Author Topic: Unix Shell Scripts  (Read 24456 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Unix Shell Scripts
« on: September 28, 2005, 08:19:05 PM »
Pete S. submitted this unix shell script via email:

Code: [Select]
# A hasty, in-a-pinch commandline script for PasswordMaker's Firefox extension
# PasswordMaker's autofill is much nicer ... http://www.passwordmaker.org

# This script requires three input arguments:
# Usage: md5pwd password domain.com number_of_characters
# Before running, use chmod to make this file executable: "chmod a+x md5pwd"

# Uses "post-0.6" MD5.
# Example: md5pwd 0123456789abcdefghijklmnop sunrocket.com 8
# Result:  0044813a  (note leading zeros)

# Use "man -k MD5" to see what MD5 routines are preinstalled on your box...
# If you have "md5sum" ...
# echo -n $1$2 | md5sum | head -c $3 | more
# If you have "openssl" ...
# echo -n $1$2 | openssl dgst -md5 | head -c $3 | more

# You could hardwire number of characters to 8 if you prefer
# echo -n $1$2 | md5sum | head -c 8 | more

echo -n $1$2 | md5sum | head -c $3 | more

It doesn't offer as many options as the real PasswordMaker, but is nice until the true command-line version is released. Note that openssl supports all 10 hash algorithms used by PasswordMaker whereas md5sum only support md5, AFAIK.

If anyone spices this up some more, please share it with all of us.

Regards,
Eric

LkonKbd

  • Guest
Unix Shell Scripts
« Reply #1 on: October 17, 2005, 11:19:34 AM »
Much thanks for the reply.

CU L8R, ByeCycle,

Pedro Gimeno

  • Guest
Unix Shell Scripts
« Reply #2 on: November 11, 2005, 08:58:00 PM »
Quote
If anyone spices this up some more, please share it with all of us.

Here's my contribution. Should work on POSIX systems and maybe under Cygwin/MSYS. Don't be scared by the size of the script; most of it are comments and breakups of lines to fit within 80 characters.

Code: [Select]
#!/bin/sh
#
# passwmaker - version 1.0
# A sh script for PasswordMaker-compatible hash generation.
# Author: Pedro Gimeno <http://www.formauri.es/personal/pgimeno/>
# License: Public domain. NO WARRANTIES OF ANY KIND.
#
# Usage:  passwmaker <data> <charset> <alg> <length> [<pfx> [<sfx>]]
# where:
#   data is the concatenation of MPW + URL + user + counter.
#   charset is a string of characters allowed in the key.
#   alg is the hash algorithm to use (see Limitations below).
#   length is the password length.
#   pfx is the prefix (optional). May be "".
#   sfx is the suffix (optional). May be "" but makes more sense to
#   omit it in that case.
# Example:
# $ passwmaker PWdomain.orguser1 aBcDeFg0123456789 md5 30 x y
# should output the same password as
# <https://passwordmaker.org/passwordmaker.html> with the following
# settings:
#    Master password = PW
#    Use l33t = not at all
#    Hash algorithm = MD5
#    Domain = domain.org
#    Length of generated password = 30
#    User = user
#    Counter = 1
#    Characters = aBcDeFg0123456789
#    Prefix = x
#    Suffix = y
# namely:
#    xB27gBB7527g8D6e8730B75c71F1Dy
#
# Limitations:
# - Does not suport l33t modes nor HMAC. Maybe l33t modes can be
#   implemented using tr; I just haven't tried.
# - Hash support depends upon installed utilities. My version of
#   OpenSSL does not currently support SHA256, but shash might work:
#   <http://mcrypt.hellug.gr/shash/>
# - Max charset size is 113 characters.
# - UTF-8 support depends on the involved utilities.
# - The escaping of special characters in the shell's command line
#   is, naturally, up to the user.
# - The concatenation of MPW+URL+user+counter is up to the user.
# - While the author has made an effort to make it as POSIX-compliant
#   as possible, it has not been tried on other than his Debian Linux
#   box.
# - Error checking is scarce. Be careful with improper arguments.
# - Because of being a shell script, the master password is not asked
#   in a secure way. It may remain in your shell's history.

data="$1"
charset="$2"
method="$3"
length="$4"
prefix="$5"
suffix="$6"

# Abort if charset is not at least 2 chars long.
# Note: ${#var} is the length of the value of var (POSIX sh).
test "${#charset}" -gt 1 || exit 1

# If $suffix is greater than or equal to $length, truncate it to
# $length and output it, since the password is just the suffix
# in that case.
test "${#suffix}" -lt $length || {
  echo "$suffix" | cut -c 1-$length
  exit 0
}

