404 - DONT PANIC

the file you requested was not found


Installation-Manual


### Requirements - Python 2.6 or any later 2.x - python-virtualenv - git - bash (for managing the application) - build-environment is usually not needed (gcc/make; `aptitude install build-essential` under debian, `yum groupinstall "Development Tools"` for centos) - tested on linux (debian, centos) #### Debian
aptitude install python-virtualenv git
#### CentOS
yum install python-setuptools git
umask 022
easy_install virtualenv
#### FreeBSD
pkg install py27-virtualenv git
### Sourcecode & Installaion - download sources from bitbucket
git clone https://bitbucket.org/lazy_dogtown/makepw.app.git
- running `./makepw-web -i` (-init); this will locally install all needed libs and dependencies, using python-virtualenv; a new directory called "venv" will be created that holds all neccessary stuff. - after initializing you can start/stop/restart
cd makepw.app && ./makepw-web -init && ./makepw-web -start
### Cleanup - if yopu installed an additional build-environment, delete it after installation.
aptitude remove build-essential
### Migrate - just copy the makepw.app - folder to the new destination - run ./makepw-web -init on the new location to re-initialize - if changed your config.py, a backup might be found in web/config.py-$timestamp



Configuration-Manual


### config.py this is the global config_file where you might adjust some variables in appearance and behavior. all config_options MUST be in UPPER_LETTERS, and python-notion (e.g. strings escaped like: VAR = "string", numbers as numbers like INT = 42) to be readable by the application. - SITE_NAME: the string that appers on the top-left - DEBUG: shouldnt be used, except for development - SECRET_KEY: a secure random string is generated each time you run -init; this feature is not yet used, but might be later if using cookies/sessions - ABOUT_NAME: name for the link that appears on the top right location and below the PW-Field **sample-config:**
SITE_NAME="MakePW.com"
DEBUG = False
SECRET_KEY = "this_feature_is_not_yet_used"
ABOUT_NAME="Info"
Hidden Feature (please dont use this one) - PRIVATE: should be set to "yes"; this var is used on the official MakePW.com to have the social-page with facebook/g+/twitter/reddit - buttonz displayed; if you want something like this, create a social.md in pages/ and check the templates/social.html ### Changing Appearance & Navigation #### Name, Headers & Logo - Site-name and the title of the About/Info - Link (on the top right) can be changed by editing config.py - Site-Logo (left, in the header) is located in app/static/site-icon.png - Favicon can be found in app/static/favicon.ico #### customize Subnav-Links - to change the link-list on the right hand (see Docs/Get_your_version [online](http://makepw.com/) ) just edit a file called "custom.links" in the app/ - folder with the following format (default-entries)
    home      :: /
    google    :: https://www.google.com/
#### customized documentation - all texts and docs are written using [Markdown](http://daringfireball.net/projects/markdown/syntax) - you can change the document, presented under the [/info/](/info/) link, by editing app/pages/documentation.md for custom user-documentation; this file is excluded in .gitignore - you can change the text below the password-field (**About** on the online-version) with editing app/pages/about.md; the title of the Link will change with the config_option: ABOUT_NAME [see config.py](#config-py) ### changing listening ip/port the IP/Port this app listens is configured in makepw-web, a shell-script to manage your running application. defaults (you might change that to fit your requirements):
host = "0.0.0.0"
port = "9876"
these variables get exported as SHELL_VARS and read by flask.app or transfered to gunicorn_bind_vars ftr: there is a possibility to manage this better, [see this stackoverflow - thread](http://stackoverflow.com/questions/14566570/how-to-use-flask-script-and-gunicorn) but i'm to lazy atm :) ### nginx - config a short nginx-config below; adjust https-config accordingly **(ssl is strongly advised!)**
server {

  listen       80;
  server_name  pw.example.com;

  access_log  /var/log/nginx/makepw.access.log;
  error_log   /var/log/nginx/makepw.error.log;

  gzip on;

  location /static/ {

       root /htdocs/makepw.app/app;
       expires 1d;

    }


  location / {
       expires off;
       proxy_set_header Host $host;
       proxy_pass http://127.0.0.1:9876;

    }

}



API - Manual


### API An API is available below `/api////` and might be accessed via GET - requests ** available Formats ** - json -> return an JSON-object with an array of 10 passwords; mime-type: application/json
    {
        "passwords" : ["pw1", "pw2", ... "pwN"],
        "length"    : <pw-length>,
        "count"     : <number-of-passwords>,

