[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

2.3 password-options options

Options for specifying password attributes.. The --cclass, --length, --tag, --shared and --specials options are stored in the configuration file. They are associated with a password ID via a clipped sha check sum of the id. They will be recalled the next time that id is used.

login-id option (-i).

This is the “a reminder of your login id” option. This option takes a string argument.

This option has some usage constraints. It:

It is sometimes difficult to remember your login name for a given site. Or even, perhaps, if you have ever set up an account on a particular site. By specifying this option, you will know both that you have set it up and you will have a reminder what your login name is. Avoid using your real login name.

Also, there are now some sites that send password credentials to a validation domain that is common among several domains. Since this application forces you to use different passwords for different domains and these domains force you to use the same password for different domains, this option solves the irresistable force and immovable object dilemma. For each of the dependent domains, specify this option that will remind you of the correct password id.

The login-id has no effect on the final password, so it may be specified or altered at any time.

length option (-l).

This is the “sets password length” option. This option takes a number argument.

This option has some usage constraints. It:

Some web sites are more restrictive. Some are more generous. Use of this option requires a <pw-id> operand.

Password lengths of 4 through 7 characters are limited to "pin" numbers. "pin" numbers are 4 or more digits. All other passwords must be at least 8 characters long. The default length is 16. Use at least 24, if you can.

cclass option (-c).

This is the “password character class” option. This option takes a set-member argument.

This option has some usage constraints. It:

This option augments or specifies which character classes either must or must not appear in the final password.

Some sites disallow special characters, other sites require them, and still others require them, but only certain ones. If disallowed, specify no-special and special characters will be replaced with digits. If special is specified specifically, then in the absence of a ’+’ or ’/’ character, one character will be replaced with a hyphen. Other characters may be substituted for these three special characters with the --specials option.

Explanations of the keywords:

upper

There must be at least one upper case letter.

lower

There must be at least one lower case letter. Both this and ‘upper’ together require one of each.

alpha

There must be at least one alphabetic character, either upper or lower If either ‘upper’ or ‘lower’ is specified, this attribute is a no-op.

no-alpha

Alphabetic characters are prohibited. This conflicts with ‘upper’, ‘lower’ and ‘alpha’.

digit

There must be at least one decimal digit character.

no-triplets

When three characters in a row are the same, the third is fiddled. Letters are changed to the next letter and z becomes a. Digits are handled similarly. Special characters are replaced with the third possible special character (-, unless modified with --specials). (Yes, there are a few such sites.)

special

The password must contain at least one ‘special character’ (a non-alphabetic, non-digit character).

no-special

The password must not contain any characters that are not alphabetic or decimal digits.

no-sequence The password must not contain a consecutive sequence

of three or more characters.

pin

The password is all digits, a Personal Identification Number. This is an abbreviation for no-alpha + no-special + digit.

alnum

This is an abbreviation for alpha + digit.

two-*

Two of a particular character class are required. Specifying this implies "at least one of" the specified type. Two upper case, lower case, punctuation (special) and digit characters may be specified this way. “two-alpha” is not supported.

rehash option (-r).

This is the “rehash password with pkcs#5 pbkdf2” option. This option takes a number argument.

This option has some usage constraints. It:

By default, passwords are created with the SHA256 hash of the "seed string", the password id and the tag text associated with the seed. If not disabled, the pbkdf2 funcion (with SHA1 as the HMAC function) is used to rehash the result a number of times. By default, this is done 10007 times. This can be over-ridden by specifying a different count. Changing the count will change the password and will mark the entry with the date of the most recent password change.

Please see RFC 2898 for a specification of the PBKDF2 (Password-Based Key Derivation Function version 2) function.

pbkdf2 option.

This is the “rehash password with pkcs#5 pbkdf2” option. This option takes a number argument.

This option has some usage constraints. It:

This is the deprecated spelling for the -r/–rehash option. This will be marked as not-for-command-line-use with the next release.

specials option.

This is the “set alternate special characters” option. This option takes a string argument.

This option has some usage constraints. It:

The password is a base64 encoding of a sha256 hash of various inputs. Base64 encoding uses ’+’ and ’/’ characters and when this program is required to have at least one special character in the result, it will replace one character with a hyphen (-).

However, some web sites require special characters and constrain them to be in a particular set that does not include these three: ‘/+-’. Therefore, specify this option with exactly three characters in the string argument. They will be used to replace the three characters above. The first two may be the same, but the third must be different from the first two. This option is accepted, but serves no purpose if no-special has been specified in the --cclass option.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]

This document was generated by Bruce Korb on June 30, 2018 using texi2html 1.82.