=============================================================================== passtab - a light-weight system for managing passwords =============================================================================== "We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet." [1] -- Bruce Schneier passtab is a tool to help store passwords in your wallet. ABOUT passtab is a light-weight system for managing passwords using a Tabula Recta [3]. passtab builds on the idea of "writing down your passwords" [1,2] and attempts to provide a simple interface for password management. The idea for this project was inspired by a blog post written by John Graham-Cumming [2]. One of the main features of passtab is the ability to generate a special Tabula Recta [3] consisting of random characters (generated using a cryptographically secure random number generator). One can then create passwords by selecting a row and column from the Tabula Recta. Here's a simple example, suppose we have the following Tabula Recta: | A B C D E F G H I J K L M N --|---------------------------- A | _ u } I ` } R ) a < L : a A B | - o ( : p # O % . _ ; ' j L C | w c ( c y 2 h y ~ N O * > w D | o : R m L % V , d H r Y B j E | 9 , < 0 J p a o ) O w 0 w # F | C j i } i z 2 $ O R 5 @ T I G | Q - E m 8 N c / + u W Y V > H | , y } U Y i j i q w q c - 4 I | K j W H e ; I ? E 7 H v 2 + J | g * 7 4 E } a h Y z < " : w K | . _ } I / J k 1 a D ^ ; p K L | ` < A L c z } } I P ? 4 y T M | F D < 8 < 0 R B t 9 X o B 2 N | I r O E m o a + Y W w ; : 7 And suppose we want to get our password for logging into webmail at acme.com. We decide to use the first and last letter of the domain name as the start row/column of the password and we want a password 8 characters in length. So we start at the intersection of 'A' and 'E' and read off 8 characters diagonally resulting in the password: '#h,)RWc Defining a scheme for selecting the starting row/column for a given password is completely up to the user and can be as simple or as complex as one desires. The direction for reading the password is also up to the user to define (left, right, diagonally, etc.). See John Graham-Cumming's excellent blog post [2] for more examples. passtab provides the ability to generate these Password Tabula Recta's in PDF format for printing (and storing in your wallet) along with other advanced features for storing and retrieving passwords. EXAMPLE USAGE - List all options: $ passtab --help - Generate a Tabula Recta using the default header and alphabet $ passtab - Generate a Tabula Recta in PDF format $ passtab -f pdf -o password-recta.pdf - Generate a Tabula Recta using a custom header and default alphabet $ passtab -b A,B,C,D,E,F,G,H,I,J,K,L,M, - Generate a Tabula Recta using a custom header and alphabet $ passtab -b A,B,C,D,E,F,G,H,I,J,K,L,M, -a 'a,b,c,d,e,f,g,1,2,3,4,5,!,@,#,$' PASSWORD MANAGEMENT passtab can optionally store the Tabula Recta in addition to generating the PDF file. This allows one to have both a hard copy and electronic version of the Tabula Recta. passtab stores the Tabula Recta files in JSON format. Here's some example uses for working with the stored Tabula Recta: - Generate a Tabula Recta in PDF and JSON $ passtab --dbsave this generates 2 files: passtab.pdf and ~/.passtab_db - Fetch the password starting at row 'A' and column 'E' $ passtab -g A:E by default passtab creates passwords 13 characters in length moving diagonally (SE) from the start position - Fetch the password 4 characters in length moving left (WEST) starting at A:E $ passtab -g A:E -s 4:W - Fetch the password 4 characters in length moving diagonally (SE) starting at A:E skipping every 3 character $ passtab -g A:E -s 4:SE -x 3 CONFIGURATION FILE passtab will read ~/.passtab when starting up. See the sample file in the docs/ directory (docs/passtab-config.sample) for a more complete example. Here's an example: #============================================================================== # passtab config #============================================================================== sequence=12:SE passtab.path=/home/.passwd.json #============================================================================== # My WebMail #============================================================================== tag.webmail.coords=A:E tag.webmail.login=username tag.webmail.website=https://www.acme.com/ TAGS You can define tags in passtab for quick access to passwords. Using the passtab config file above we can now do: - Fetch the password for the "webmail" tag defined in our ~/.passtab $ passtab -t webmail - Fetch the password for "webmail" and copy to clipboard $ passtab -t webmail --chomp | xclip - Print all meta-data (user, website, etc.) for "webmail" $ passtab -t webmail -v - Export all tags (passwords, usernames, and urls) $ passtab -e -v AUTHOR passtab was written by Andrew E. Bruno <aeb@qnot.org> REFERENCES [1] http://www.schneier.com/blog/archives/2005/06/write_down_your.html [2] http://blog.jgc.org/2010/12/write-your-passwords-down.html [3] http://en.wikipedia.org/wiki/Tabula_recta