The weakness of password management systems is a need to save passwords in a warehouse, which may be hacked. It would be hard to hack them if they were not kept in a warehouse.
In this case, the weakness of modern password management systems will be removed. Therefore, we have the following problem: How to use and manage passwords without saving them in electronic or paper form?
Table of Contents
Generate Dynamical Passwords
Dynamical passwords are parametric, dynamic, recoverable, generated on demand, and pseudo-random passwords not stored in electronic or paper form.
For the reason that dynamical passwords are generated on demand, there is no need to save them in a warehouse. Therefore, the use of dynamic passwords is a solution to the problem.
Another essential property of dynamical passwords is the easiness of recovery from some memorable parameters. The most common parameters are key and date (year, month, day). If, for example, you choose the name and birth date of one of your relatives, friends, or some famous persons, you will be able to recover the password with these parameters quickly.
In this article, you will learn to generate ten dynamical passwords using public dynamical password generators (DPGs).
Our approach consists of the following two steps:
- Define input parameters for the DPG.
- Get dynamical passwords via cURL’s POST requests to a public dynamical passwords generator (DPG);
Requirements
Dialog and cURL are required to be installed on your Linux computer.
A simple bash script
This section describes a simple bash script, which performs the two steps required.
Step 1. Define parameters.
key='trendoceans' #Secret Key
day=5
month=5
year=2025
Step 2. Send a POST request with cURL to a public DPG.
url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url
As a result, we get ten passwords with a length of 15 symbols each.
Create a file and store the above commands and save it with the name “db_script.sh”. In the future, whenever you want to regenerate again, execute the same script.
Make sure to give executable permission to your script before executing using the below command.
$ chmod +x db_script.sh
Adding a simple user’s interface
We can create a simple user interface for generating passwords using echo and read commands.
echo "Enter a key"
read key
echo "Enter a day"
read day
echo "Enter a month"
read month
echo "Enter an year"
read year
url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url
Type the above command in your editor and save it with “db_si.sh”. Then type the below command to provide executable permission for your script.
$ chmod +x db_si.sh
Adding the dialog’s interface
Using the dialog utility, we can create a better user interface. Users can graphically interact and generate passwords using the below code.
clear
key=$(dialog --title "Input" --inputbox "Enter a key" 8 60 2 3>&1 1>&2 2>&3 3>&-)
clear
x=$(dialog --title "Calendar" --calendar "Choose a date" 0 0 3>&1 1>&2 2>&3 3>&-)
d=$(echo $x |awk '{split($0,x,"/");print x[1]}')
m=$(echo $x |awk '{split($0,x,"/");print x[2]}')
y=$(echo $x |awk '{split($0,x,"/");print x[3]}')
clear
echo "d="$d " m="$m " y="$y " key="$key
url='https://dynpass.online/dpt/dpt.php'
curl -X POST -F 'key='$key -F 'day='$day -F 'month='$month -F 'year='$year $url
Type the above command in your editor and save it with “db_dialog.sh”. Then type the below command to provide executable permission for your script.
$ chmod +x db_dialog.sh
Final Thought
Nothing is secure in the world of technology; even this method cannot secure you from attack. Make sure not to hand your key and date to someone else.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.
LastPass watch out!
Do I understand correctly that each trip to the dynpass server will generate the same passwords given the same inputs? If so, is there much additional value in providing a date to the call in addition to the key (passphrase)? If the same password list is generated, then there is recoverability. Because the returned passwords are pseudo-random, however, they are still difficult to use.
Yes, your understanding is correct. For the same parameters, the same pseudo-random passwords will be generated.
For each key, there is an infinite number of passwords (each one for each day). The complexity of passwords is the same as of random passwords with the same number of symbols.
LastPass stores encrypted passwords online. It is better than storing them offline and synchronizing over different devices, but for the reason that passwords are stored in in a safe vault that can be hacked, it is less secure than dynamical passwords.
The date parameter is needed to make it super easy to manage changes of passwords. For example, if your organization require you to change passwords every 10 days, you only need to change a date (for the same key). There is no need to save passwords. If there is no a place where these passwords are saved, there is no an easy opportunity to hack them.
The second convenience that you can make changes easy for multiple account. For example, if you create a list of 10 online account for which you need to change passwords regularly, with single change in the date you will be able to do this. Even in the worst case scenario when all these generated passwords will be intercepted by a hacker, she/he will not be able to use them because she/he will not know the list of your online accounts and how these accounts relate to your generated passwords.
So now you have to save a key and date to lastpass?
No. Key is some memorable information, which is not saved in any form. As for dates, it is usually use dates on which changes of passwords are required. This allows to easy manage changes to passwords for multiple sites/accounts without a need to save them in electronic or paper form. When the password is needed it is generated on demand and not extracted from some encrypted file. For the reason that there is no place where passwords are saved, it is not possible to hack them from this place. It is not possible to find a black cat in a black room if there are no cats in this room.