Provided by: maradns_1.4.02-1_i386 bug

NAME

       mqhash - Simple secure password generator

SYNOPSIS

       mqhash [-n #] [-s] [-u] {data to hash}

DESCRIPTION

       mqhash is a simple secure password generator.

       The program uses MaraDNS' secure random number generator as the
       compression function for a secure hash; the output of this secure hash
       can be used as passwords for various locations on the internet.

       This program solves the problem of either using the same password on
       multiple web sites, or having so many passwords that it is not
       practical to remember them all.

USAGE

       The first step in using mqhash as a secure password generator is to set
       up a master secret from which all other passwords are generated.  It is
       important to keep this master secret secure; such as on a Linux or BSD
       machine that is always behind a firewall and is current with security
       updates.

       This secure secret is put in the file ~/.mhash_prefix. It is important
       that this secret is hard to guess; the security of all generated
       passwords is only as secure as the master secret.

       Once the ~/.mhash_prefix file is set up, mqhash is run thusly:

       mqhash -s {location}

       Where {location} is a web site, email address, or any other text string
       that describes where a given password is located. It is recommended
       that one uses a consistent style for {location} so that one can
       remember passwords for web sites that one has not visited for a while.
       Mqhash does not impose a style for remembering passwords; it is up to
       the user to create one.

       mqhash will output four potential passwords that have 32 bits of
       entropy. If more entropy is desired in a password, two 32-bit passwords
       can be joined together to generate a 64-bit password. A 32-bit password
       will protect against casual attacks but can be broken by a determined
       attacker with extensive resources attacking a website that does not
       lock out a user after too many failed attempts. A 64-bit password is
       immune to even a very determined attacker.

    OPTIONS

       -n  It is wise to periodically change ones password on sites that one
           uses frequently. This allows one to continue to have passwords
           after the four initial passwords have already been used; this can
           have a value between 2 and 9.

       -s  The normal mode for mqhash: To create a secure password based on
           both the contents of ~/.mhash_prefix and the final argument to
           mqhash.

       -u  This will generate a cryptographic hash out of the final argument
           sent to mqhash. This is useful when one does not need a secure
           password, but just wants to hash a short string.

LEGAL DISCLAIMER

       THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR
       IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
       DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
       ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
       OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
       HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
       STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
       IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.

AUTHORS

       Sam Trenholme (http://www.samiam.org) is responsible for this man page.