    }
- yaml -> return result in yaml-format; mime-type: application/x-yaml [see](http://stackoverflow.com/questions/332129/yaml-mime-type)
--- # list of passwords
passwords: [pw1, pw2, ...., pwN]
length   : <pw-length>
count    : <number-of-passwords>
---
- plain -> return a list of passwords; mime-type: text/plain
pw1
pw2
....
pwN
- **PW-LENGTH** - must be between (including) 8 and 128 - defaults to 16 / default_length via config **Number of Passwords** - must be between (including) 1 and 128 - defaults to 8 / default_pw_count via config



Secure Passwords - musings


#### What are secure passwords? ------------------ #### Is there any point in using 'strong' passwords? - [src](http://security.stackexchange.com/questions/42134/is-there-any-point-in-using-strong-passwords) **Question** Let's say I'm setting up a new account on a website. Should I bother using a strong password? My reasoning is this: - Password strength is a rough measure of how long it would take to brute-force my password from a hash. - Brute-forcing even a 'weak' password is difficult via the authentication endpoint for the website - it's too slow, and limitations on the number of incorrect password attempts are commonplace. - Brute-forcing even 'strong' passwords is becoming trivial when you have the password hash, and this situation will only get worse. - In the situation that password hashes are leaked from a website, passwords are reset anyway. It seems to me that there's no difference between using the password `fredleyyyy` or `7p27mXSo4%TIMZonmAJIVaFvr5wW0%mV4KK1p6Gh` at the end of the day. ------------------------ **Answer** by Terry Chia > Brute-forcing even 'strong' passwords is becoming trivial when you have the password hash, and this situation will only get worse. This is not true. A highly random password is near impossible to bruteforce given that the web application in question is using a strong hashing algorithm like bcrypt or pbkdf2. On the other hand, weak passwords are laughably easy to bruteforce even if a strong hashing algorithm is used. So yes, there is merit to using a strong password. ------------------ #### How to generate secure passwords? What makes these perfect and safe? Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again. Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else. Therefore, these password strings are just for you. No one else can ever see them or get them. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours — forever. The "Application Notes" section below discusses various aspects of using these random passwords for locking down wireless WEP and WPA networks, for use as VPN shared secrets, as well as for other purposes. The "Techie Details" section at the end describes exactly how these super-strong maximum-entropy passwords are generated (to satisfy the uber-geek inside you). #### How to securely store passwords? #### Are there better ways than using passwords?



Changelog & Roadmap


#### Todo - pure python, also for makepw-web -> mpw-ctl - xkcd-mode - languages for interface [en|fr|es|de] - API xml - Secure Passwords - musings - for api_ create checksum() for the text-output to verify ---------------------------------------- #### v0.x - Changelog - v0.8.10 - 2015-05-05 - transition to run w/out tweaks on *bsd - went from easy_install to pip install - v0.8 - 2013-09-02 - new pw-gen code, see http://security.stackexchange.com/questions/41501/is-the-following-password-generator-secure - app_config now in a separate config.file that gets generated on first run (creating a random SECRET) - installation + configuration - manuals - sourcecode - release - manage.py - very simple api (json,plain,yaml) + docs - customizable site_name, docs & some appearance-options - custom.links - privacy-statement & terms of service - official website runs now with https only - changed makepw.com to makepw.app @ bitbucket ----------------------- - v0.7 - 2013-08-27 - released @ makepw.com - some docs ----------------------- - v0.6 - 2013-06-23 - polish and customer-usable ----------------------- - v0.5 - 2012-12-17 - added bootstrap - ui - select-options via navigation ----------------------- - v0.4 - 2012-12-10 - added // - option - changed to geany in a bottle ----------------------- - v0.3 - 2012-10-10 - release for interal purposes - plain text-page with fixed pw-length -----------------------

About

MakePW.com is a service that generates secure, random passwords, 24/7. Default password-length is 16 characters and can be adjusted from 8 - 128 characters. There's also an option to get the password-list as plain ascii-text file or access an RESTful API that creates JSON or YAML - output.

This webapp works with javascript disabled, except for navigation on smartphones; you still are able adjust the value for password-length manually and choose between 8 and 128 characters the following way: https://makepw.com/32/

The sourcecode of this python/flask - based WebApp is released as open-source-software
to be used for individuals or within organizational infrastructure; please refer to the installation - section below to find needed manuals to setup and configure your own version.

Our Privacy-Statement and Terms of Service are available here.



(c) copyright 2012 - 2015 makepw.com, icons by dryicons, logo by icondb.com
hosting and development sponsored by MARE system