pwtool 0.4.0

pwtool, user account password tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

# pwtool

Generate passwords from random characters or words and optionally show their cryptographic hash.

The default generated password set is copy/paste friendly without extended characters that would break the default copy selection you get when double-clicking a word. They also are don't break quotation strings (quote marks, double quotes or backticks).

# installing

```
git clone https://gitlab.com/edneville/pwtool.git
cd pwtool
cargo build --release
```

please or sudo

```
please install -m0755 -o0 -g0 target/release/pwtool /usr/local/bin/
```

snap

```
please snap install pwtool
```

# modifiers

`lowercase`, `uppercase`, `numeric` and `extended` will set requirements on the passwords.

# word lists

If you want a password generated from words rather than a mixture of letters and numbers, use the `words` option, which by default uses the file `/usr/share/dict/words`. Use `wordsfile` to specify a different list.

# cryptographic hash

The `--md5`, `--bcrypt`, `--des`, `--sha1`, `--sha256` and `--sha512` options will print the cryptographic hash which can be used instead of storing the password in some systems.

The hash output can be used with `useradd`/`usermod` or `.htaccess`:

```
LINE=`pwtool --number 1 --sha256`
PW="${LINE% *}"
HASH="${LINE##* }"
USR=newuser
useradd -m -p "$HASH" -s /bin/bash $USR
echo "Password for $USR  is $PW"
```

Or issue a new password to an existing user with `usermod`:

```
LINE=`pwtool --number 1 --sha256`
PW=`echo "$LINE" | sed -e 's/ .*//g'`
HASH=`echo "$LINE" | sed -e 's/.* //g'`
USR=newuser
usermod -p "$HASH" $USR
echo "Password for $USR is now $PW"
```

# format strings

With `--format` the variables can be used to output a custom string.

The variables (below) can be used within a `--format` string to output in a convenient way:

    pwtool --username thingy --format "useradd -m -s /bin/bash -p '%{sha256}' %{username} # %{password}\n"

This then outputs like this:

    useradd -m -s /bin/bash -p '$5$YLtTnPhYiQ891nAz$SHzSCc5vMIARxd4PYtxIOZ7mGICNsLGEGimMyFpRjE7' thingy # 8OtQUoUjV9

You can then copy/paste that around different systems where people need the same account.

Another common way is to use it for mysql setup at the same time:

    pwtool --username thingy --database thing --format "grant all privileges on %{database}.* to %{username}@'%' identified with mysql_native_password as '%{mysql}';\n";

| variable | output |
|----------|--------|
| %{des}   | traditional crypt |
| %{bcrypt} | BSD standard hash |
| %{md5}   | MD5 hash |
| %{sha1}   | HMAC SHA1 |
| %{sha256}   | SHA256 |
| %{sha512}   | SHA512 |
| %{mysql}   | password in mysql_native format |
| %{password}   | cleartext password|
| %{username}   | placeholder for --username |
| %{database}   | placeholder for --database |
| %{postgres}   | postgres SCRAM-SHA-256 password |