NAME

pw — A deterministic password generator.

SYNOPSIS

`pw`	[`switches`] [`--`] [`arguments`]

DESCRIPTION

pw is a deterministic password generator that lets you create passwords based on your master password with the following method.

base64(sha3_512("master_password,then,comma,separated,values"))

USAGE

If you don’t have a master password yet:

pw --init

The openssl(1) equivalent is:

openssl rand -base64 16 | tr -d '\n' | openssl dgst -binary -sha3-512 | openssl enc -A -base64

Generates 16 random bytes that are encoded into base64(1), then passed to the password generator.

Set your user—‘taupiqueur@kanto’—password:

pw --length=10 kanto taupiqueur

pw --length=10 google.com taupiqueur.kanto

The openssl(1) equivalent is:

printf 'Strong password,google.com,taupiqueur.kanto' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

Pet name:

pw --length=10 google.com taupiqueur.kanto Bunny

The openssl(1) equivalent is:

printf 'Strong password,google.com,taupiqueur.kanto,Bunny' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

pw --length=10 apple.com taupiqueur.kanto@gmail.com

The openssl(1) equivalent is:

printf 'Strong password,apple.com,taupiqueur.kanto@gmail.com' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

Show password before hashing:

pw --show google.com taupiqueur.kanto

The command’s output is:

Strong password,google.com,taupiqueur.kanto

The method format is comma-separated values, from generic to specific.

Copy password:

pw --copy google.com taupiqueur.kanto

Attempt to set the terminal clipboard content using the xterm(1) escape sequence.

Advanced usage

If a special character is required, just add an apostrophe—for prime.

On the contrary, if special characters are not allowed, use the --alphanumeric-only option to drop the ‘+’, ‘/’ and ‘=’ characters from the base64(1) table.

The option exists to mitigate the need to tweak your password in a second pipe—and probably a third pipe for copying.

Finally, you might want to specify a version to your password:

pw --length=10 kanto taupiqueur 2

The openssl(1) equivalent is:

printf 'Strong password,kanto,taupiqueur,2' | openssl dgst -binary -sha3-512 | openssl enc -A -base64 | head -c 10

In practice?

Depending on my situation here are the tools I use:

I use pw to create passwords I need to remember and remember one password.
I use Google Password Manager and the Suggest strong password feature for passwords I want to be random.

OPTIONS

The options are as follows:

-i, --init: Generate a secure, random password.
-l length, --length=length: Specifies the password length.
-a, --alphanumeric-only: Remove non-alphanumeric characters.
-s, --show: Show password.
-c, --copy: Copy password.
Attempt to set the terminal clipboard content using the xterm(1) escape sequence.
-: Read master password from stdin.
-r, --rescue: Rescue mode.
Print all password methods to date.
-h, --help: Show this help.
-V, --version: Show version.

ENVIRONMENT

The following environment variables have an effect on pw.

MASTER_PASSWORD: Specifies the master password.

CONTRIBUTING

Report bugs on the: issue tracker,
ask questions on the: IRC channel,
send patches on the: mailing list.

AUTHORS

Mathieu Ablasou <taupiqueur.kanto@gmail.com>