Passphrase is a tool to generate cryptographically secure passphrases and passwords. A passphrase is a list of words usually separated by a blank space. This tool acts like a diceware generator (more about this in EFF's website).
Its security is based on Python's os.urandom to get cryptographically secure random bits to make an integer number. It also makes use of the EFF's Large Wordlist as words reference for passphrases.
Who is this tool for: Passphrase is a library and a CLI tool, thus its intended audience are developers and advanced users that love to use the terminal :)
A secure passphrase must be of at least 6 words, but 7 is better, and
maybe you can add a random number to the list. If you need a password,
make it bigger than 8 characters (NIST's latest
recommendation),
and prefer more than 12 (I recommend 16 or more). Passwords are
comprised of digits, upper and lowercase letters and punctuation symbols
- more specifically: ascii_lowercase, ascii_uppercase,
digits and punctuation from
Lib/string
-.
Those settings mentioned are specifically for the EFF's Large Wordlist. If you specify a different wordlist, the minimum amount of words for a passphrase to be secure changes: for shorter lists, the amount increases. The minimum secure amount of words (for a passphrase) or characters (for a password) are calculated by Passphrase and a warning is shown if the chosen number is too low (when used as a script), by calculating the list's entropy.
Important note: the quality and security of generated passphrases rely on:
- the OS-specific randomness source, and
- the quality of the wordlist.
If you are not sure which wordlist to use, just use the one provided by Passphrase (it is used by default when running as a script) or one of the EFF's wordlists (check at about the middle of this blog post).
- Python 3.5+.
You can also use `pip <https://pypi.python.org/pypi/hc-passphrase>`__ but I discourage it, given that there's no cryptographic verification of signatures nor hashes at all.
Check the developers guide.
Once downloaded and verified, you can install it with
setup.py install or make package-install but I recommend you do
make install for system-wide installation or make altinstall for
user-wide installation, as it will create a single executable zip file
plus install the man page.
To uninstall, run respectively make package-uninstall,
make uninstall or make altuninstall.
Another option is to run pip install --user hc-passphrase (for
user-wide installation) or pip install hc-passphrase (for
system-wide installation), but I advise against this way given that pip
doesn't do any cryptographic verification of signatures nor hashes at
all.
Check the man page for more information.
Generally, you should rely on Passphrase's entropy calculation instead of fixing a desired amount, unless you specifically need some length/word amount. The default entropy is 77 bits, and using over 128 bits is a wiser choice on the long term.
:~$ passphrase trophy affiliate clobber vivacious aspect thickness
:~$ passphrase -e 128 shorty collie prison reopen barge morally flavoring shifter scarcity perfume
:~$ passphrase -w 6 -n 1 jasmine identity chemo suave clerk copartner 853727
:~$ passphrase -w 6 --use-uppercase 5 LiTmus cocoa littEr equation uNwrapped sibliNg
:~$ passphrase -w 6 --use-lowercase 5 MOrTUARY SIesTa MAKEOVER CURABLE JET MARSHy
:~$ passphrase -p 16 E`31nDL0^$oYu5='
:~$ passphrase -p 8 --use-lowercase --use-uppercase --use-digits Warning: Insecure password length chosen! Should be bigger than or equal to 13 7wmivbmR :~$ passphrase -p 8 --use-alphanumeric Warning: Insecure password length chosen! Should be bigger than or equal to 13 ipLdqmGU
:~$ passphrase -p --use-lowercase yafwodlcbfumtfsbb :~$ passphrase -p --use-lowercase -e 128 fbwzekpmmridyapdouvejmlzlrjn
:~$ passphrase -i eff_short_wordlist_1_1column.txt wimp broke dash pasta zebra viral outer clasp :~$ passphrase -d -i eff_short_wordlist_1.txt mouse trend coach stain shut rhyme baggy scale
:~$ passphrase -o pass.txt :~$ passphrase > pass.txt
