Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Generate pass phrases using Diceware method
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
pydiceware: Python Diceware(r) pass phrase generator ==================================================== About ===== This script generates pass phrases according to the Diceware(r) method. It uses os.urandom() for cryptographically secure random number generators and ensures homogeneous sampling of the word lists. Upon loading a word list, it is first checked for integrity: 1. Limit maximum word length (to ensure we can remember it) 2. Check for duplicate words 3. Check brute-force entropy of word list (i.e. the number of unique characters used, approximately weighted to their occurrence) For the last point, we check the spread of characters used in the word list. Since not all characters occur equally, this reduces the entropy of the naive log2(26) (for lower case alphabetic pass phrases). The script counts the occurrence of each character, and checks how many characters occur more frequently than the mean. This is not exactly correct, but should pick out really bad word lists. Pass phrase entropy ------------------- ### Diceware(r) vs brute-force When generating a password, the entropy is in principle log2(len(wordlist)) * #words. For Diceware(r) word lists, the word list length is 5**6 = 7776, such that the entropy of each word is log2(7776) = 12.9 bits. For a lower case pass phrase consisting of only letters, the entropy is log2(#chars) * len(pass phrase), where #chars is the character space (N.B. read above). In the rare case that the pass phrase is particularly short, the character space is less than the word list space, i.e. log2(#chars) * len(pass phrase) < log2(len(wordlist)) * #words In such cases, the script re-generates a new password automatically. ### Pass phrase knowledge When using spaces in the pass phrase (which is in general not recommended), this could be overheard due to the distinct sound of the space bar. In those cases, an adversary knows both how many words are used and how long these words are. In this case, the entropy is reduced to: product(log2(#len(word)) for word in passphrase), i.e. the product of the log2 of the number of words of a certain length. If the word length used are isotropic, this means there are not 6**5 but only 6**5/7 words possible, reducing the entropy by a factor log(6**5) / log(6**5/7) == 1.28 where each word contributes log2(6**5/7) = 10.1 bits instead of log2(6**5/7) = 12.9 bits such that a 6-word pass phrase would be 60.7 bits instead of 77.5 bits. Since spaces themselves only add 1 bit (spaces or not), from a security perspective these are better left out. Random numbers -------------- Paramount to a secure pass phrase is a proper method to generate random numbers. Using dice is a safe solution to this as they are simple yet effective, and hardware or software random number generators might be subverted or weakened. Therefore, the most secure way to generate pass phrases is printing out the full word list and using dice to choose the words. However, this script also checks the integrity of the word list, such that it provides additional protection against weakened word lists. Word lists ---------- Word lists are not supplied with the script, although it can fetch scripts from the Diceware(r) homepage with --fetch. Some other sources for word lists: - https://en.wiktionary.org/wiki/Wiktionary:Frequency_lists/PG/2006/04/1-10000 Usage ===== ./pydiceware --help Version history =============== ## 20131110 - Extended README on RNGs ## 20131102 - Initial release License ======= Copyright 2013 Tim van Werkhoven (email@example.com). This file is licensed under the Creative Commons Attribution-Share Alike license versions 3.0 or higher, see http://creativecommons.org/licenses/by-sa/3.0/ References ==========  "Diceware Passphrase Home" http://world.std.com/~reinhold/diceware.html  "Diceware -- Wikipedia, the free encyclopedia" http://en.wikipedia.org/wiki/Diceware  "15.1. os — Miscellaneous operating system interfaces - Python v2.7.6 documentation" http://docs.python.org/2/library/os#os.urandom  "How reliable is a password strength checker?" http://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker/2693#2693  "XKCD #936: Short complex password, or long dictionary passphrase?" http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase  "Random number generator attack -- Wikipedia, the free encyclopedia" https://en.wikipedia.org/wiki/Random_number_generator_attack  "Linux RNG May Be Insecure After All - Slashdot" http://it.slashdot.org/story/13/10/14/2318211/linux-rng-may-be-insecure-after-all  "Cryptanalytic Attacks on Pseudorandom Number Generators" https://www.schneier.com/paper-prngs.html