{"id":21747481,"url":"https://github.com/charlespascoe/stretch-pass","last_synced_at":"2025-03-21T02:21:03.355Z","repository":{"id":57471839,"uuid":"86580205","full_name":"charlespascoe/stretch-pass","owner":"charlespascoe","description":"Password Stretcher","archived":false,"fork":false,"pushed_at":"2017-04-26T10:29:08.000Z","size":42,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-17T00:41:55.416Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/charlespascoe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-29T12:36:45.000Z","updated_at":"2017-03-30T13:56:42.000Z","dependencies_parsed_at":"2022-08-30T13:51:18.966Z","dependency_job_id":null,"html_url":"https://github.com/charlespascoe/stretch-pass","commit_stats":null,"previous_names":["cpascoe95/stretch-pass"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlespascoe%2Fstretch-pass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlespascoe%2Fstretch-pass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlespascoe%2Fstretch-pass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charlespascoe%2Fstretch-pass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/charlespascoe","download_url":"https://codeload.github.com/charlespascoe/stretch-pass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244722734,"owners_count":20499154,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-26T08:09:16.777Z","updated_at":"2025-03-21T02:21:03.335Z","avatar_url":"https://github.com/charlespascoe.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Password Stretcher\n==================\n\nDerive high-entropy passwords from passphrases using a slow key derivation function (sometimes referred to as [key stretching](https://en.wikipedia.org/wiki/Key_stretching)).\n\nWhy?\n----\n\nPassword stretching makes it significantly harder to guess the password for a hash/file encryption key/etc. since an attacker has to use more resources or wait longer for each password they try.\n\nMany programs that use passwords for securing sensitive information do not have particularly complex password stretching/key derivation algorithms (e.g. GPG), which make them vulnerable to password cracking, unless a particularly long and complex passphrase is used.\n\n`stretch-pass` allows you to generate long, high-entropy passwords from a passphrase using a slow key derivation function, which can then be used in these programs.\n\nSetup\n=====\n\nRequires Python 3.5+\n\n`$ pip3 install stretch-pass`\n\nUsage\n=====\n\nTo use stretch-pass with all the defaults:\n\n`$ stretch-pass`\n\nWhen you run this for the first time, the program will generate a random [salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) and store it in a config file (which defaults to `~/.stretchpassrc`).\n\nYou'll be prompted for a passphrase; this will be used to deterministically generate a long, random password to be used in another application. The passphrase you enter is not stored anywhere. You can use different passphrases for different applications.\n\nIf you want the generated password to be put into the clipboard instead of printed to the terminal, add `-c` or `--clip`.\n\nAdding `-C` or `--confirm` will prompt for the passphrase twice to verify that it was entered correctly.\n\nKey Derivation Function Parameters\n----------------------------------\n\nYou can change the KDF parameters in order to increase the computational resources required to guess a passphrase. You can change the time cost (CPU load), memory cost (RAM consumption), and parallelism (usage across multiple cores). Use `stretch-pass --kdf-params` to print the parameters it is currently using, then use the `-t`, `-m`, and `-p` options to tweak them to meet your requirements. Note that the default parameters are deliberately very high, so you may wish to try lowering them if it takes too long to generate the password. You can also change the output password length using `-l`.\n\nOnce you've found some suitable parameters, you can put them in the config file. To easily edit the config file, make sure your `EDITOR` environment variable is set and run `stretch-pass -e`, which will open the config file in the editor of your choice.\n\nThe config file is a simple list of key/value pairs, in any order. All entries except `SALT` are optional. For example:\n\n```\n# This is a comment\n\n# Spacing around '=' is optional\nTIME_COST = 32\nMEMORY_COST = 131072\nPARALLELISM = 2\nPASSWORD_LENGTH = 64\nSALT = 00112233445566778899aabbccddeeff\n```\n\n**N.B: Changing any of these parameters will result in a different password to be generated from the same passphrase! Configure these parameters *before* using the generated passwords, and backup the configuration file somewhere safe.**\n\nAutocomplete\n------------\n\nstretch-pass can use [argcomplete](https://github.com/kislyuk/argcomplete) for tab completion, but this is optional.\n\nFull Help\n---------\n\n```\n$ stretch-pass -h\nusage: stretch-pass [-h] [-v] [-V] [--log-file LOG_FILE]\n                    [--config CONFIG_PATH] [-e] [--kdf-params] [-t TIME_COST]\n                    [-m MEMORY_COST] [-p PARALLELISM] [-l PASSWORD_LENGTH]\n                    [-s SALT] [-u USERNAME] [-c]\n                    [--passphrase PASSPHRASE | --stdin-passphrase | -C]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --verbose\n  -V, --version         Show version and exit\n  --log-file LOG_FILE   Path to log file (use with --verbose)\n  --config CONFIG_PATH  Path to config file (defaults to ~/.stretchpassrc)\n  -e, --edit-config     Opens the stretch-pass config using EDITOR\n  --kdf-params          Print KDF parameters and exit\n  -t TIME_COST, --time-cost TIME_COST\n  -m MEMORY_COST, --memory-cost MEMORY_COST\n  -p PARALLELISM, --parallelism PARALLELISM\n  -l PASSWORD_LENGTH, --password-length PASSWORD_LENGTH\n  -s SALT, --salt SALT  The hex string to use as a salt (at least 8 bytes)\n  -u USERNAME, --username USERNAME\n                        Username/program name (case sensitive - used to\n                        generate the password)\n  -c, --clip            Copy the password to clipboard instead of STDOUT\n  --passphrase PASSPHRASE\n                        Pass passphrase directly instead of via prompt\n  --stdin-passphrase    Read passphrase from STDIN (be aware of newline\n                        characters and environment encodings)\n  -C, --confirm         Prompt for the passphrase twice and verify they are\n                        the same\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharlespascoe%2Fstretch-pass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcharlespascoe%2Fstretch-pass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharlespascoe%2Fstretch-pass/lists"}