A pass extension to generate passwords using the diceware method
Generate and insert a passhprase of 6 words:
$ pass diceware Email/example.com 6
To install system-wide, run
$ sudo make install
To install for user only, run
$ cp diceware.bash $HOME/.password-store/.extensions $ cp diceware.wordlist.asc $HOME/.password-store/.extensions
pass does not run extensions installed by the user; you'll need to add the following line to your
.bashrc in order to tell it to enable them:
Use your own diceware file
$ pass diceware --diceware-file diceware.wordlist.asc Email/example.com 6
The default behaviour is to try to use one of the following two files, in this order:
So, if you want to override the default file, regardless of whether you have a system-wide install or a user install, just save your own diceware file as
$HOME/.password-store/.extensions/diceware.wordlist.asc (you must rename it to
The only absoutely secure method to generate a diceware passphrase is to throw a casino die on a hard surface in an empty roon with the curtains closed and never write it down.
This program generates passwords (essentially) by running
cat diceware.wordlist.asc | shuf LENGTH. The
shuf program uses entropy from
/dev/urandom, which should be secure enough for most purposes. It's what
pass generate uses anyway.
If the provided diceware wordlist begins with
-----BEGIN PGP SIGNED MESSAGE-----, i.e. is clearsigned with gpg, it will be verified with
gpg --verify and the result will be printed on screen.
If no signature is found, the program will print a warning. It is recommended to use a signed file to ensure the word list has not been tampered with. The file provided in this repo (and used by default) has been signed by me, as I found the original signature to be invalid.