1
.\" Do *not* edit this file; it was automatically generated by ej2man
2
.\" Look for a name.ej file with the same name as this filename
4
.\" Process this file with the following
5
.\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
7
.\" Last updated Mon Aug 14 15:02:17 2006
9
.TH MQHASH 1 "August 2006" MQHASH "MaraDNS reference"
10
.\" We don't want hyphenation (it's too ugly)
11
.\" We also disable justification when using nroff
12
.\" Due to the way the -mandoc macro works, this needs to be placed
13
.\" after the .TH heading
17
.\" We need the following stuff so that we can have single quotes
18
.\" In both groff and other UNIX *roff processors
19
.if \n(.g .mso www.tmac
21
.if !\n(.g .if '\(aq'' .ds aq \'
25
mqhash - Simple secure password generator
28
.B "mqhash [-n #] [-s] [-u] {data to hash}"
32
is a simple secure password generator.
34
The program uses MaraDNS\(aq secure random number generator as the
35
compression function for a secure hash; the output of this secure
36
hash can be used as passwords for various locations on the internet.
38
This program solves the problem of either using the same password on
39
multiple web sites, or having so many passwords that it is not
44
The first step in using
46
as a secure password generator is
47
to set up a master secret from which all other passwords are generated.
48
It is important to keep this master secret secure; such as on a Linux
49
or BSD machine that is always behind a firewall and is current with
52
This secure secret is put in the file ~/.mhash_prefix. It is
53
important that this secret is hard to guess; the security of all
55
passwords is only as secure as the master secret.
57
Once the ~/.mhash_prefix file is set up, mqhash is run thusly:
63
Where {location} is a web site, email address, or any other text string
64
that describes where a given password is located. It is recommended
66
one uses a consistent style for {location} so that one can remember
67
passwords for web sites that one has not visited for a while.
68
Mqhash does not impose a style for remembering passwords; it is up
69
to the user to create one.
72
will output four potential passwords that have 32
73
bits of entropy. If more entropy is desired in a password, two
74
32-bit passwords can be joined together to generate a 64-bit
75
password. A 32-bit password will protect against casual attacks
76
but can be broken by a determined attacker with extensive resources
77
attacking a website that does not lock out a user after too many failed
78
attempts. A 64-bit password is immune to even a very determined
86
It is wise to periodically change ones password on sites that one
87
uses frequently. This allows one to continue to have passwords after
88
the four initial passwords have already been used; this can have a
93
The normal mode for mqhash: To create a secure password based on
94
both the contents of ~/.mhash_prefix and the final argument
98
This will generate a cryptographic hash out of the final argument
99
sent to mqhash. This is useful when one does not need a secure
100
password, but just wants to hash a short string.
102
.SH "LEGAL DISCLAIMER"
104
THIS SOFTWARE IS PROVIDED BY THE AUTHORS \(aq\(aqAS IS\(aq\(aq AND ANY
106
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
107
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
108
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
109
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
110
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
111
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
112
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
113
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
114
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
115
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
118
Sam Trenholme (http://www.samiam.org) is
119
responsible for this man page.