Cross-platform Hash-a-Pass
In short:
paste first8 base64 enc "twitter" pwd?
In more detail:
I just met ecin of copypastel.com in HackerspaceSG last night. He showed me a cool little trick for managing passwords. Have a look at his article for more details and also visit the "original" web based implementation.
I had a look at his BASH implementation on the project homepage and I realized quite fast how this - otherwise quite neat - source code can be chopped down even further if we use the "right tool for the right job" >;P
The heart of the algorithm is this:
openssl dgst -sha1 -hmac $3 -binary | openssl enc -base64 | head -c 8
I have to nail down that the BASH piping is just as beautiful as powerful. It's more readable (at least after many years of experience) than what I translate it into now. BUT I can gain two great benefits if I rewrite it in some other language:
- cross platformness
- less dependencies
Let's see the translation pipe-by-pipe into my favorite language:
; head -c 8 first8: func[x] [copy/part x 8] ; openssl enc -base64 base64: func[x] [enbase/base x 64] ; openssl dgst -sha1 -hmac $3 -binary enc: func[x pwd] [checksum/method/key x 'SHA1 pwd] ; read the password used as the hashing key pwd?: does [ask/hide "password: "] ; pasting (text) into the clipboard is the least cross platform part of the application ; but with REBOL it's unified too (the 800kB graphical version has this functionality ; for Liunx X11, Windows GDI & Mac Cocoa) paste: func[x] [write clipboard:// x]
So assembling all these together we get the following program:
paste first8 base64 enc "twitter" pwd?
Can it be more expressive? ;)
It makes the algorithm obvious, however it fits a longer console line, so while I was developing it, I was just typing the following actually:
>> write clipboard:// probe copy/part enbase/base checksum/method/key "twitter" 'SHA1 ask/hide "password: " 64 8 password: ****** "dNbv5KY1" >> <Apple-V>dNbv5KY1
Conclusion: Fuck complexity. Again. And REBOL rulez, ofcoz...