[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Options for specifying password attributes..
The --cclass
, --length
, --tag
, --shared
and --specials
options are stored in the configuration file.
They are associated with a password ID via a clipped sha check sum
of the id. They will be recalled the next time that id is used.
This is the “a reminder of your login id” option. This option takes a string argument.
This option has some usage constraints. It:
It is sometimes difficult to remember your login name for a given site. Or even, perhaps, if you have ever set up an account on a particular site. By specifying this option, you will know both that you have set it up and you will have a reminder what your login name is. Avoid using your real login name.
Also, there are now some sites that send password credentials to a validation domain that is common among several domains. Since this application forces you to use different passwords for different domains and these domains force you to use the same password for different domains, this option solves the irresistable force and immovable object dilemma. For each of the dependent domains, specify this option that will remind you of the correct password id.
The login-id
has no effect on the final password, so it
may be specified or altered at any time.
This is the “sets password length” option. This option takes a number argument.
This option has some usage constraints. It:
Some web sites are more restrictive. Some are more generous.
Use of this option requires a <pw-id>
operand.
Password lengths of 4 through 7 characters are limited to "pin" numbers. "pin" numbers are 4 or more digits. All other passwords must be at least 8 characters long. The default length is 16. Use at least 24, if you can.
This is the “password character class” option. This option takes a set-member argument.
This option has some usage constraints. It:
alpha upper lower digit special no-special no-alpha no-triplets no-sequence pin alnum two-upper two-lower two-digit two-special |
This option augments or specifies which character classes either must or must not appear in the final password.
Some sites disallow special characters, other sites require them, and
still others require them, but only certain ones. If disallowed,
specify no-special
and special characters will be replaced with
digits. If special
is specified specifically, then in the
absence of a ’+’ or ’/’ character, one character will be replaced with
a hyphen. Other characters may be substituted for these three special
characters with the --specials
option.
Explanations of the keywords:
There must be at least one upper case letter.
There must be at least one lower case letter. Both this and ‘upper’ together require one of each.
There must be at least one alphabetic character, either upper or lower If either ‘upper’ or ‘lower’ is specified, this attribute is a no-op.
Alphabetic characters are prohibited. This conflicts with ‘upper’, ‘lower’ and ‘alpha’.
There must be at least one decimal digit character.
When three characters in a row are the same, the third is fiddled.
Letters are changed to the next letter and z
becomes a
.
Digits are handled similarly. Special characters are replaced with
the third possible special character (-
, unless modified with
--specials
). (Yes, there are a few such sites.)
The password must contain at least one ‘special character’ (a non-alphabetic, non-digit character).
The password must not contain any characters that are not alphabetic or decimal digits.
of three or more characters.
The password is all digits, a Personal Identification Number.
This is an abbreviation for no-alpha + no-special + digit
.
This is an abbreviation for alpha + digit
.
Two of a particular character class are required. Specifying this implies "at least one of" the specified type. Two upper case, lower case, punctuation (special) and digit characters may be specified this way. “two-alpha” is not supported.
This is the “rehash password with pkcs#5 pbkdf2” option. This option takes a number argument.
This option has some usage constraints. It:
By default, passwords are created with the SHA256 hash of the "seed string", the password id and the tag text associated with the seed. If not disabled, the pbkdf2 funcion (with SHA1 as the HMAC function) is used to rehash the result a number of times. By default, this is done 10007 times. This can be over-ridden by specifying a different count. Changing the count will change the password and will mark the entry with the date of the most recent password change.
Please see RFC 2898 for a specification of the PBKDF2 (Password-Based Key Derivation Function version 2) function.
This is the “rehash password with pkcs#5 pbkdf2” option. This option takes a number argument.
This option has some usage constraints. It:
This is the deprecated spelling for the -r/–rehash option. This will be marked as not-for-command-line-use with the next release.
This is the “set alternate special characters” option. This option takes a string argument.
This option has some usage constraints. It:
The password is a base64 encoding of a sha256 hash of various inputs.
Base64 encoding uses ’+’ and ’/’ characters and when this program is
required to have at least one special character in the result, it will
replace one character with a hyphen (-
).
However, some web sites require special characters and constrain them
to be in a particular set that does not include these three: ‘/+-’.
Therefore, specify this option with exactly three characters in the
string argument. They will be used to replace the three characters
above. The first two may be the same, but the third must be
different from the first two. This option is accepted, but serves
no purpose if no-special
has been specified in the
--cclass
option.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated by Bruce Korb on June 30, 2018 using texi2html 1.82.