Repository files navigation

Generate passphrases using any of the following wordlists:

• thewordlists for random passphrases made by the EFF
• BIP39

The EFF wordlists consist of words that are easy to type and easy to remember.

By default, passphrases generated bypgen consist of twelve wordsrandomly selected from the autocomplete-optimized wordlist. Be sure toread the article to learn about the difference between thedifferent wordlists provided by the EFF.

These are some examples of generated passphrases:

• gimmick saffron nirvana superstore voicemail dedicate guacamole oftentimes dwindling kingdom shuttle upright
• bobcat pulley yearbook nectar krypton pesticide relic sauna detergent amnesty dishcloth tapestry
• porcupine identical occupation oxidize avalanche celery vaporizer dastardly vicinity enlarged hatchling urethane

• Usage
  • Options and arguments
• How many bits of entropy does your passphrase need?
• Is a CSPRNG really needed here?
• Installation

pgen [-d] [-w <USE_WLIST>] [-n <n>] [-k <k>] [-e]pgen -h | --helppgen -V | --version

-w Specify wordlist to use.

• eff-autocomplete (default): UseEFF's Short Wordlist #2

  Features:

  • Each word has a unique three-character prefix. This means that software couldauto-complete words in the passphrase after the user has typed the first three characters.
  • All words are at least an edit distance of 3 apart. This means that software couldcorrect any single typo in the user's passphrase (and in many cases more than one typo).

  Details:

  • Deep Dive: EFF's New Wordlists for Random Passphrases (2016)
  • https://www.eff.org/dice

• eff-long: UseEFF's Long Wordlist

  Recommended for the creation of memorable passphrases since the increased number of words,as well as the greater effective word length, allows for good entropy with a lower amountof words compared to for example the autocomplete-optimized short wordlist.

  Features:

  • Contains words that are easy to type and remember.
  • Built from a list of words that prioritizes the most recognized wordsand then the most concrete words.
  • Manually checked by EFF and attempted to remove as many profane, insulting, sensitive,or emotionally-charged words as possible, and also filtered based on several publiclists of vulgar English words.

  Details:

  • Deep Dive: EFF's New Wordlists for Random Passphrases (2016)
  • https://www.eff.org/dice

• eff-short: UseEFF's Short Wordlist #1

  Features:

  • Designed to include the 1,296 most memorable and distinct words.

  Details:

  • Deep Dive: EFF's New Wordlists for Random Passphrases (2016)
  • https://www.eff.org/dice

• bip39: UseBIP39 wordlist

  Details:

  • BIP39
  • https://en.bitcoin.it/wiki/Seed_phrase

-n Specify the number of words to usen. Default value:

• Twelve (12) words if any of the short wordlists are being used.
• Ten (10) words if the large wordlist is being used.

-k Specify the number of passphrases to generatek. Default value: 1.

-e Calculate and print the entropy for the passphrase(s) that would begenerated with the given settings. What is password entropy?Entropy is a measure of what the password could have been, so it relates to the selection process.

--dice Use physical six-sided dice instead of letting the computer pickwords. Useful in case you distrust the ability or willingness ofyour computer to generate "sufficiently random" numbers.

-h,--help Show help and exit.

-V,--version Print version information and exit.

How many bits of entropy should your passphrase consist of?

Looking atthe article about password strength on Wikipedia, you willfind that the following is said:

The minimum number of bits of entropy needed for a password dependson the threat model for the given application. Ifkey stretchingis not used, passwords with more entropy are needed.RFC 4086, "Randomness Requirementsfor Security", presents some example threat models and how to calculatethe entropy desired for each one. Their answers vary between 29 bitsof entropy needed if only online attacks are expected, and up to 128 bitsof entropy needed for important cryptographic keys used in applicationslike encryption where the password or key needs to be secure for a longperiod of time and stretching isn't applicable.

In the case of web services such as webmail, social networks, etc.,given that historically we have seen password databases leaked, whereweak hashing algorithms such as MD5 were used, it is the opinion of theauthor that the neighbourhood of 128 bits of entropy is in factan appropriate default for such use.

When calculating the entropy of a password or a passphrase,one must assume that the password generation procedure is known to the attacker.Hence with 12 words from either of the short wordlists, each of whichconsist of 1296 words, we get a password entropy of log2(1296^12) ~=124.08 bits. Similarily, with 10 words from the long wordlist (7776 words),we get a password entropy of log2(7776^10) ~= 129.25 bits.

Using a CSPRNG ensures uniform distribution of probability. This in turnensures that the password entropy calculations are correct. Hence it makessense to use a CSPRNG.

• lastresort(1) oncrates.io /GitHub

1. Install Rust.
2. Runcargo install -f pgen