+tl;dr: If you don’t care about any of the back story and just want +to know how to use DisPass to manage passwords, skip to 5 for instant gratification. +
+ ++DisPass is a project that was started, and is still maintained, by a +friend and former colleague of mine. I've been using it for quite +some time. It helps me feel safe online, knowing that all my +accounts have different and strong passwords. +
+ ++DisPass uses algorithms to make reproducible passphrases. Making it +a kind-of functional password manager, just like Haskell is a +functional programming language and Guix is a functional package +manager. Given the same input DisPass will always produce the same +output. This means that the generated passphrases are never stored +anywhere and cannot be discovered by crackers1 and the like. +
+ ++The input for DisPass consists of a label, algorithm, length, +possibly a sequence number (depending on the algorithm used) and +finally a password. All but the label and password have some default +value, but can also be specified through command-line switches. +
++Being a functional anything usually means that whatever you're using +doesn't maintain any state. This can be true for DisPass, but isn't +necessarily so. It can be a challenge to remember the size, +algorithm and sequence number for a large number of labels, so there +is the labelfile. +
+ +
+The labelfile is normally located in either
+$XDG_CONFIG_HOME/dispass/labels or $HOME/.dispass/labels, but
+can also be specified on the command-line. It contains the metadata
+for the labels, and the labels themselves. This lets you run
+something like:
+
+dispass generate foobar ++ +
+And it'll know the size, algorithm and sequence number for the label +“foobar”, assuming you’ve saved it to the labelfile. The labelfile +is unencrypted, but this information is useless as long as nobody +knows the password(s) you use to generate the passphrases. +
++DisPass is easy to install if you have either Archlinux or pip +installed. Windows is a bit more problematic and I don’t even know +how to get started on a Mac personally, but there is no reason it +can’t work. It doesn’t have many dependencies, so you don’t need to +install anything else first. +
+ ++The latest release is quite old, but a new release should be coming +soon. There haven’t been too many developments since version +0.3.0-dev because it basically does what it needs to do, and the +user base is currently very small, so bugs might not be encountered +too quickly. Don’t think that it’s an abandoned project, if you look +at it’s github page you’ll see that it’s seen a bit of development +again as of late. +
+ ++In the case of Archlinux I’ve provided packages in the AUR for both +python2-dispass version 0.2.0 and python2-dispass-git. Installing +either of these like any regular old aur package will get you set +up. Incidentally, if you’re using Archlinux on x8664 and have the +testing package repository enabled, you could also use my package +repository, though no guarantees that it’ll ever work are given +there. +
+ ++For a general pip installation it should be as easy as running: +
+ ++sudo pip install dispass ++
+Seeing as how my friend would like it to be generally useful, and +he’s a VIM user, there is both a GUI and CLI interface. Since I’m an +Emacs user I’ve created an Emacs and a Conkeror interface for it as +well. +
++The CLI is what gets the most attention and gets developed the +most. I will be working with this in the 5 +section. +
+
+There is a basic GUI included with dispass, it can be started with
+either the gdispass or the dispass gui commands. It requires
+tkinter to be installed. It doesn't do everything the CLI does, but
+there are plans to improve it and use a different gui library (such
+as Qt). In some situations it can copy the generated passphrases
+directly to the clipboard, but this is only true on GNU/Linux, not
+on Windows.
+
+I wrote an Emacs interface when I started using DisPass. It tries +to copy the generated passwords directly to the clipboard, instead +of needing the user to copy it manually as the CLI does. It can +also insert generated passphrases into a buffer, such as the +minibuffer. +
+ ++It's available on github. +
++I also wrote a Conkeror interface some time later, because I didn't +want to keep copying and pasting the passphrases through one of the +other interfaces (usually Emacs). It inserts the generated +passphrases into the focused input. +
+ ++It's also available on github. +
++As I mentioned, the idea is to expand the GUI and use a different +gui library for it, to make it look a little better. The +functionality should also be extended to do everything the CLI +does. +
+ ++A Firefox extension is also still on the list of desirable +interfaces. I'm not sure how plausible it is with the new +WebExtension plugin api, I haven't looked into it yet. I don't +think chrom(e|ium) allows developers to call external programs, +which is an obstacle, but I haven't looked at this either. +
+
+Now for the real fun. Generating passphrases is simple. Use the
+generate command:
+
+dispass generate foobar ++ +
+If no entry exists in the labelfile for foobar, it uses the
+defaults, which at the time of writing are a length of 30, and the
+algorithm dispass1. This algorithm doesn't use a sequence
+number. It can generate more than one passphrase at a time.
