quepasa

quepasa is a program and method of generating unique passwords for web sites automatically. The user remembers a single passphrase and quepasa can generate the same password from a combination of the passphrase and the name of the web site.

Using quepasa means remembering a single passphrase which covers all the web sites you visit. The passwords are generated automatically using the Secure Hash algorithm SHA-256 to generate a cryptographically secure password.

[Download]

quepasa usage

To use quepasa do the following:
  1. Think of a passphrase that you'll remember, that isn't easy for someone who knows you to guess, and that has at least 16 characters in it. The longer the better.
  2. When you visit a web site and need a password type quepasa <website> <passphrase>
Here's an example: you need a password for Amazon.com, and you've previously selected the passphrase I am too sexy for my shirt. Simply type:
quepasa amazon "I am too sexy for my shirt"

In this case the password is WQ45f(A.. Notice how it's a mixture of letters, numbers and other characters. Now you need a password for Yahoo! as well. Do the same command:

quepasa yahoo "I am too sexy for my shirt"

In this case the password is %kHcyMQ..

quepasa algorithm

quepasa generates the password using the following algorithm. Other implementations of quepasa should use the same algorithm, but would be free to use whatever technology they want. A plug-in for a browser that could generate the password on the fly would be cool.

Call the web site name w and the passphrase p. Compute the SHA-256 hash expressed as a hexadecimal number of pwp (i.e. the concatentation of p with w and p). Call that number h.

Starting from the RHS or low-end of h take each DWORD and sum the individual bytes mod 94. That yields a number in the range 0 to 93. Add 33 to get a number in the range 33 to 126. The corresponding ASCII character is the first character of the password. Continue with the remaining DWORDs to obtain an 8 character password.


Copyright (c) 2004 John Graham-Cumming.

SourceForge.net Logo