ambrose
/
pword
mirror of https://github.com/serverwentdown/pword.git
1
0
Fork 0
Code Releases Activity
9 Commits
1 Branch
0 Tags
86 KiB
Go 100%
 
Go to file
Ambrose Chua 9c59e844d7 Create LICENSE 2017-10-09 18:32:10 +08:00
pw Go fmt 2017-10-07 16:27:46 +08:00
.gitignore Initial commit 2017-07-17 12:16:19 +08:00
LICENSE Create LICENSE 2017-10-09 18:32:10 +08:00
README.md Initial library docs 2017-07-17 17:37:31 +08:00
pword.go Go fmt 2017-10-07 16:27:46 +08:00

README.md

pword

Generate secure passwords.

Overview

pword is a utility to generate strong passwords that are memorable.

$ pword online
wipeout doorstep copier announcer
pantyhose drainpipe wikipedia glycerin
remote receipt aidless ladder
makeover tattoo generator yogurt

It is based on the concept behind XKCD 936 and XKCD-password-generator. It makes use of EFF's typo-tolerant wordlist to provide live autocomplete.

CLI Usage

$ pword help
NAME:
   pword - generate secure passwords

USAGE:
   pword [global options] command [command options] [arguments...]

VERSION:
   0.1.0

COMMANDS:
     online   Generates passwords for use on websites
     offline  Generates passwords for use offline (laptops, encrypted drives)
     crypto   Generates extremely secure passwords
     recall   Utility with autocomplete to help you recall passwords
     help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --count NUM, -c NUM  Generates NUM passwords for you to choose from (default: "auto")
   -1                   Equivalent to --count 1
   --stronger           Chooses from a list of 7,776 words instead
   --help, -h           show help
   --version, -v        print the version

Library Usage

WIP

import "github.com/serverwentdown/pword/pw"

Modes

Online

This mode generates a 4-word password from the 1,296-word list. The number of possible combinations would be

1,296 ^ 4 = 2,821,109,907,456

If an attacker could brute-force passwords on a website at 1,000 requests/second (where he would definitely hit rate limits), it would take about

2,821,109,907,456 / 1000 / 60 / 60 / 24 / 365 = 89.46

years to crack it. This is secure enough for online websites.

Offline

This mode generates a 6-word password. This equates to

1,296 ^ 6 = 4,738,381,338,321,616,896

possible combinations. With the MD5 hash and 8 Nvidia GTX 1080 GPUs cracking the password would take about

4,738,381,338,321,616,896 / 25,000,000,000 / 60 / 60 / 24 / 365 = 6.010

years to crack. That would cost the attacker a lot of energy. If the password was hashed using SHA512 it would take about

4,738,381,338,321,616,896 / 1,100,000,000 / 60 / 60 / 24 / 365 = 136.6

years to crack. This is definitely secure enough for offline use (your laptop's password, encrypted drive)

Crypto

This mode generates a 8-word password. There would be

1,296 ^ 8 = 7,958,661,109,946,400,884,391,936

possible combinations, and would take about

7,958,661,109,946,400,884,391,936 / 1,100,000,000 / 60 / 60 / 24 / 365 = 229400000

years to crack. If someone were to sponsor 8000 Nvidia GTX 1080 GPUs, it will still take a huge number of years to crack.