# Calculate the hash.
hash=$(echo -n "$data" | openssl dgst -$method)

# If openssl is not available, use this instead
# (works for md5 only if you have md5sum and for sha1 if you have
# sha1sum):
#hash=$(echo -n "$data" | ${method}sum)

# Extract the hash itself converting it to uppercase.
hash=$(echo "$hash" | cut -d " " -f 1 | tr abcdef ABCDEF)

# Use a bc mini-script to calculate the successive remainders.
# Use hexadecimal input to enter the hash, then switch again
# to decimal to accept the lengths. Output in octal for \nnn to
# work. The output is in little endian order and needs to be
# reversed.
result="obase=8; ibase=16; n=$hash; ibase=A; m=16^${#hash};"
result="$result while (n != 0)"
# Print "\nnn" and a newline (POSIX bc can't avoid the newline).
# We offset nnn by 14 (0Eh, 016o) so that \n and \r are skipped.
result="$result {\"\\\"; n % ${#charset} + 14; n /= ${#charset};}"
# Run the script in bc.
result=$(echo "$result" | bc)

# Translate the output to the charset; input range: 14-126.
result=$(printf "$result" | tr "\016-~" "$charset")

result=$(echo "$result" | nl | sort -n -r | cut -f 2 | tr -d "\r\n")
# 'rev' makes life much easier but may be unavailable:
#result=$(echo "$result" | tr -d "\r\n" | rev)

# Finally, process prefix/suffix.
result=$(echo "$prefix$result" | cut -c 1-$(($length-${#suffix})))
echo "$result$suffix"


HTH. Enhancements are welcome.

-- Pedro Gimeno

Guest

  • Guest
Unix Shell Scripts
« Reply #3 on: November 11, 2005, 09:04:23 PM »
Sorry, the part that reads 'm=16^${#hash};' is a leftover from a previous version. Please delete that, it's not meaningful any longer (the script will work with it though).

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Unix Shell Scripts
« Reply #4 on: November 11, 2005, 09:12:36 PM »
Wow, Pedro, excellent work! I will post this on passwordmaker.org in the installation area for public download. Please join us on irc://serenity-irc.net #passwordmaker someday so we can discuss further.

Thank you,
Eric Jung

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Unix Shell Scripts
« Reply #5 on: November 13, 2005, 05:06:17 AM »
This is great! Many thanks Pedro! I actually think I'll be able to make excellent use of this on my new server to create some semblance of SSO for my crew... I'll post the results if/when that happens...
« Last Edit: November 13, 2005, 06:16:21 AM by Eric H. Jung »

Pedro Gimeno

  • Guest
Unix Shell Scripts
« Reply #6 on: November 13, 2005, 09:19:24 PM »
Thank you :) I'm glad it's useful to someone, it makes one feel that it's been worth the effort. It's tough to do string processing in a language that does not support it except through external utilities.

I'm planning on adding complete error checking since I've realized it's just the length parameter and the length of the character set which need checking, plus the total number of parameters. Not much overhead involved.

Of course writing this script wouldn't have been possible without looking at Pete S.' one in the first place, so big thanks to him too for the inspiration and ideas!

BTW, while checking the Xen demo CD I was able to try the script also under Netbsd using both ksh and sh. Everything worked fine. This flavour happens to have OpenSSL but md5sum/sha1sum are called simply md5 and sha1; furthermore it has md4 and rmd160 as separate command-line programs.

I'll try to visit the IRC chan.

Cheers,

-- Pedro Gimeno

PS. Of course that comment about deleting 'm=16^{#hash};' would be me forgetting to write my name, sorry...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Unix Shell Scripts
« Reply #7 on: November 15, 2005, 06:11:57 PM »
Quote
BTW, while checking the Xen demo CD I was able to try the script also under Netbsd using both ksh and sh. Everything worked fine. This flavour happens to have OpenSSL but md5sum/sha1sum are called simply md5 and sha1; furthermore it has md4 and rmd160 as separate command-line programs.
Have you seen that VMWare Player is now free? There are images for Ubuntu, Suse, Fedora, and others.

Would you be willing to tweak the command-line version to conditionally work in Netbsd or these other environments?
« Last Edit: November 15, 2005, 06:13:07 PM by Eric H. Jung »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Unix Shell Scripts
« Reply #8 on: January 10, 2006, 08:55:49 PM »
There is now a full-blown command-line edition available here.

PasswordMaker Forums

Unix Shell Scripts
« Reply #8 on: January 10, 2006, 08:55:49 PM »