I want to have a program that takes 2 arguments, the first a master password and the second an easy to remember string, relevant to the generated password. It processes this information and turns it into a string. So my passwords wouldn't be written anywhere, I would just remember the master password and the easy to remember string for each password. For example something like
get-password --master-pass Gh3vBF2d --name stackoverflow
would get my password for Stackoverflow.
I tried to do it with sha512. It takes a hardcoded salt + master password + the relevant string and goes 60k+ rounds and returns the hash.
This is far from perfect as the hash is hex, so it has low entropy. I'd like the output to consist of alphanumerics, lower case and upper case and some special characters. I tried to convert it to base64 and the output is too short. Not only that, but the generated passwords seem similar, for example: N2Q5MjJkZWM=, N2YzNGRkYWQ=
Anyone has an idea how I could generate a high entropy password, about 16-20 chars in length and it must not generate similar passwords.
I have been using md5sum to good effect for a while.
Command:
echo -n Gh3vBF2d#stackoverflow | md5sum | cut --bytes=1-20
^^^ domain
^^^ Master password
Output:
0e8dc2aa9a8d85afc267
Related
First Hello! I have a crunch question:
We need to generate some list to crack password which has lower, upper case letters and numbers.
exp: a2jXBv69
We can do it simple way by using "crunch 8 8 abcABC123..." but it will create a huge list with a lot of useless passwords containing only upper case latter or just lower case letters or just numbers which cost a lot of time, power, and its not effective.
Now I didn't find still or I didn't look on right place how to generate only passwords which have upper-lower cases and number without other useless passwords like 214364984941 AIDJFISDOGFJO ssasadasd...
My question need is how to generate a list with only what I need like in this example?
Sorry if you don't understand my English I don't speak or write it very well.
The best way to accomplish this would probably be to use a dictionary.
https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials
There is no real practical way to "generate" common passwords. Sure there are some tricks, like checking how spellable a word is or adding some numbers e.g. 123 to the end of the password, but they don't nearly produce the same quality passwords as the above-mentioned password list.
This question already has answers here:
A Regex to match a SHA1
(6 answers)
Closed 5 years ago.
I need some basic validation (sanitation checks) to determine if some input is a valid SHA1 sum or just a (random) string. If possible with simple parsing rules or a Regex.
Are there any rules to what a SHA1 sum should adhere? I cannot find any, but from quick tests, all seem to be hexadecimal and around 40 characters long[1].
I am not interested in tests that prove whether or not the SHA-1 sum was made in a secure, properly random or other manner. Just that the format is correct.
I am also not interested in testing that the digest is an actual representation of some message; Just that it has the format of digest in the first place.
For the curious: this is for an application where I build avatars for users based on a.o. their uuid. I don't, however, want to place those uuids in the URL, but obfuscate them a little. So instead of avatars/baa4833d-b962-4ab1-87c5-283c9820eac4.png, we request avatars/5f2a13cb1d84a2e019842cdb8d0c8b03c9e1e414.png. Where 5f2a... is e.g. Digest::SHA1.hexdigest(uuid + "secrect").
On the receiving side, I am adding some basic protection that sends back a 400 bad request whenever something is obviously false. Such as avatars/haxor.png or avatars/traversal../../../../attempt.png. Note that this is a very much simplified example.
[1] Two tests with different outcome:
Using sha1sum on Ubuntu Linux:
$ echo "hello" | sha1sum | cut -d" " -f1 | wc -c
41
using Ruby's Digest:
Digest::SHA1.hexdigest("hello").length
=> 40
Edit: turns out this is me, being stupid, wc-c includes the newline, as kennytm points out in the comments. Still: is it safe to assume it will be 40 characters, always?
SHA-1 has a 160 bits digest
160 bits rendered is 160 / 8 = 20 bytes.
20 bytes rendered in hexadecimal format has a length of 40 chars (digits), two chars for each byte.
Digits can be [0-9a-f]
So the following regex should correctly validate the Sha1sum rendered as a string in hexadecimal format:
/^[0-9a-f]{40}$/
I have plenty of log files that all share the same pattern, DATE TIME USER TEXT, as follows:
2015-09-19 21:19:13 Daniel you should use gpt
In the above example, "Daniel" is just a random username, and whatever comes after is text that "Daniel" wrote: "you should use gpt".
What I am after is a way of being able to ignore everything to the left of the username ("Daniel"), including Daniel, I will never want to match a username, and then start matching what I need using regex. I only need to match within the actual TEXT the USER wrote.
