Releases: drduh/pwd.sh
Version 3
The third stable release of pwd.sh password manager with usability improvements, new features and configuration options (detailed in README).
Version 3.0 also addresses the following known issues:
- When creating passwords, having to read the password back after writing it (sometimes only to find it does not meet requirements). The password can now remain on the clipboard for the timeout duration before being saved. If the password is not compatible, just Control-C and generate a new one.
- Password generated with
gpg
often lacked special character diversity and did not meet website requirements. The character set is now a configurabletr
setting to increase password quality.
Changelist
- New pepper feature for adding additional entropy to passphrase, see Details for more information. Off by default.
- New option
daily_backup
: create daily backup archive on write. Off by default. - New option
pass_copy
: keep password on clipboard before write. Helps ensure the password meets requirements before committing. Off by default. - New option
pass_chars
: specify characters to use for password. Default is all alphanumeric and some common allowed special characters. - Support for unencrypted comment in safe and index files. Off by default.
- Support for other clipboards (e.g., primary/control-v clipboard with
xclip
) - Support for systems without clipboard: passwords will print to screen and clear after timeout.
- Generate username functionality.
- Generate password with
tr
instead ofgpg
to improve compliance with password requirements. - Reduce default password length 20->14 characters, remove maximum limit.
- Increase filename size 8->10 characters.
- Script exits are trapped for chmod cleanup, now
0000
. - Less ambiguous output messages.
- Copy password to clipboard before unlocking safe.
- Re-order action list so Read is first.
- Error handling and readability improvements.
Full Changelog: 2.0...3.0
Version 3 Beta 1
Version 3 Beta continues with additional features and reliability improvements.
Currently in beta testing.
Changelog:
- New configuration options available - see README#Configure.
- Support for unencrypted comment in safe and index files. Off by default.
- Support for systems without clipboard: passwords will print to screen and clear.
- Script exits are trapped for chmod cleanup, now
0000
. - Updated "Clearing password" message.
- Copy password to clipboard before unlocking safe.
- Re-order action list so Read is first.
- Minor error handling and readability improvements.
Version 3 Beta
The third release of pwd.sh features new usability features and improvements, specifically addressing:
- When creating passwords, having to read the password back after writing it (sometimes only to find it does not meet requirements). The password can now remain on the clipboard for the timeout duration before being saved. If the password is not compatible, just Control-C and generate a new one.
- Password generated with
gpg
often lacked special character diversity and did not meet website requirements. The character set is now a configurabletr
setting to increase password quality.
Currently in beta testing.
Changelog:
- New option
daily_backup
: create daily backup archive on write. Off by default. - New option
pass_copy
: keep password on clipboard before write. Helps ensure the password meets requirements before committing. Off by default. - New option
pass_chars
: specify characters to use for password. Default is all alphanumeric and some common allowed special characters. - Generate password with
tr
instead ofgpg
to improve compliance with password requirements. - Reduce default password length 20->14 characters, remove maximum limit.
- Increase filename size 8->10 characters.
- Explicitly unset password variable after write.
- Minor code readability improvements.
Version 2
The second release of pwd.sh features many security and reliability improvements, and is a recommended upgrade. Compatible on Linux, OpenBSD, macOS.
Known Issues:
- Newer versions of macOS error with
tr: Illegal byte sequence
- see issue #36
Changelist:
- Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
- Individual password filenames are random, mapped to usernames in an encrypted index file.
- Index and password files are now "immutable" using chmod while pwd.sh is not running.
- Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
- Use printf instead of echo for improved portability.
- New option: list passwords in the index.
- New option: create tar archive for backup.
- Removed option: delete password; the index is now a permanent ledger.
- Removed option: read all passwords; no use case for having a single command.
- Removed option: suppress generated password output; should be read from safe to verify save.
Version 2 Beta
The second release of pwd.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.
Changelist:
- Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
- Individual password filenames are random, mapped to usernames in an encrypted index file.
- Index and password files are now "immutable" using chmod while pwd.sh is not running.
- Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
- Use printf instead of echo for improved portability.
- New option: list passwords in the index.
- New option: create tar archive for backup.
- Removed option: delete password; the index is now a permanent ledger.
- Removed option: read all passwords; no use case for having a single command.
- Removed option: suppress generated password output; should be read from safe to verify save.