Pwd.sh Versions Save

Version 3 Beta continues with additional features and reliability improvements.

Currently in beta testing.

Changelog:

• New configuration options available - see README#Configure.
• Support for unencrypted comment in safe and index files. Off by default.
• Support for systems without clipboard: passwords will print to screen and clear.
• Script exits are trapped for chmod cleanup, now 0000.
• Updated "Clearing password" message.
• Copy password to clipboard before unlocking safe.
• Re-order action list so Read is first.
• Minor error handling and readability improvements.

The third release of pwd.sh features new usability features and improvements, specifically addressing:

• When creating passwords, having to read the password back after writing it (sometimes only to find it does not meet requirements). The password can now remain on the clipboard for the timeout duration before being saved. If the password is not compatible, just Control-C and generate a new one.
• Password generated with gpg often lacked special character diversity and did not meet website requirements. The character set is now a configurable tr setting to increase password quality.

Currently in beta testing.

Changelog:

• New option daily_backup: create daily backup archive on write. Off by default.
• New option pass_copy: keep password on clipboard before write. Helps ensure the password meets requirements before committing. Off by default.
• New option pass_chars: specify characters to use for password. Default is all alphanumeric and some common allowed special characters.
• Generate password with tr instead of gpg to improve compliance with password requirements.
• Reduce default password length 20->14 characters, remove maximum limit.
• Increase filename size 8->10 characters.
• Explicitly unset password variable after write.
• Minor code readability improvements.

The second release of pwd.sh features many security and reliability improvements, and is a recommended upgrade. Compatible on Linux, OpenBSD, macOS.

Known Issues:

• Newer versions of macOS error with tr: Illegal byte sequence - see issue #36

Changelist:

• Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
• Individual password filenames are random, mapped to usernames in an encrypted index file.
• Index and password files are now "immutable" using chmod while pwd.sh is not running.
• Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
• Use printf instead of echo for improved portability.
• New option: list passwords in the index.
• New option: create tar archive for backup.
• Removed option: delete password; the index is now a permanent ledger.
• Removed option: read all passwords; no use case for having a single command.
• Removed option: suppress generated password output; should be read from safe to verify save.

The second release of pwd.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.

Changelist:

• Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
• Individual password filenames are random, mapped to usernames in an encrypted index file.
• Index and password files are now "immutable" using chmod while pwd.sh is not running.
• Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
• Use printf instead of echo for improved portability.
• New option: list passwords in the index.
• New option: create tar archive for backup.
• Removed option: delete password; the index is now a permanent ledger.
• Removed option: read all passwords; no use case for having a single command.
• Removed option: suppress generated password output; should be read from safe to verify save.

Original release which has been available for general use and review since July 2015. There are no known bugs nor security vulnerabilities identified in this stable version of pwd.sh. Compatible on Linux, OpenBSD, macOS.