Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MQHASH(1)		       MaraDNS reference		     MQHASH(1)

NAME
       mqhash -	Simple secure password generator

SYNOPSIS
       mqhash [-n #] [-s] [-u] {data to	hash}

DESCRIPTION
       mqhash is a simple secure password generator.

       The program uses	MaraDNS' secure	random number generator	as the
       compression function for	a secure hash; the output of this secure hash
       can be used as passwords	for various locations on the internet.

       This program solves the problem of either using the same	password on
       multiple	web sites, or having so	many passwords that it is not
       practical to remember them all.

USAGE
       The first step in using mqhash as a secure password generator is	to set
       up a master secret from which all other passwords are generated.	 It is
       important to keep this master secret secure; such as on a Linux or BSD
       machine that is always behind a firewall	and is current with security
       updates.

       This secure secret is put in the	file ~/.mhash_prefix. It is important
       that this secret	is hard	to guess; the security of all generated
       passwords is only as secure as the master secret.

       Once the	~/.mhash_prefix	file is	set up,	mqhash is run thusly:

       mqhash -s {location}

       Where {location}	is a web site, email address, or any other text	string
       that describes where a given password is	located. It is recommended
       that one	uses a consistent style	for {location} so that one can
       remember	passwords for web sites	that one has not visited for a while.
       Mqhash does not impose a	style for remembering passwords; it is up to
       the user	to create one.

       mqhash will output four potential passwords that	have 32	bits of
       entropy.	If more	entropy	is desired in a	password, two 32-bit passwords
       can be joined together to generate a 64-bit password. A 32-bit password
       will protect against casual attacks but can be broken by	a determined
       attacker	with extensive resources attacking a website that does not
       lock out	a user after too many failed attempts. A 64-bit	password is
       immune to even a	very determined	attacker.

    OPTIONS

       -n  It is wise to periodically change ones password on sites that one
	   uses	frequently. This allows	one to continue	to have	passwords
	   after the four initial passwords have already been used; this can
	   have	a value	between	2 and 9.

       -s  The normal mode for mqhash: To create a secure password based on
	   both	the contents of	~/.mhash_prefix	and the	final argument to
	   mqhash.

       -u  This	will generate a	cryptographic hash out of the final argument
	   sent	to mqhash. This	is useful when one does	not need a secure
	   password, but just wants to hash a short string.

LEGAL DISCLAIMER
       THIS SOFTWARE IS	PROVIDED BY THE	AUTHORS	''AS IS'' AND ANY EXPRESS OR
       IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
       DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
       ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR	CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
       OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
       HOWEVER CAUSED AND ON ANY THEORY	OF LIABILITY, WHETHER IN CONTRACT,
       STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
       IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN	IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.

AUTHORS
       Sam Trenholme (http://www.samiam.org) is	responsible for	this man page.

MQHASH				  August 2006			     MQHASH(1)

NAME | SYNOPSIS | DESCRIPTION | USAGE | LEGAL DISCLAIMER | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mqhash&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help