DEV Community

Luca Sepe
Luca Sepe

Posted on

PWGen - Create strong passwords easy to remember but hard to break

Cross Platform simple and secure password generator / manager that does not require a file/cloud/whatever archive.

Passwords become complicated (one capital letter, one number, one punctuation mark, one emoji, etc.)...

  • It's impossible to use and remember different passwords for all of your accounts?
  • You often reuse the same passwords on various accounts?

With PWGen all you need to remember are:

  1. a username
  2. a scope - can be the web site URL or the service name (whatever you find it easy to associate with that account)
  3. a secret phrase - anything that is easy for you to remember!

While username and scope must vary from service to service (eg. GMail, Twitter, etc.), the secret phrase can always be the same.

Using these parameters PWGen will generate a password:

  • unique
  • complex and safe
  • that meets all validation standards (uppercase, lowercase, numbers and special characters)

PWGen creates strong passwords that are easy to remember but hard to break.

Using PWGen does not stop you from managing your passwords using a secure 'wallet' and in fact this is encouraged.

The combination of both tools will be winning.

  • for this purpose, let me introduce PWSafe ... check it out!

What PWGen gives to you is:

  • a simple way to generate good quality and safe passwords for websites and other services
  • a secure mechanism to retrieve your passwords even when you are away from home
  • an easy system for managing your passwords

WARNING!

To recreate the same password for a given account you must make sure you don't forget the original values ​​you used (points 1-2-3)

If you enter different values, PWGen will produce a different password! (the difference between upper and lower case is also important)

How does PWGen works?

  • The text composed by (username + scope) is encrypted using the secret phrase.

Password-Based Key Derivation Function 2

  • The result of this encryption is used to feed a deterministic random number generator (let's call it RNG).

  • The password is composed picking random characters using the integers generated by this RNG.

All these calculations are done "on the fly" every time you request it. This is why PWGen does not need any archive.

Usage

| => pwgen -h
PWGen - Create strong passwords that are easy to remember but hard to break.

A password manager that does not requires a file/cloud or whatever archive.

  - crafted with passion by Luca Sepe

Usage: pwgen [OPTIONS] <scope>

  Example: pwgen "pinco.pallo/twitter.com"

Options:
  -secret string
        used for encryption - if not provided pwgen will ask for it interactively
  -specials
        allow special characters (default true)

A simple example:

| => pwgen "pinco.pallo@gmail.com/instagram"
Secret phrase: ***** 
Secret phrase again: ***** 
M+Jj=hrH04

Oldest comments (0)