<HEAD>
<TH>MQHASH 1 "August 2006" MQHASH "MaraDNS reference"</TH>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
</HEAD>
<BODY>
<h1>NAME</h1>
mqhash - Simple secure password generator
<h1>SYNOPSIS</h1>
<b>mqhash [-n #] [-s] [-u] {data to hash}</b>
<H1>DESCRIPTION</H1>
<b>mqhash</b>
is a simple secure password generator.

<p>

The program uses MaraDNS' secure random number generator as the
compression function for a secure hash; the output of this secure
hash can be used as passwords for various locations on the internet.

<p>

This program solves the problem of either using the same password on
multiple web sites, or having so many passwords that it is not practical
to remember them all.

<H1>USAGE</H1>

The first step in using <b>mqhash</b> as a secure password generator is
to set up a master secret from which all other passwords are generated.
It is important to keep this master secret secure; such as on a Linux
or BSD machine that is always behind a firewall and is current with
security updates.

<p>

This secure secret is put in the file <tt>~/.mhash_prefix</tt>.  It is
important that this secret is hard to guess; the security of all generated
passwords is only as secure as the master secret.

<p>

Once the <tt>~/.mhash_prefix</tt> file is set up, mqhash is run thusly:

<pre>
mqhash -s {location}
</pre>

Where {location} is a web site, email address, or any other text string
that describes where a given password is located.  It is recommended that
one uses a consistent style for {location} so that one can remember 
passwords for web sites that one has not visited for a while.  
Mqhash does not impose a style for remembering passwords; it is up
to the user to create one.

<p>

<b>mqhash</b> will output four potential passwords that have 32
bits of entropy.  If more entropy is desired in a password, two
32-bit passwords can be joined together to generate a 64-bit 
password.  A 32-bit password will protect against casual attacks 
but can be broken by a determined attacker with extensive resources
attacking a website that does not lock out a user after too many failed
attempts.  A 64-bit password is immune to even a very determined 
attacker.

<h2>OPTIONS</h2>

<dl>
<dt>-n
<dd>It is wise to periodically change ones password on sites that one 
uses frequently.  This allows one to continue to have passwords after
the four initial passwords have already been used; this can have a value
between 2 and 9.
<dt>-s
<dd>The normal mode for mqhash: To create a secure password based on
both the contents of <tt>~/.mhash_prefix</tt> and the final argument
to mqhash.
<dt>-u
<dd>This will generate a cryptographic hash out of the final argument
sent to mqhash.  This is useful when one does not need a secure
password, but just wants to hash a short string.
</dl>

<h1>LEGAL DISCLAIMER</h1>
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

<h1>AUTHORS</h1>
Sam Trenholme (<A href=http://www.samiam.org/>http://www.samiam.org</a>) is 
responsible for this man page.
</body>