I’ve been using Oplop for a while now. It’s a great alternative to database-style password management programs like 1Password, providing the same level of security without compromising portability. While 1Password lets you take your passwords with you via an encrypted file and mobile, web and desktop apps, Oplop makes it so you don’t have to take anything with you at all!
One thing I don’t like about Oplop, however, is having to go to oplop.appspot.com every single time I need to retrieve my passwords. So I decided to implement the algorithm as a Python script with a simple command line interface.
#!/usr/bin/env python """Generate a password using the Oplop password hashing algorithm. For more information: http://code.google.com/p/oplop/wiki/HowItWorks""" from sys import argv, stdout from hashlib import md5 from base64 import urlsafe_b64encode as b64 import re PASS_LEN = 8 DIGIT_RE = re.compile('\d+') def oplop(nickname, master_password, pass_len=PASS_LEN): hashed = b64(md5(master_password + nickname).digest()) digits = DIGIT_RE.findall(hashed[:pass_len]) if not digits: digits = DIGIT_RE.findall(hashed) hashed = (digits and digits or '1') + hashed return hashed[:pass_len] if __name__ == '__main__': import argparse parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('nickname', help='Account nickname') parser.add_argument('master_password', help='Master password') args = parser.parse_args() stdout.write(oplop(args.nickname, args.master_password))
From here, I just need to come up with a way to get passwords generated by the script into web forms and applications automatically. For now, Alfred (+ Powerpack) and
pbcopy are doing nicely.
Here’s the Gist.