A Password ToolKit
- Test the strength of a password. Estimate the time to break it, give customized advice and check the exposition in word lists.
- Generate one or more passwords. Advanced customization of characteristics.
- Generate one or more passphrases. Longer and easier to remember passwords. Advanced customization of characteristics.
- Generate a password from a phrase. Remember the sentence to remember the password.
- Show password security recommendations and sources used.
TKPass has been tested on Fedora, Ubuntu and Windows. Python 3.6+ is required.
In the same directory as tkp, use the following command to install dependencies:
python3 -m pip install -r requirements.txt
On Windows, replace python3
by py
.
In the TKPass repertory:
python3 tkp.py
Or execute it once you have given it the permissions:
sudo chmod +x tkp.py
./tkp.py
py tkp.py
To see the program usage:
./tkp.py --help
For example, to generate a password:
./tkp.py password
Or to check its strength:
./tkp.py check
For example, the default password generation settings, the files used, the automatic copy and many other things.
The zxcvbn module is used because it offers a realistic and advanced estimation of the security of a password. Read more here: https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation
The exposure report shows the correspondences between the terms of the loaded dictionaries and the password. All files in /dictionnaries/* are taken into account as word or password dictionaries exposed. This directory can be changed in the configuration file. You can also specify different files with the option --wordlist FILE [FILE ...] These files must contain one element (word, password) per line.
The 'more data (unused)' folder contains dictionary files available for use. By default, it is not used by TKPass. Download only the files you use because they are quite heavy.
Absolutely everything is done locally in the TKPass operations. The source code is easy enough to check review. Alternatively, you can enter a password with the same attributes.
The default password settings used is editable in the configuration file.
The python secret module is used to take advantage of the best random available on the operating system.
The --wordlist FILE option defines a specific file for the word source. The default file used (without the --wordlist option) is defined in the configuration file.
Help and feedback are welcome. Feel free to contribute on GitHub!