NAME
mqhash - Simple secure password generator
SYNOPSIS
mqhash [-n #] [-s] [-u] {data to hash}
DESCRIPTION
mqhash is a simple secure password generator.
The program uses MaraDNS' secure random number generator as the
compression function for a secure hash; the output of this secure hash
can be used as passwords for various locations on the internet.
This program solves the problem of either using the same password on
multiple web sites, or having so many passwords that it is not
practical to remember them all.
USAGE
The first step in using mqhash as a secure password generator is to set
up a master secret from which all other passwords are generated. It is
important to keep this master secret secure; such as on a Linux or BSD
machine that is always behind a firewall and is current with security
updates.
This secure secret is put in the file ~/.mhash_prefix. It is important
that this secret is hard to guess; the security of all generated
passwords is only as secure as the master secret.
Once the ~/.mhash_prefix file is set up, mqhash is run thusly:
mqhash -s {location}
Where {location} is a web site, email address, or any other text string
that describes where a given password is located. It is recommended
that one uses a consistent style for {location} so that one can
remember passwords for web sites that one has not visited for a while.
Mqhash does not impose a style for remembering passwords; it is up to
the user to create one.
mqhash will output four potential passwords that have 32 bits of
entropy. If more entropy is desired in a password, two 32-bit passwords
can be joined together to generate a 64-bit password. A 32-bit password
will protect against casual attacks but can be broken by a determined
attacker with extensive resources attacking a website that does not
lock out a user after too many failed attempts. A 64-bit password is
immune to even a very determined attacker.
OPTIONS
-n It is wise to periodically change ones password on sites that one
uses frequently. This allows one to continue to have passwords
after the four initial passwords have already been used; this can
have a value between 2 and 9.
-s The normal mode for mqhash: To create a secure password based on
both the contents of ~/.mhash_prefix and the final argument to
mqhash.
-u This will generate a cryptographic hash out of the final argument
sent to mqhash. This is useful when one does not need a secure
password, but just wants to hash a short string.
LEGAL DISCLAIMER
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
AUTHORS
Sam Trenholme (http://www.samiam.org) is responsible for this man page.