This system is a great idea! Thank you!
I see there's already been some discussion about including or excluding certain characters. But I think expanding the character set beyond just the hex characters is generally a good idea. Right now, the password character set will be either 0-9a-f or 0-9A-F. For an 8 character unix password, that's only a search space of 16^8 = 2^32. If you use all the alpha, numeric and punctuation ASCII characters, you get 94^8, which is over a million times more. The character set would be:
!"#$%&'()*+,-./0123456789:;<=>
[email protected]ABCDEFGHIJKLMNOPQRSTUVWXYZ
[\]^_`
abcdefghijklmnopqrstuvwxyz
{|}~
One idea would be to fill a 256 byte table with these values, repeating as needed and scramble it. Then use the bytes of the hash to index the table to get the password.
Do you think this would be a worthwhile enhancement?
Dave