mkpass - make a passphrase
mkpass is a tool for securely generating passphrases in a preferred format.
By default it targets a minimum of 72-bits of entropy, corresponding to an average cracking time of 75 years at 1 trillion guesses per second.
Bundled formats include:
- eff — EFF Diceware (default)
- diceware — Traditional Diceware
- beale — Alan Beale's Diceware (linked above)
- koremutake — Shorl.com's Koremutake
Additionally a range of traditional non-word based formats are included for generating alphanumeric passwords, PINs, etc, and custom word lists can also be used.
Passwords are selected using the OS random number generator (
RtlGenRandom, etc) via Rust's
rand::OsRng (using getrandom) and sampled with its
uniform distribution API.
Alternatively you can use the
--dice argument to use any dice with between 2
and 144 sides as a random number generator. Rolls will be efficiently mapped to
passphrases using an implimentation of this algorithm.
Diceware is designed for use with a d6, rolling five times per word. This approach allows for the use of, for example, d20 typically rolling just three times, or d100 rolling just twice.
Note this support is experimental.
Generate reasonably secure passwords. Use your operating system's cryptographic random number generator, or any dice you have lying around, to create secure passwords without human bias. Usage: mkpass [OPTIONS] Options: -v, --verbose Activate verbose mode -s, --separator <SEPARATOR> Word separator -c, --count <COUNT> Number of passwords to generate [default: 1] -b, --bits <BITS> Password strength target, 2^n [default: 72] -l, --length <LENGTH> Password length (overrides bits target) -f, --file <PATH> External dictionary, line-separated -d, --dictionary <DICTIONARY> Built-in dictionary [default: eff] [possible values: eff, eff-short1, eff-short2, diceware, beale, alpha, mixedalpha, mixedalphanumeric, alphanumeric, pin, hex, printable, koremutake] --dice <SIDES> Manually use dice for randomness. -D, --list-dictionaries Describe built-in dictionaries --dump Dump the selected dictionary to stdout and exit -h, --help Print help (see a summary with '-h') -V, --version Print version
# generate 5 passphrases in verbose mode -% mkpass -n 5 -v # Dictionary: eff # Description: EFF Long Wordlist https://www.eff.org/dice # Combinations: 7776^6 = 221073919720733357899776 # Entropy: 77.55 bits (very strong) # # Attack time estimate: # Online, unthrottled (10/s): trillions of years # Online, throttled (100/h): trillions of years # Offline, slow (1e4/s): 701 billion years # Offline, fast (1e10/s): 701 minnennia # Offline, extreme (1e12/s): 7 minnennia # skyline skimming vacant removable reunion critter sudden ungloved footsie spectrum vision sixtieth data husband wobbling enroll ultra pacifier clay glamorous unnamed blast jockey astrology shakily sprint crafty mortuary kept nanometer
# generate a 2-word EFF passphrase using a d20 -% mkpass --dice 20 -l 2 WARNING: Dice support is experimental. Enter a dice roll, 1-20: 14 Enter a dice roll, 1-20: 6 Enter a dice roll, 1-20: 20 Enter a dice roll, 1-20: 11 Enter a dice roll, 1-20: 9 Enter a dice roll, 1-20: 1 referee paralyze
# generate a 128-bit passphrase from the system dictionary -% mkpass -f /usr/share/dict/words -b 128 cleruchy fructose pierine catchpole espathate refigure kinbote nonpreformed
# generate a password using "koremutake" phonetics, with - as a separator -% mkpass -d koremutake -s - fri-vo-pu-tu-va-fre-fo-tre-dry-dri-ba