#cryptography #password #generator #deterministic #offline

app pword

pword is a secure password generator that lets you create unique passwords for websites based on an easy to remember master phrase

4 releases

✓ Uses Rust 2018 edition

0.1.3 Jan 13, 2020
0.1.2 Jan 13, 2020
0.1.1 Jan 13, 2020
0.1.0 Jan 12, 2020

#30 in #password


98 lines


A one way, sync free, deterministic password generator. 100% in Rust diceware and aragon2 (Winner of the 2015 Password Hashing Competition) to create a cryptographically secure password.

You should be able to install this program on any computer and access any of your passwords completely offline and without sync.

What the 🧠 human has to remember

  1. Passphrase "Endnote kindness clover"
  2. Name of website password is for "github.com"

If you enter the above text into pword, it will always show you the same password of raW5kbmVzcyBjbG92ZXI which I suggest you do not actually use - this is for demonstration purposes only.


Quick install

cargo install pword

Clone and build install

git clone https://github.com/drbh/pword.git
cd pword
cargo install 

How it works

Based on the diceware algorithm we generate a master passphrase for the user to remember. This passphrase is seeded by a secure random number generator more info from developers. Next, we use this passphrase as a salt in the aragon2 password generating function.

Based on the users' input for the website - we suggest the hostname including the domain but not the protocol or trailing path. eg - github.com not including https - and the master passphrase we have a sufficiently random, but easy to remember input to our hash function. We pass the input and salt to Aragon2 a memory-hard password function. The output is a long well-hashed string, which we subset 20 characters from the middle.

The output is a unique 20 digit password that can be regenerated by using the phrase and password host. While this aims to be extremely easy for a human to remember the process of generating a password is computationally expensive (requires passphrase generation, and memory-hard hash function).

While you could create a more secure password (one that's 100+ digits long) it would be extremely hard to remember, but this provides you an easy way to create and access many very secure (probably more secure than your current password) from a cross-platform tool.


Master Passphrase

pword new

# Endnote kindness clover

Generate New Password

pword generate

# Type a password: 
# 👍 thanks.
# Type a label for your password
# github.com
# Your password:
# raW5kbmVzcyBjbG92ZXI


~57K SLoC