mkpass is a tool for securely generating passphrases in a preferred format.
By default it targets a minimum of 72-bits of entropy, corresponding to an average cracking time of 75 years at 1 trillion guesses per second.
Bundled formats include:
- eff — EFF Diceware (default)
- diceware — Traditional Diceware
- beale — Alan Beale's Diceware (linked above)
- koremutake — Shorl.com's Koremutake
Additionally a range of traditional non-word based formats are included for generating alphanumeric passwords, PINs, etc, and custom word lists can also be used.
Passwords are selected using the OS random number generator (/dev/urandom,
getrandom(), getentropy(), RtlGenRandom, etc) via Rust's
rand::OsRng (using getrandom) and sampled with its
uniform distribution API.
Alternatively you can use the --dice argument to use any dice with between 2
and 144 sides as a random number generator. Rolls will be efficiently mapped to
passphrases using an implimentation of this algorithm.
Diceware is designed for use with a d6, rolling five times per word. This approach allows for the use of, for example, d20 typically rolling just three times, or d100 rolling just twice.
Note this support is experimental.
Generate reasonably secure passwords.
Use your operating system's cryptographic random number generator, or any dice
you have lying around, to create secure passwords without human bias.
Usage: mkpass [OPTIONS]
Options:
-v, --verbose
Activate verbose mode
-s, --separator <SEPARATOR>
Word separator
-c, --count <COUNT>
Number of passwords to generate
[default: 1]
-b, --bits <BITS>
Password strength target, 2^n
[default: 72]
-l, --length <LENGTH>
Password length (overrides bits target)
-f, --file <PATH>
External dictionary, line-separated
-d, --dictionary <DICTIONARY>
Built-in dictionary
[default: eff]
[possible values: eff, eff-short1, eff-short2, diceware, beale, alpha,
mixedalpha, mixedalphanumeric, alphanumeric, pin, hex, printable,
koremutake]
--dice <SIDES>
Manually use dice for randomness.
-D, --list-dictionaries
Describe built-in dictionaries
--dump
Dump the selected dictionary to stdout and exit
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
# generate 5 passphrases in verbose mode
-% mkpass -n 5 -v
# Dictionary: eff
# Description: EFF Long Wordlist https://www.eff.org/dice
# Combinations: 7776^6 = 221073919720733357899776
# Entropy: 77.55 bits (very strong)
#
# Attack time estimate:
# Online, unthrottled (10/s): trillions of years
# Online, throttled (100/h): trillions of years
# Offline, slow (1e4/s): 701 billion years
# Offline, fast (1e10/s): 701 minnennia
# Offline, extreme (1e12/s): 7 minnennia
#
skyline skimming vacant removable reunion critter
sudden ungloved footsie spectrum vision sixtieth
data husband wobbling enroll ultra pacifier
clay glamorous unnamed blast jockey astrology
shakily sprint crafty mortuary kept nanometer
# generate a 2-word EFF passphrase using a d20
-% mkpass --dice 20 -l 2
WARNING: Dice support is experimental.
Enter a dice roll, 1-20: 14
Enter a dice roll, 1-20: 6
Enter a dice roll, 1-20: 20
Enter a dice roll, 1-20: 11
Enter a dice roll, 1-20: 9
Enter a dice roll, 1-20: 1
referee paralyze
# generate a 128-bit passphrase from the system dictionary
-% mkpass -f /usr/share/dict/words -b 128
cleruchy fructose pierine catchpole espathate refigure kinbote nonpreformed
# generate a password using "koremutake" phonetics, with - as a separator
-% mkpass -d koremutake -s -
fri-vo-pu-tu-va-fre-fo-tre-dry-dri-ba