I want a secure password with base91.
Hello, I'm incompetent.
Lately, I've been feeling very uneasy about Chromium/Chrome's automatic password generation feature, so I want to create something that is somewhat simple and somewhat reversible.
By the way, in the case of Artix Linux, the base91 command was not installed by default, so it's assumed that you've run yay -S base91.
Starting with the conclusion
In the end, I decided to generate it this way.
echo -n "string" | sha384sum | awk '{print $1}' | xxd -r -p | base91 | tr -d "\n" && echo
※I thought about it later, but perhaps awk '{printf $1}' is better.
My rambling thoughts
To be honest, I've been using strings generated with sha*sum quite a bit, and I'm satisfied with the character count. Since the hash value itself is irreversible, if it gets exposed, it's not a big deal.
However, the hashing itself is just a hexadecimal string, so if a serious brute-force attack comes, the string pattern would be [a-z0-9] in terms of regular expressions.
Moreover, these days we're told to use uppercase letters and symbols, and I must say, mine is terrible.
So this time, I want to somehow increase the number of patterns for this string.
How does this work?
First, let's break it down.
echo -n "string"
Outputs the string to standard output without a newline, then pipes it to the next command.
sha384sum
Hashes the received string with SHA384.
awk '{print $1}'
The received string has an unnecessary trailing string -, so it's formatted with awk.
xxd -r -p
I also learned this for the first time when I looked it up: it outputs a hexadecimal string in binary format.
Therefore,
it outputs the received string in binary format.
base91
Encodes the received binary data with base91 and outputs it.
tr -d "\n" && echo
As is, base91 automatically formats with newlines, so newline characters are removed. If successful, it's hard to copy and paste without a newline, so an empty line is output at the end.
And it looks like this.
alleycat:[haturatu]:~/git/ckr/ckr$ echo -n "a" | sha384sum | awk '{print $1}' | xxd -r -p | base91 |tr -d "\n" && echo
"OS[fY@wwBqip+$db@5+g!yvk$jE3,M3F({qu]1(_dS2Or()Q:ZqyhOb&9Y
Since I just came up with this, it's unclear how many forms will actually accept it.
The string length is, for now,
$ echo -n "a" | sha384sum | awk '{print $1}' | xxd -r -p | base91 |tr -d "\n" | wc -c
59
Even with a short string, 59 characters are generated.
Advantages
First of all, when generated with xxd -r -p, it can be stored as binary data.
So, even if you forget the original string, you can at least recover it if you have the binary data.
In terms of steps:
sha384sum = irreversible
xxd -r -p = reversible
base91 = reversible
It's a process like this.
Or rather, it's longer than the original passphrase, and I thought, 'Wouldn't it be better to make the original passphrase irreversible at an early stage?' That's how I ended up with this.
Furthermore, if generated this way, it seems that the binary data cannot be read by commands like saslauthdb or the strings command used for binary debugging.
It's safer to some extent than holding plaintext data.
The probability of collision when hashing with shasum is quite low.
Since that is further converted into binary data and then encoded into Base91 format, it seems better than passwords I would create with my limited brainpower.
Adding a function to .bashrc
Honestly, typing this every time is nothing short of hell, so
function_name() {
echo -n "$1" | sha384sum | awk '{print $1}' | xxd -r -p | base91 |tr -d "\n" && echo
}
I made it so that you can generate a password with function_name string.
If even this can be broken, then it feels like it's time to quit being a human of Yura Yura Teikoku, or rather, quit encryption...
And if you want to increase the string length of the password itself handled on the server side, you can use sha512; if you want to reduce the string length recognizable on bash, you can use base64.
You can easily change it, modify the function accordingly, and just put it in your .bashrc, right?