[cryptography] pypass, a HMAC-based passphrase generator

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Wed Sep 29 19:31:57 EDT 2010

Basic idea:

master_secret = hash(master_pass)
passphrase = HMAC(master_secret, hint)

Details in the source.

Not as secure as a password safe, but doesn't require any replication
or backups - just remember your master pass and be able to get this

Generation count is there for sites that make you change it.

Output is in base64, currently.

$ ./pypass.py -h
Usage: ./pypass.py [-g generation] [-c chars] [master_pass] domain_name
-g generation is numeric, defaults to zero
-c chars is how many chars to output, zero is all
only specify master pass on command line if single user machine

$ ./pypass.py foo foo

$ ./pypass.py my_master_pass foo

$ ./pypass.py -c 5 my_master_pass foo

$ ./pypass.py 
Master Passphrase: 
Domain name or hint:

Script attached.


Should I use PBKDF2 instead of hashing master pass?

Sample module here:


Mildly annoying to require an additional python module though.
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100929/efa80036/attachment.asc>

More information about the cryptography mailing list