Manage passwords with Vim.
You will need Vim 7.4.399 or later (Vim 7.3 will also work, but has a flaw in the blowfish implementation and is not secure; we will warn for this).
This program was tested on FreeBSD & Arch Linux; it will probably also work on other POSIX systems (OpenBSD, MacOSX, Other Linuxes, etc.). It will not work on Windows.
./pwbunny to start the program or use
./gpwbunny to use gVim. You can
optionally specify a file to open, i.e.:
./pwbunny my-passwords. The default
passwords.pwbunny in the directory
pwbunny was called from.
pwbunny -h for more command-line options.
Some functions need some way to access the clipboard. If Vim has
we’ll use that. If it doesn’t, we try to use one of these command-line utilities:
Clipboard support is useful but entirely optional.
You can also use the clipboard features over an ssh session with X11 forwarding, please see the notes in the ‘Security’ section before enabling this.
You also need to enable both
ForwardX11Trusted; on the
command-line this can be done with the
-Y flags, i.e.:
ssh -XY $server
Or you can set these options for a host in your
Host myhost ForwardX11 yes ForwardX11Trusted yes
Password strength checking
Pwbunny can also check the strength of passwords. This requires either Python or Ruby support, and the he “zxcvbn” module for the language. Which you can find here:
The result is a number from 0 to 4, which represents an estimation of the crack time:
- 0: 100 seconds (very bad)
- 1: 2.5 hours (bit better, but still bad)
- 11 days (okay-ish)
- 3: 3 years (good)
- 4: Infinity (very good)
Your system’s memory will contain the plaintext contents. You should only run this program on trusted machines (i.e. not a shared host or the like).
Pwbunny uses the system’s clipboard extensively to get the passwords to your applications (e.g. browser); you should be aware that any program can read the clipboard, including malicious clipboard snoopers (as well as non-malicious snoopers, which may store their clipboard history database as world-readable in plain text).
ForwardX11Trustedeffectively gives the server complete control over the machine you’re connecting with, which may be a serious security problem. Only use this if you fully trust the server, and do not set these options globally!
May not be safe against holy hand grenade attacks.
Add a new entry. This is the recommended way to add a new entry.
Go to an entry; try to open it in a browser (this uses
Copy the password of the entry under the cursor (which may still be in a closed fold). This is especially useful if someone may be watching over your shoulder.
By default, your clipboard will be automatically emptied after 10 seconds, this timeout can be changed (or disabled) by setting
Copy the username of the entry under the cursor (which may still be in a closed fold); and after a user confirmation, also copy the password (as with
Empty the clipboard.
Generate a random password.
Generate a random password & insert it at the cursor position.
Sort all entries by title (the first line).
Show an estimation of the password strength at the cursor position, where 0= horrible and 4=superb.
Show an estimation of all the password strengths that are lower than
PS. By default, Vim maps
Default username to use (default: unset).
Use the clipboard contents as default site; it will try and get the domain part from an URL (default: 1).
s:emptyclipboard = 10
Empty the clipboard after this many seconds after calling
PwbunnyCopyPassword(), set to 0 to disable (default: 10).
s:passwordlength = 15
Length of generated passwords (default: 15).
s:autosort = 1
Sort entries after adding a new one (default: 1).
s:min_password_strength = 4
Minimal passwords strength, score of 0 to 4 based on a estimation of the actual crack time. See ‘Password strength checking’ above.
s:private = 0
Start ‘private mode’ by default (name of site isn’t displayed in the fold text).
A score of 4 is recommended (this is the default), 3 is acceptable, 2 or lower is strongly discouraged
The file format is simple:
An entry must have at least 3 lines.
An entry must be followed by 1 or more empty lines; except for the last entry, where an empty line is optional.
The first line must be the title and must be present. This line also doubles as the domain.
The second line must be the username, and may be blank.
The third line must be the password, and may be blank.
An entry may have as many lines as desired. This is useful for storing notes, answers to ‘security questions’ (which should also be random), and other extra data (e.g. SSH fingerprints).
-poption for 'private mode', this won’t display the site name in the fold.
Version 1.1, 2015-02-27
There are many new options, features, and improvements. With thanks to yggdr for some patches; the most important changes are:
cm=blowfishhas been discovered to be insecure; warn for this, and use
~/.pwbunny/passwords.pwbunnyas the default file;
./passwords.pwbunnyis used if it exists.
pwbunny.vimis now used from
Version 1.0, 2014-05-10
- Initial release.
Write some tests (http://usevim.com/2012/10/17/vim-unit-tests/).
A tool to regenerate passwords, and/or store when they were last changed, perhaps also integrate https://datalossdb.org and/or http://thepasswordproject.com/leaked_password_lists_and_dictionaries
Allow settings in
~/, now you have to modify the script to change settings.
Prepare for unexpected inquisitions.
Generate a random password (mapped to
Add a new entry (mapped to
Get title/sitename of the entry under the cursor.
Get username of the entry under the cursor.
Get password of the entry under the cursor.
Get line number n of the entry under the cursor.
Copy the password of the entry under the cursor (mapped to
PwbunnyCopyUserAndPassword()Copy the username of the entry under the cursor, and after a while go ahead and copy the password (mapped to
Get a list of all entries as
Sort all entries (mapped to
Clear the clipboard.
Copy str to the clipboard.
Get contents of clipboard.
Detect is the correct password was entered.
Find an entry by name, copy it to the clipboard, and exit.
Try to open
sitein a web browser (this uses
PwbunnyEstimatePassword(site, user, password)
Estimate password strength (mapped to
Estimate password strength of all passwords (mapped to
Set ‘private mode’. The names of the sites isn’t displayed in the fold text.
- vim-safe; seems less mature, but has a different approach on some things; may be of interest.