-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathkilopass.sh
executable file
·104 lines (85 loc) · 2.65 KB
/
kilopass.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/sh
unset TARGET SALT SHA
## Defaults
GEN=1
NONCE=0
## Constants
KPDIR="$HOME/.kilopass"
KPSALTFILE="$KPDIR/salt"
KPSALTSDIR="$KPDIR/salts"
necho() {
# Mac's /bin/sh echo builtin doesn't have -n, so use external echo.
/bin/echo -n $*
}
generator0() {
# Just a big, ugly sha256sum.
necho "$PASSWORD" | $SHA | cut -d ' ' -f 1 | tr -d '\n'
}
generator1() {
# Upper/lower/number, 18 characters.
# We don't have to worry about newlines from $SHA because xxd only reads the ascii-hex.
# http://en.wikipedia.org/wiki/Base64 -- We strip / and + as they are possible. = should be
# cut by the head -c 18. If the output is shorter than 18 bytes, we have a serious problem.
necho "$PASSWORD" | $SHA | xxd -r -p | base64 | tr -d '+' | tr -d '/' | head -c 18
}
generator2() {
# Upper/lower/number + special, 20 characters.
# Tries to be compatible with services requiring a special character.
# Not really any more secure than generator1.
necho z
necho "$PASSWORD" | $SHA | xxd -r -p | base64 | tr -d '+' | tr -d '/' | head -c 18
necho '!'
}
generator3() {
# Upper/lower/number + special, 12 characters.
# More or less, only secure as 10 characters.
necho a
necho "$PASSWORD" | $SHA | xxd -r -p | base64 | tr -d '+' | tr -d '/' | head -c 10
necho '!'
}
generator4() {
# Upper/lower/number 12 characters.
necho "$PASSWORD" | $SHA | xxd -r -p | base64 | tr -d '+' | tr -d '/' | head -c 12
}
generator5() {
# Upper/lower/number 8 characters.
necho "$PASSWORD" | $SHA | xxd -r -p | base64 | tr -d '+' | tr -d '/' | head -c 8
}
fail() {
echo $0: $* 1>&2
exit 1
}
help() {
echo "Usage: $0 [-s SALT] [-f SALTFILE] [-n NONCE] [-g GEN] [-h HELP] <user@domain>"
echo "Alternatively, create $KPSALTFILE with your salt, preferably chmod 600."
}
helperr() {
help 1>&2
exit 1
}
saltfile() {
# If not a literal path, base it off of $KPSALTSDIR
echo "$KPSALTFILE" | grep -q ^/ || KPSALTFILE="$KPSALTSDIR/$KPSALTFILE"
[ -r "$KPSALTFILE" ] || fail "Create $KPSALTFILE or specific salt with -s"
SALT=$(cat $KPSALTFILE | tr -d '\n')
}
# sha256 is generally on BSD, sha256sum generally on Linux. shasum on Mac.
which sha256 > /dev/null 2>&1 && SHA=sha256
which sha256sum > /dev/null 2>&1 && SHA="sha256sum -b"
which shasum > /dev/null 2>&1 && SHA="shasum -b -a 256"
[ -n "$SHA" ] || fail "Neither sha256 nor sha256sum found, exiting."
while [ $# -ne 0 ]; do
case $1 in
-h) help; exit 0;;
-s) SALT=$2;shift;;
-f) KPSALTFILE=$2;shift;;
-n) NONCE=$2;shift;;
-g) GEN=$2;shift;;
*) TARGET=$1;;
esac
shift
done
[ -n "$TARGET" ] || helperr
[ -n "$SALT" ] || saltfile
PASSWORD="$SALT^$NONCE^$TARGET"
generator${GEN} 2> /dev/null || fail "Try 0-4 as a generator, instead of $GEN."