111 lines
2.9 KiB
Markdown
111 lines
2.9 KiB
Markdown
|
|
# pword
|
|
|
|
Generate secure passwords.
|
|
|
|
# Overview
|
|
|
|
`pword` is a utility to generate strong passwords that are memorable.
|
|
|
|
```
|
|
$ pword online
|
|
wipeout doorstep copier announcer
|
|
pantyhose drainpipe wikipedia glycerin
|
|
remote receipt aidless ladder
|
|
makeover tattoo generator yogurt
|
|
```
|
|
|
|
It is based on the concept behind [XKCD 936](https://xkcd.com/936/) and [XKCD-password-generator](https://github.com/redacted/XKCD-password-generator). It makes use of [EFF's typo-tolerant wordlist](https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases) to provide live autocomplete.
|
|
|
|
# CLI Usage
|
|
|
|
```
|
|
$ pword help
|
|
NAME:
|
|
pword - generate secure passwords
|
|
|
|
USAGE:
|
|
pword [global options] command [command options] [arguments...]
|
|
|
|
VERSION:
|
|
0.1.0
|
|
|
|
COMMANDS:
|
|
online Generates passwords for use on websites
|
|
offline Generates passwords for use offline (laptops, encrypted drives)
|
|
crypto Generates extremely secure passwords
|
|
recall Utility with autocomplete to help you recall passwords
|
|
help, h Shows a list of commands or help for one command
|
|
|
|
GLOBAL OPTIONS:
|
|
--count NUM, -c NUM Generates NUM passwords for you to choose from (default: "auto")
|
|
-1 Equivalent to --count 1
|
|
--stronger Chooses from a list of 7,776 words instead
|
|
--help, -h show help
|
|
--version, -v print the version
|
|
```
|
|
|
|
# Library Usage
|
|
|
|
WIP
|
|
|
|
```
|
|
import "github.com/serverwentdown/pword/pw"
|
|
```
|
|
|
|
# Modes
|
|
|
|
## Online
|
|
|
|
This mode generates a 4-word password from the 1,296-word list. The number of possible combinations would be
|
|
|
|
```
|
|
1,296 ^ 4 = 2,821,109,907,456
|
|
```
|
|
|
|
If an attacker could brute-force passwords on a website at 1,000 requests/second (where he would definitely hit rate limits), it would take about
|
|
|
|
```
|
|
2,821,109,907,456 / 1000 / 60 / 60 / 24 / 365 = 89.46
|
|
```
|
|
|
|
years to crack it. This is secure enough for online websites.
|
|
|
|
## Offline
|
|
|
|
This mode generates a 6-word password. This equates to
|
|
|
|
```
|
|
1,296 ^ 6 = 4,738,381,338,321,616,896
|
|
```
|
|
|
|
possible combinations. With the MD5 hash and [8 Nvidia GTX 1080 GPUs](https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40) cracking the password would take about
|
|
|
|
```
|
|
4,738,381,338,321,616,896 / 25,000,000,000 / 60 / 60 / 24 / 365 = 6.010
|
|
```
|
|
|
|
years to crack. That would cost the attacker a lot of energy. If the password was hashed using SHA512 it would take about
|
|
|
|
```
|
|
4,738,381,338,321,616,896 / 1,100,000,000 / 60 / 60 / 24 / 365 = 136.6
|
|
```
|
|
|
|
years to crack. This is definitely secure enough for offline use (your laptop's password, encrypted drive)
|
|
|
|
## Crypto
|
|
|
|
This mode generates a 8-word password. There would be
|
|
|
|
```
|
|
1,296 ^ 8 = 7,958,661,109,946,400,884,391,936
|
|
```
|
|
|
|
possible combinations, and would take about
|
|
|
|
```
|
|
7,958,661,109,946,400,884,391,936 / 1,100,000,000 / 60 / 60 / 24 / 365 = 229400000
|
|
```
|
|
|
|
years to crack. If someone were to sponsor 8000 Nvidia GTX 1080 GPUs, it will still take a huge number of years to crack.
|