2017-07-17 03:17:49 +08:00
2017-07-17 00:47:24 +08:00
# pword
2017-07-17 03:17:49 +08:00
2017-07-17 00:47:24 +08:00
Generate secure passwords.
2017-07-17 03:17:49 +08:00
# Overview
`pword` is a utility to generate strong passwords that are memorable.
```
$ pword online
2017-07-17 17:32:14 +08:00
wipeout doorstep copier announcer
pantyhose drainpipe wikipedia glycerin
remote receipt aidless ladder
makeover tattoo generator yogurt
2017-07-17 03:17:49 +08:00
```
It is based on the concept behind [XKCD 936 ](https://xkcd.com/936/ ) and [XKCD-password-generator ](https://github.com/redacted/XKCD-password-generator ). It makes use of [EFF's typo-tolerant wordlist ](https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases ) to provide live autocomplete.
2017-07-17 17:37:31 +08:00
# CLI Usage
2017-07-17 03:17:49 +08:00
```
$ pword help
NAME:
2017-07-17 17:32:14 +08:00
pword - generate secure passwords
2017-07-17 03:17:49 +08:00
USAGE:
2017-07-17 17:32:14 +08:00
pword [global options] command [command options] [arguments...]
VERSION:
0.1.0
2017-07-17 03:17:49 +08:00
COMMANDS:
2017-07-17 17:32:14 +08:00
online Generates passwords for use on websites
offline Generates passwords for use offline (laptops, encrypted drives)
crypto Generates extremely secure passwords
recall Utility with autocomplete to help you recall passwords
help, h Shows a list of commands or help for one command
2017-07-17 03:17:49 +08:00
GLOBAL OPTIONS:
2017-07-17 17:32:14 +08:00
--count NUM, -c NUM Generates NUM passwords for you to choose from (default: "auto")
-1 Equivalent to --count 1
--stronger Chooses from a list of 7,776 words instead
--help, -h show help
--version, -v print the version
2017-07-17 03:17:49 +08:00
```
2017-07-17 17:37:31 +08:00
# Library Usage
WIP
```
import "github.com/serverwentdown/pword/pw"
```
2017-07-17 03:17:49 +08:00
# Modes
2017-07-17 03:19:25 +08:00
## Online
2017-07-17 03:17:49 +08:00
This mode generates a 4-word password from the 1,296-word list. The number of possible combinations would be
```
2017-07-17 03:19:25 +08:00
1,296 ^ 4 = 2,821,109,907,456
2017-07-17 03:17:49 +08:00
```
If an attacker could brute-force passwords on a website at 1,000 requests/second (where he would definitely hit rate limits), it would take about
```
2,821,109,907,456 / 1000 / 60 / 60 / 24 / 365 = 89.46
```
years to crack it. This is secure enough for online websites.
2017-07-17 03:19:25 +08:00
## Offline
2017-07-17 03:17:49 +08:00
This mode generates a 6-word password. This equates to
```
2017-07-17 03:19:25 +08:00
1,296 ^ 6 = 4,738,381,338,321,616,896
2017-07-17 03:17:49 +08:00
```
possible combinations. With the MD5 hash and [8 Nvidia GTX 1080 GPUs ](https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40 ) cracking the password would take about
```
4,738,381,338,321,616,896 / 25,000,000,000 / 60 / 60 / 24 / 365 = 6.010
```
years to crack. That would cost the attacker a lot of energy. If the password was hashed using SHA512 it would take about
```
4,738,381,338,321,616,896 / 1,100,000,000 / 60 / 60 / 24 / 365 = 136.6
```
years to crack. This is definitely secure enough for offline use (your laptop's password, encrypted drive)
2017-07-17 03:19:25 +08:00
## Crypto
2017-07-17 03:17:49 +08:00
This mode generates a 8-word password. There would be
```
2017-07-17 03:19:25 +08:00
1,296 ^ 8 = 7,958,661,109,946,400,884,391,936
2017-07-17 03:17:49 +08:00
```
possible combinations, and would take about
```
7,958,661,109,946,400,884,391,936 / 1,100,000,000 / 60 / 60 / 24 / 365 = 229400000
```
years to crack. If someone were to sponsor 8000 Nvidia GTX 1080 GPUs, it will still take a huge number of years to crack.
