen — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passgen, aggregated by home.social.
-
> http://www.ostechnix.com/4-easy-ways-to-generate-a-strong-password-in-linux/
My preferred :
openssl rand 14 -base64
gpg --gen-random --armor 1 14
... but the passwords are not easy to remember. A good argument to use a password manager.I ended up writing #passgen (https://github.com/codesections/pass-gen/) to solve that problem. It's another xkcd-style solution, though with a bigger dictionary and more customization options than many takes on that solution
-
@[email protected] @codesections
> Perl has the advantage of being installed *everywhere*.
That's an interesting perspective. One of the reasons I wrote #passgen (which is a #bash rewrite of xkpasswd with some added features) was that I was tired of installing #perl for just that one program.
-
Also, on the subject of "why yes I rewrote that in bash, why?", you might be interested in one of my side projects: #passgen, a full passphrase generator based off similar principles to diceware or other word-list based passphrase generators. It's pure bash and plays well with standard input/output.
-
I'm also a happy user of pass—so happy that I built a bit of a companion app called #passgen (https://passgen.codesections.com).
It's a passphrase generator that uses the same style as pass. (Because a passphrase will be both more secure and easier to type than a password) It pipes it output to standard out, so it works well with pass: you can generate a new password and store it with pass with `pass-gen -e | pass -e USERNAME`
End of self promotion, but yeah, pass is really great!
-
Interesting. I wouldn't say that I live in the shell—rather, I live in the *terminal*. I use zsh commands a lot, of course, but I also write bash, python, or javascript scripts frequently; I don't feel the need to link everything together.
I wonder if some of this comes from a developer vs. sysadmin use cases. I write a fair bit of bash—including #passgen, my most developed #foss project so far—but I don't think I've every written an *inline* script.
Interesting perspective!
-
@kev Another language I'd put in the mix for those goals is #bash. It's not quite as versatile as others, but it's still very powerful. It's what #pass and my own #passgen are written in, for example. And for simple automation in #linux environment, it really can't be beat.
Plus, anyone who is comfortable with the command line is halfway to knowing #bash.
The second half of The Linux Command Line has a great introduction to bash. Plus, it's free under a CC license: http://linuxcommand.org/tlcl.php
-
I'm a big fan of #pass, which is a CLI tool that stores passwords in a #GPG-encrypted #git repo (there are non-CLI clients for it) https://www.passwordstore.org/
I like pass so much that I wrote a passphrase generator in the same spirit, called #passgen (https://passgen.codesections.com). It's a #FOSS tool that generates passphrases that are secure and easier to type in (for those occasions when you can't paste from a password manager).
-
@puffinux Oh, this is fun—I'll try to stick to your format:
Programs I use with #linux (#arch) as my OS:#dwm + dmenu (display manager)
#qutebrowser (browser)
#neovim (text editor)
#vim + qutebrowser (mastodon)
#weechat + #znc (IRX)
#keybase + vim (encrypted chat)
#mutt (email)
#feh (image viewer)
#scrot (screenshots)
#simpleTerminal (terminal emulator)
#tmux (terminal multiplexer)
#mupdf (PDF viewer)
#pass + #passgen (password manager) -
@d4klutz I'm a huge fan of #pass https://www.passwordstore.org/ — so much so that I built a passhrase generator in the same spirit (though it works with other managers too)
#passgen https://passgen codesections.com
-
Turns out that the top #hashtags I've used or favorited on Mastodon are:
#rust(65)
#introductions(60)
#introduction(51)
#gutenberg(41)
#linux(39)
#foss(32)
#mastodon(30)
#fosstodon(27)
#passgen(18)
#arch(17)I'm pretty happy with that as a summary of my conversations on here.
(Thanks to @[email protected] 's useful mastodon-archive tool for generating this info. https://github.com/kensanata/mastodon-backup)
-
If you're a big user of #pass, you might also like my current #FOSS project, #passgen. https://passgen.codesections.com
It's CLI app that generates passphrases that can be piped on to pass. For example, `pass-gen -e | pass add <username>` generates a new passphrase and pipes the adds it to a pass store.
passgen creates passphrases that are much easier to type in if a site ever blocks you from pasting or if you need to use a different computer—and they're even more secure.
-
Definitely going to be trying this out when I get some time later this afternoon—it sounds very cool!
(Welcome to the club of #fosstodon members who've worked on companion software to #pass. I didn't expect #passgen to have company in that particular club!)
-
Just how concerned should I be by a message from Gmail saying that someone attempted to reset my password from Texas (no where near where I live)? I've already changed my password (#passgen made it easy to come up with a new one), and I have two-factor authentication enabled. And gmail isn't my primary email, but it's still one I don't want to have compromised.
I figure it's probably someone with a similar email address miss-typing their address, but wanted to ask how worried I should be.
-
@alatiera
I disagree, at least for nouns. Imagine I want to toot about a new version of an open-source project. Which sounds better:> I just released v0.5 of #passgen, the passphrase generator that follows the #unix philosophy.
