ambrose
/
pword
mirror of https://github.com/serverwentdown/pword.git
1
0
Fork 0
Code Releases Activity
2 Commits
1 Branch
0 Tags
86 KiB
Go 100%
 
Go to file
Ambrose Chua 2f38b671e6 Initial concept and README 2017-07-17 03:17:49 +08:00
README.md Initial concept and README 2017-07-17 03:17:49 +08:00

README.md

pword

Generate secure passwords.

Overview

pword is a utility to generate strong passwords that are memorable.

$ pword online
amiable obvious abdomen vogue
hexagon xerox collarbone syringes
double walrus judiciary olympics
enquirer mammal saltshaker guitar

It is based on the concept behind XKCD 936 and XKCD-password-generator. It makes use of EFF's typo-tolerant wordlist to provide live autocomplete.

Usage

$ pword help
NAME:
    pword - generate secure passwords

USAGE:
    greet command [options]

COMMANDS:
    help, h  Shows a list of commands or help for one command
    online   Generates passwords for use on websites
    offline  Generates passwords for use offline (laptops, encrypted drives)
    crypto   Generates extremely secure passwords
    recall   Utility with autocomplete to help you recall passwords

GLOBAL OPTIONS:
    --count NUM, -c NUM   Generates NUM passwords for you to choose from
	--one, -1             Equivalent to -c 1
    --stronger            Chooses from a list of 7,776 words

Modes

Online

This mode generates a 4-word password from the 1,296-word list. The number of possible combinations would be

1,296⁴ = 2,821,109,907,456

If an attacker could brute-force passwords on a website at 1,000 requests/second (where he would definitely hit rate limits), it would take about

2,821,109,907,456 / 1000 / 60 / 60 / 24 / 365 = 89.46

years to crack it. This is secure enough for online websites.

Offline

This mode generates a 6-word password. This equates to

1,296⁶ = 4,738,381,338,321,616,896

possible combinations. With the MD5 hash and 8 Nvidia GTX 1080 GPUs cracking the password would take about

4,738,381,338,321,616,896 / 25,000,000,000 / 60 / 60 / 24 / 365 = 6.010

years to crack. That would cost the attacker a lot of energy. If the password was hashed using SHA512 it would take about

4,738,381,338,321,616,896 / 1,100,000,000 / 60 / 60 / 24 / 365 = 136.6

years to crack. This is definitely secure enough for offline use (your laptop's password, encrypted drive)

Crypto

This mode generates a 8-word password. There would be

1,296⁸ = 7,958,661,109,946,400,884,391,936

possible combinations, and would take about

7,958,661,109,946,400,884,391,936 / 1,100,000,000 / 60 / 60 / 24 / 365 = 229400000

years to crack. If someone were to sponsor 8000 Nvidia GTX 1080 GPUs, it will still take a huge number of years to crack.