These log files contains IRC-Chat logs from several different IRC servers / tens if not hundreds of different rooms, that were logged over the years.
All of these log files are under the same folder, without any sub-folders, so applying the grep to * will do.
I need to be able to grep-match a specific username (every run It will be a different username and I Will edit the grep accordingly of course), where that Username was mentioned (Highlighted) in the chat (Lines), but not when the actual user was the one writing the line, only when mentioned by others.
The following should match because a USER (Jacob) other than Daniel mentioned him (Remember, Jacob here is just a USER):
2015-09-19 21:19:13 Jacob you should read a book Daniel
The following should not match because it was USER who mentioned USER:
2015-09-19 21:19:13 Daniel my name is also Daniel
The following should not match because relevant USER is not within the TEXT:
2015-09-19 21:19:13 Daniel you should use gpt
The pattern remains intact always, only thing that can change is the values of the date & time, length of the USER and obviously the TEXT.
The delimiters are spaces only as in the example, that's an actual copy&paste.
Try this with GNU grep:
grep -Po '^([^ \t]+[ \t]+){3}\K.*' file
Output:
you should use gpt
I'm using Raspbian Wheezy, but this is not a Raspberry Pi specific question.
I am developing a C application, which allows the user to change their WiFi Password.
I did not find a ready script/command for this, so I'm trying to use sed.
I pass the SSID name and new key to a bash script, and the key is replaced for the that ssid block within *etc/wpa_supplicant/wpa_supplicant.conf.*.
My application runs as root.
A sample block is shown below.
network={
ssid="MY_SSID"
scan_ssid=1
psk="my_ssid_psk"
}
so far I've tried the following (I've copied the wpa_supplicant.conf to wpa.txt for trying) :
(1) This tries to do the replacement between a range, started when my SSID is detected, and ending when the closing brace, followed by a newline.
SSID="TRIMURTI"
PSK="12345678"
sed -n "1 !H;1 h;$ {x;/ssid=\"${SSID}\"/,/}\n/ s/[[:space:]]*psk=.*\n/\n psk=\"${PSK}\"\n/p;}" wpa.txt
and
(2) This tries to 'remember' the matched pattern, and reproduce it in the output, but with the new key.
SSID="TRIMURTI"
PSK="12345678"
sed -n "1 !H; 1 h;$ {x;s/\(ssid=\"${SSID}\".*psk=\).*\n/\1\"${PSK}\"/p;}" wpa.txt
I have used hold & pattern buffers as the pattern can span multiple lines.
Above, the first example seems to ignore the range & replaces the 1st instance, and then truncates the rest of the file.
The second example replaces the last found psk value & truncates the file thereafter.
So I need help in correcting the above code, or trying a different solution.
If we can assume the fields will always be in a strict order where the ssid= goes before psk=, all you really need is
sed "/^[[:space:]]*ssid=\"$SSID\"[[:space:]]*$/,/}/s/^\([[:space:]]*psk=\"\)[^\"]*/\1$PSK/" wpa.txt
This is fairly brittle, though. If the input is malformed, or if the ssid goes after the psk in your block, it will break. The proper solution (which however is severe overkill in this case) is to have a proper parser for the input format; while that is in theory possible in sed, it would be much simpler if you were to swtich a higher-level language like Python or Perl, or even Awk.
The most useful case is update a password or other value in configuration is to utilize wpa_cli. E.g.:
wpa_cli -i "wlan0" set_network "0" psk "\"Some5Strong1Pass"\"
wpa_cli -i "wlan0" save_config
The save_config method is required to update cfg file: /etc/wpa_supplicant/wpa_supplicant.conf
I am going to use email as a username across the website, however I still need to pre-fill the mandatory username field in User model somehow.
Initially I was thinking of using a md5 hash of the email as username, but given the limitation of 30 characters it is not possible. Also I don't think I can use GUIDs for that as they are also longer than 30 chars when converted to string hex.
Any suggestions greatly appreciated!
I wouldn't stress too much about GUIDs being longer than 30 characters. A reasonable approach is probably to hash the GUID using something like MD5, and then trim off the last 2 characters. Your chances of a collision are effectively nil. (1630 is an awfully large number).
These links string length of a GUID, and Characters in a GUID show that a guid is really only 16 characters long. Its the ASCII equivalent that is longer. So, as long as you convert back and forth before display (or if you aren't going to display them at all), a GUID fits in the username field nicely.