Or:
> I just released v0.5 of passgen, the passphrase generator that follows the unix philosophy.
#passgen #unixThe first clearly and correctly signals that the hashtag is a link to related content; by my lights, it's much better. You disagree?
-
I might have mentioned this already, but I wrote a companion-app of sorts to pass. My app, #passgen, generates secure random passphrases (instead of passwords), since they're much easier to type whenever you can't paste. It's designed to work well with #pass (well, with anything that accepts standard input, but pass is what I use). To generate a new passphrase for pass, you'd just run `pass-gen -e | pass add <username>`.
More info at https://passgen.codesections.com
j -
@ObjFW
I think that depends some on your #git workflow. I'm of the "commit early, commit often" school of thought—it makes `git bisect` so useful! So, for example, my #passgen project already has over 50 commits. https://github.com/codesections/pass-gen If I'd tooted about each one, I'm sure it would have annoyed people.What I've done instead is to toot about each of the four versions I've released, which (hopefully!) isn't annoying.
-
One question, though:
For the #linux version, did you consider using `dev/urandom` to generate your random numbers? That would give you much stronger random numbers, suitable for more secure use. For example, you could use `$(( $MIN + $(od -An -N2 -i /dev/urandom) % ($MAX - $MIN + 1) ))` to generate an integer between MAX and MIN (and then divide to get it within your 0–1) range).
That's the basic approach to randomness I take in #passgen (https://passgen.codesections.com/)
-
@besserwisser
<mostly_joking_self_promotion>
Well, in that case, I've written a #minimalist password generator you should try!#passgen is a CLI app to generate secure passphrases that are easy to type (for when you can't paste). And it follows the #unixPhilosophy, and lets you pipe it's output to standard-out (or, optionally, have it in your clipboard). https://passgen.codesections.com/
</mostly_joking_self_promotion>
-
(And, if people aren't as comfortable with computers but still take #infosec seriously, they might also be interested in the #EFF project that inspired #passgen, which provides instructions for generating random passphrases by rolling dice. https://www.eff.org/dice)
-
I'm a huge fan of #pass (https://www.passwordstore.org/). It's primarily a CLI app, but it also has several GUI clients, which might be better for a 101 space.
<self_promotion>Also, if they'd be interested in a password *generator*, I wrote #passgen, which generates secure, memorable/pronounceable passwords using a user-configurable set of wordlists (by default, the wordlists from the EFF) Fully open source, of course
https://passgen.codesections.com/
</self_promotion>
-
@unicornfarts @Artek I don't really know apg, but from a quick look, I think #passgen passwords would be *more* memorable. It's configurable to use any of a bunch of different wordlists, but by default it uses a combined list taken from several #EFF lists, so you'd get a password like skirt?UNSTEADY?legend?SUPERJET?livable?DINGBAT?507?
-
<self_promotion> Even if you don't use a password manager, could I interest you in a password *generator*? I wrote #passgen, a password generator that creates secure passphrases that are easy to type (for those times when you can't just copy and paste). And, if you ever do use #pass or another password manager, #passgen plays nicely and pipes it's output to standard-out (or lets you copy it)
https://passgen.codesections.com/
Fully #foss, of course.
</self_promotion>
-
I recently moved from KeePassXC to #pass (https://www.passwordstore.org/), and have been incredibly happy with it.
(Its simplicity was actually what inspired me to write #passgen, (https://passgen.codesections.com/) which plays nicely with pass—you can generate a passphrase with passgen and pipe it right into pass.
Of course, pass can generate its own passwords, but I wanted more flexibility) -
@Jamest @greyone @ThatTupperKid
<blatant_FOSS_self_promotion> If you're changing to a better FOSS password manager, you might also be interested in the FOSS password generator that I wrote, #passgen. The hook with it is that it generates passphrases that are super secure & also easy to type when, for whatever reason, you can't paste from your password manager. https://passgen.codesections.com/</self_promotion>
Glad you're staying!
-
@gwmngilfen @timapple @mooshoe @nextcloud plug for #passgen, the command line tool I wrote that generates secure, easy-to-type passhrases. I wrote it for those times when you can't copy/paste from your password manager—with pen and paper, that's *every* time. So passgen seems like an especially good fit for your use case.
-
@hinterwaeldler The xkcd example is actually true! (with some caveats)
The same idea is what powers the CLI I wrote, #passgen, which generates xkcd-style passwords with insanely high entropy (perfect for when you can't paste from a password manager.) https://passgen.codesections.com/
I blogged about the details a couple weeks ago (https://www.codesections.com/blog/how-secure-is-pass-gen/), but the short version is that it depends on how many *words* are on the list you use to generate the password—not how many letters are in each word
-
#passgen (my CLI for generating secure, random, and *pronounceable* passphrases, useful for having passwords that aren't a pain to type in when you can't paste from your password manager) now has a website:
https://passgen.codesections.com
(Actually, because I'm indecisive about the hyphen in the title and like 301 redirects, https://pass-gen.codesections.com works too)