+
+The generated passphrases are presented in an ncurses screen so they
+aren't kept in your terminal emulator's scrollback history, at least
+in some cases. You can use the -o switch to do away with the
+ncurses screen and just output a line for each generated
+passphrase. Together with something like awk this can be used to
+directly send some command the passphrase it needs. For example, if
+the program foo needs a password from stdin, you could use:
+
+dispass generate -o foobar | awk '{ print $2 }' | foo
+
+
+
+You can specify a different length, algorithm and sequence number by
+using command line switches. For example, I normally prefer the
+dispass2 algorithm since it adds a sequence number. For some crazy
+reason the place I use the passphrase limits it to a length of 16
+characters and I've had to change my password twice, so I use a
+sequence number of 3. I could use:
+
+dispass generate -l 16 -a dispass2 -s 3 foobar ++ +
+It would be difficult to remember all this, so I personally would
+add it to the labelfile. To do this I can use the add
+command. Basically this is:
+
+dispass add foobar ++ +
+This creates an entry in the label file with the same default values
+as the generate command: a length of 30 and using the dispass1
+algorithm. To use the values we used before we can instead do:
+
+dispass add foobar:16:dispass2:3 ++ +
+This way we can add multiple entries with different values at once: +
+ ++dispass add foo:16 bar::dispass2:2 ++ +
+This would add the foo label with a length of 16, using the
+default algorithm and the label bar with the default length, using
+the dispass2 algorithm and the sequence number 2. As you can see
+you can omit any trailing parameters and leave any parameters in
+between empty to use their default values.
+
+If you added it before I showed you the extended add syntax you can
+use update to change an existing entry in the labelfile:
+
+dispass update foobar 13:dispass2:3 ++ +
+Unlike the add command, the update command only updates one
+label at a time.
+
+Now, the place I use my password was cracked by crackers1, my
+password was stolen. That's no biggie. I use the list command to
+check what my sequence number is:
+
+dispass list ++ +
+Then I can update my labelfile and use a new sequence number: +
+ ++dispass update foobar ::4 ++ +
+I could also use the convenient increment command:
+
+dispass increment foobar ++ +
+Everytime the sequence number is changed the input changes and so
+does the passphrase. So a simple call to the increment command
+will completely change your passphrase. This is nice, because
+otherwise I'd have to change either the label or the password used
+to generate the passphrase.
+
+Actually, I just quit the job where I used my foobar label. I
+still use many other labels and don't want my list to get too big. I
+also don't want to delete the label in case I ever need to get back
+in there, so I just disable it:
+
+dispass disable foobar ++ +
+This keeps it in the labelfile, but commands such as list don't
+show it anymore. But then they really need me back, and since I'm
+now a freelance worker I can accommodate them, so I enable my label
+again:
+
+dispass enable foobar ++ +
+But now the place where I use the foobar label has gone out of
+business (I mean, come on, using a maximum password length of 16 and
+getting cracked by crackers all the time, are you really surprised?)
+and their site has been taken offline. Now I really have no reason
+to keep this label around, so I remove it:
+
+dispass remove foobar ++
+Yes, this is an excellent project and I'm not just saying that +because a friend of mine wrote it. There are some things that it +just isn't suited for. +
+ ++When sharing a single account with someone else (don't do this!), +you can't expect the other party to use the same label and password +to generate the passphrase, if they're even tech-savvy enough to use +DisPass just like you. It also increases the amount of information +you need to remember to use DisPass. There are better programs to +store pre-generated passwords. +
+ ++Due to the way the current algorithms are implemented there is a +limit to the length of the passphrases and that limit isn't entirely +consistent. This is only a problem when you need passphrases of more +than 100 characters, and I haven't had that problem yet. +
+