Coder Social home page Coder Social logo

sppg's Introduction

sppg

Rust codecov License

Secure passphrase generator using the diceware method.

For a long time the apg command line program has allowed users to create random, pronounceable passwords that are also hard to guess. This program attempts to do the same thing for pass phrases.

It uses the diceware method to derive random passphrases and takes some precautions to ensure that all the phrases it displays are as secure as possible within the confines of the user's request. By default it outputs a plain 5 word passphrase and won't output anything with less than 4 words unless you specify the quality option (-q | --quality). However, even with the quality option it won't display any phrases with less than 8 characters (including spaces).

A Note about security

  • A four word passphrase should suffice for the average computer user. A five or six word passphrase will suffice for someone who's position in their organization might make them a legitimate target to compromise. If your threat model includes adversaries who can dedicate a large amount of money and resources against you the length of your passphrase is the least of your worries.

  • This program includes the spaces between words in determining the length of a passphrase. You should also include them when you type your passphrase. Theoretically, it is possible for an adversary to guess the number and length of the words in your passphrase by listening for the sound of the space bar, but if that is a realistic part of your theat model why are you even reading this? The -S option can now be used to supply your own separator character.

  • This program uses the original word list from Arnold Reinhold by default. However, there is an option to use the EFF's revised list. Both lists are exactly the same security-wise. The difference is in the words included in the list. The EFF's list includes longer words, removes some Americanisms, and removes a broader range of potentially offensive words. My personal preference is for the original list because it's shorter to type on average.

  • If you want shorter passphrases you can use the --quality option to insert one special character and convert one letter to upper case at random.

    sppg --word-count 2 --quality

  • Ultimately the security of your passphrase is only as good as the sytem it's stored on. If the webservice you're accessing stores passwords in plaintext in its database and it gets hacked it will do you no good to have a 12 word passphrase. You should never reuse passphrases. Better yet, use a password manager.

  • "This is all well and good," you might say. "But how's your password hygiene?" you might ask. I'm only some rando on the internet that plays at being a software developer. I use a password manager and for its master password I use a plain, unadorned 4 word passphrase from the original list generated thusly:

    sppg -w 4

  • These resources offer further information on the subject of passphrase security.

Pre-requisites

  1. Git source code versioning system

https://git-scm.com/book/en/v2/Getting-Started-Installing-Git

  1. Rust programming language Official install guide

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

To insure it was installed correctly type the following commands and make sure you get a successful output:

rustc --version
cargo --version

Build

From a terminal:

  1. Clone this repository

git clone https://github.com/mtelahun/sppg.git

  1. Change into the cloned directory and type:

cargo run --release

Installation

To install this package switch to the root of repository directory and type:

cargo install --path .

Use

Usage: sppg [OPTIONS]

Options:
  -e, --eff                        Use EFF wordlist
  -n, --num-of-pass <NUM_OF_PASS>  Number of phrases to output [default: 6]
  -w, --word-count <WORD_COUNT>    Number of words in a phrase [default: 5]
  -c, --use-capital-char           Convert one letter at random to uppercase
  -s, --use-special-char           Insert one special character at random
  -q, --quality                    Implies -c and -s
  -S, --separator <SEPARATOR>      Use SEPARATOR (instead of ' ') to separate words
  -h, --help                       Print help
  -V, --version                    Print version

sppg's People

Contributors

dependabot[bot] avatar mtelahun avatar

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.