:~$ sha256sum somefile.txt 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 somefile.txt :~$ passphrase --no-newline -o pass.txt | gpg --symmetric --batch --passphrase-fd 0 somefile.txt :~$ cat pass.txt | gpg --decrypt --batch --passphrase-fd 0 somefile.txt.gpg | sha256sum - gpg: AES256 encrypted data gpg: encrypted with 1 passphrase 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 -
Generate a passphrase avoiding shoulder surfing
:~$ passphrase -m -o pass.txt
:~$ passphrase -v
Passphrase v1.1.3
by HacKan (https://hackan.net) FOSS under GNU GPL v3.0 or newer
Using 77 bits of entropy for calculations (if any). The minimum recommended is 77
Generating a passphrase of 6 words and 0 numbers using internal wordlist
The entropy of this passphrase is 77.55 bits
porridge browse undertone credibly underline gullible
:~$ passphrase -v -p
Passphrase v1.1.3
by HacKan (https://hackan.net) FOSS under GNU GPL v3.0 or newer
Using 77 bits of entropy for calculations (if any). The minimum recommended is 77
Generating password of 12 characters long using uppercase characters, lowercase characters, digits, punctuation characters
The entropy of this password is 78.66 bits
ZJN(Lvy{D'9H
os.urandom, which always
provides an interface to the OS's cryptographically secure random
generator. The whole program is quite big, but most of it is just the
menues and the word list.Passphrase::generate() and Passphrase::generate_password().
The lower level functions are in
passphrase.random,
which directly uses os.urandom; higher level functions are in
passphrase.secrets,
that provides a convenient interface to those low level functions, so
that implementation errors are avoided.passphrase.secrets.randbelow(), that
returns a random natural number lower than the given value, that is
then used as index for the word or character list by
passphrase.secrets.randchoice(), function used by the generators.randbelow() and randint() where copyied from Python's
Lib/random, but trimmed down so that they don't allow anything fishy.
This also makes Passphrase independent from unnecessary libraries
and potential external vulnerabilities.The algorithms are very straight forward, easy to understand and verify. Boring crypto is the best crypto.
Let's analyze some possible attack scenarios and its mitigations. If you want to add something or you see a mistake, please write an issue.
TL;DR: game over.
An attacker that is root can do whatever it wants, so it's out of the scope of this analysis.
If it can modify the source code somehow, or the default wordlist, it's also game over since a software that succesfully checks itself doesn't exist yet. However, it could be mitigated by placing the files under the ownership of some privileged user (root).
Passphrase doesn't require any external library, just Python 3 core.
I realize at some point that the library was taking waaay longer to work than before (I solved it in 2c0eb8b), so I decided to measure each version runtime from now on. So here's the runtime table for each tag:
| Version (tag) | Runtime (ms) | Relative Runtime | Runtime Change Between Versions |
|---|---|---|---|
| v0.2.3 | 43.1 | 1.00 | +0% |
| v0.2.3-1 | 41.2 | 0.96 | -4% |
| v0.3.0 | 39.1 | 0.91 | -5% |
| v0.4.1 | 107 | 2.48 | +174% |
| v0.4.2 | 105 | 2.43 | -2% |
| v0.4.4 | 105 | 2.43 | +0% |
| v0.4.5 | 30.7 | 0.71 | -71% |
| v0.4.7 | 30.6 | 0.71 | -0% |
| v0.4.8 | 35.6 | 0.83 | +16% |
| v0.5.0 | 35.6 | 0.83 | +0% |
| v0.5.1 | 37.5 | 0.87 | +5% |
| v1.0.0 | 37.3 | 0.87 | -0% |
- newer than v0.4.5, run:
make timeit. - older than v0.4.5, run
python3 -m timeit -n 100 -r 10 -s 'import os' 'os.system("python3 -m passphrase -w6 -q")'. - older than v0.4, run:
python3 -m timeit -n 100 -r 10 -s 'import os' 'os.system("python3 src/passphrase.py -w6 -q")'.
Passphrase is made by HacKan under GNU GPL v3.0+. You are free to use, share, modify and share modifications under the terms of that license.
Copyright (C) 2017 HacKan (https://hackan.net) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.