Generate Dynamical Passwords in a Linux terminal

The weakness of password management systems is a need to save passwords in a warehouse, which may be hacked. It would be hard to hack them if they were not kept in a warehouse.

In this case, the weakness of modern password management systems will be removed. Therefore, we have the following problem: How to use and manage passwords without saving them in electronic or paper form?

Generate Dynamical Passwords

Dynamical passwords are parametric, dynamic, recoverable, generated on demand, and pseudo-random passwords not stored in electronic or paper form.

For the reason that dynamical passwords are generated on demand, there is no need to save them in a warehouse. Therefore, the use of dynamic passwords is a solution to the problem.

Another essential property of dynamical passwords is the easiness of recovery from some memorable parameters. The most common parameters are key and date (year, month, day). If, for example, you choose the name and birth date of one of your relatives, friends, or some famous persons, you will be able to recover the password with these parameters quickly.

In this article, you will learn to generate ten dynamical passwords using public dynamical password generators (DPGs).

Our approach consists of the following two steps:

  • Define input parameters for the DPG.
  • Get dynamical passwords via cURL’s POST requests to a public dynamical passwords generator (DPG);

Requirements

Dialog and cURL are required to be installed on your Linux computer.

A simple bash script

This section describes a simple bash script, which performs the two steps required.

Step 1. Define parameters.

key='trendoceans' #Secret Key
day=5
month=5 
year=2025

Step 2. Send a POST request with cURL to a public DPG.

url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url

As a result, we get ten passwords with a length of 15 symbols each.

Output
Output

Create a file and store the above commands and save it with the name “db_script.sh”. In the future, whenever you want to regenerate again, execute the same script.

Generate Dynamical Passwords
Generate Dynamical Passwords

Make sure to give executable permission to your script before executing using the below command.

$ chmod +x db_script.sh

Adding a simple user’s interface

We can create a simple user interface for generating passwords using echo and read commands.

echo "Enter a key"
read key
echo "Enter a day"
read day
echo "Enter a month"
read month
echo "Enter an year"
read year
url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url 

Type the above command in your editor and save it with “db_si.sh”. Then type the below command to provide executable permission for your script.

$ chmod +x db_si.sh
Simple user's interface
Simple user’s interface

Adding the dialog’s interface

Using the dialog utility, we can create a better user interface. Users can graphically interact and generate passwords using the below code.

clear
key=$(dialog --title "Input" --inputbox "Enter a key" 8 60 2 3>&1 1>&2 2>&3 3>&-)
clear
x=$(dialog --title "Calendar" --calendar "Choose a date" 0 0 3>&1 1>&2 2>&3 3>&-)
d=$(echo $x |awk '{split($0,x,"/");print x[1]}')
m=$(echo $x |awk '{split($0,x,"/");print x[2]}')
y=$(echo $x |awk '{split($0,x,"/");print x[3]}')
clear
echo "d="$d " m="$m " y="$y " key="$key
url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url

Type the above command in your editor and save it with “db_dialog.sh”. Then type the below command to provide executable permission for your script.

$ chmod +x db_dialog.sh

Final Thought

Nothing is secure in the world of technology; even this method cannot secure you from attack. Make sure not to hand your key and date to someone else.

This Post Has 7 Comments

  1. Pete

    LastPass watch out!

  2. John

    Do I understand correctly that each trip to the dynpass server will generate the same passwords given the same inputs? If so, is there much additional value in providing a date to the call in addition to the key (passphrase)? If the same password list is generated, then there is recoverability. Because the returned passwords are pseudo-random, however, they are still difficult to use.

    1. Jake Redfield

      Yes, your understanding is correct. For the same parameters, the same pseudo-random passwords will be generated.
      For each key, there is an infinite number of passwords (each one for each day). The complexity of passwords is the same as of random passwords with the same number of symbols.

  3. Igor

    LastPass stores encrypted passwords online. It is better than storing them offline and synchronizing over different devices, but for the reason that passwords are stored in in a safe vault that can be hacked, it is less secure than dynamical passwords.

  4. Igor

    The date parameter is needed to make it super easy to manage changes of passwords. For example, if your organization require you to change passwords every 10 days, you only need to change a date (for the same key). There is no need to save passwords. If there is no a place where these passwords are saved, there is no an easy opportunity to hack them.

    The second convenience that you can make changes easy for multiple account. For example, if you create a list of 10 online account for which you need to change passwords regularly, with single change in the date you will be able to do this. Even in the worst case scenario when all these generated passwords will be intercepted by a hacker, she/he will not be able to use them because she/he will not know the list of your online accounts and how these accounts relate to your generated passwords.

  5. gwarl

    So now you have to save a key and date to lastpass?

    1. Gagan Mishra

      No. Key is some memorable information, which is not saved in any form. As for dates, it is usually use dates on which changes of passwords are required. This allows to easy manage changes to passwords for multiple sites/accounts without a need to save them in electronic or paper form. When the password is needed it is generated on demand and not extracted from some encrypted file. For the reason that there is no place where passwords are saved, it is not possible to hack them from this place. It is not possible to find a black cat in a black room if there are no cats in this room.

Leave a Reply