• Stars
    star
    250
  • Rank 162,397 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 8 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A quick and simple cryptographically secure script to generate high entropy passphrases using EFF's wordlists

passphraseme

A quick and simple cryptographically secure script to generate high entropy passphrases using the Electronic Frontier Foundation's wordlists, including their fandom-inspired wordlists.

Installation

pip3 install passphraseme

Usage

Run passphraseme with a number to generate secure passphrases using EFF's short wordlist, like this:

$ passphraseme 7
plug-scan-skate-shown-ritzy-self-bud
$ passphraseme 5
drank-amino-spoil-badge-copy

You can also optionally choose a different wordlist. Here are all of the command line arguments:

Short Long Description
-h --help show help message
--sep Separator (default "-")
-l --large Use EFF's general large wordlist
-s1 --short1 Use EFF's general short wordlist (default)
-s2 --short2 Use EFF's short wordlist with unique prefixes
-got --game-of-thrones Use EFF's Game of Thrones wordlist (Passwords of Westeros)
-hp --harry-potter Use EFF's Harry Potter wordlist (Accio Passphrase!)
-st --star-trek Use EFF's Star Trek wordlist (Live Long and Passphrase)
-sw --star-wars Use EFF's Star Wars wordlist (The Passphrase Is Strong With This One)
-d [dictionary] --dictionary [dictionary] Custom wordlist filename

For example, you can choose to EFF's short wordlist with unique prefixes like this:

$ passphraseme -s2 5
leftover-human-podiatrist-clergyman-elk

Or you can embrace your inner nerd and use a fandom wordlist:

$ passphraseme --game-of-thrones 5
skull-putting-twenty-aid-bluntly
$ passphraseme --harry-potter 5
summoning-jealous-loads-somehow-unregistered
$ passphraseme --star-trek 5
destroying-maximum-radiation-yells-causes
$ passphraseme --star-wars 5
duels-zett-rock-silenced-blockade

You can also choose to use a custom wordlist, like this:

$ passphraseme -d /usr/share/dict/words 7
Sphinx's-congas-adjudge-revalue-scotched-decapitations-scampered

And if you prefer, you can use a custom separator, like or . instead of -:

$ passphraseme --sep " " 5
drown elder drown sport hula
$ passphraseme --sep . 5
stage.stash.speak.shack.pound

Strength of passphrases

This table shows the strength (bits of entropy) of passphraseme-generated passphrases of different lengths (1-10 words).

Bits of entropy/word 1 2 3 4 5 6 7 8 9 10
EFF large wordlist (default) 12.925 12.9 (0 s) 25.8 (0 s) 38.8 (0 s) 51.7 (1 h) 64.6 (1 y) 77.5 (10.6k y) 90.5 (82M y) 103.4 (642B y) 116.3 (4.99e15 y) 129.2 (3.88e19 y)
EFF short wordlists 10.339 10.3 (0 s) 20.7 (0 s) 31.0 (0 s) 41.4 (4 s) 51.7 (1 h) 62.0 (83 d) 72.4 (295 y) 82.7 (382.3k y) 93.1 (495M y) 103.4 (642B y)
EFF fandom wordlists 11.965 12.0 (0 s) 23.9 (0 s) 35.9 (0 s) 47.9 (6 m) 59.8 (17 d) 71.8 (196 y) 83.8 (787.1k y) 95.7 (3B y) 107.7 (1.26e13 y) 119.7 (5.04e16 y)

The brute force time is calculated like this:

I'm assuming you're using a passphrase for macOS 10.8+ (PBKDF2-SHA512) to encrypt your disk with FileVault. According to this post, the password cracking tool hashcat can guess 193,900 passphrases per second on an Amazon AWS p3.16xlarge instance, which costs $24.48 per hour.

If an attacker is willing to spend up to $1 billion per day to guess your passphrase, they can afford to run 1.7 million of these AWS instances at once, meaning they can guess ~330 billion passphrases per second. On average, a brute force attack will find the passphrase after searching half the keyspace, so the times above are how long it takes to search half the keyspace.

Note that the time "3.88e19 y" means "3.88 x 1019 years". Also note that the brute force times will vary wildly, both much quicker or much slower, depending on the hash function or KDF used -- basically, depending on what software you're using this passphrase with.

Check out calc_passphrase_strength.py to see the maths.

Licenses

The wordlists included were created by Electronic Frontier Foundation, and are distributed under the Creative Commons Attribution 3.0. For the fandom wordlists (Game of Thrones, Harry Potter, Star Trek, and Star Wars), EFF notes that "Any trademarks within the word list are the property of their respective trademark holders, who are not affiliated with the Electronic Frontier Foundation and do not sponsor or endorse these passwords."

More Repositories

1

semiphemeral

Automatically delete your old tweets, except for the ones you want to keep
Python
883
star
2

fixubuntu

fixubuntu.com
ApacheConf
275
star
3

hacks-leaks-and-revelations

Code that goes along with the Hacks, Leaks, and Revelations book
Python
99
star
4

phpass_crack

A password cracker for Portable PHP password hashes
Python
64
star
5

porcupine

A "web browser" that copies URLs to your clipboard
NSIS
47
star
6

trollwot

Trolling the Web of Trust
Perl
45
star
7

qube-apps

Install, run, and update apps without root and only in your home directory
Python
33
star
8

passphrases

Passphrases is a tool that helps you generate high-entropy passphrases and memorize them using a technique called spaced repetition
JavaScript
19
star
9

php_backdoor_scanner

A simple script that scans a webserver for suspicious looking php files
PHP
14
star
10

pidgin2gajim

Convert OTR keys from Pidgin format to Gajim format
Python
14
star
11

rustywidgets

An example program see how easy it is to make usable macOS GUI apps with rust and GTK+
Python
12
star
12

blueleaks-explorer

open source software for journalists to investigate all of the data in the BlueLeaks dataset
Vue
12
star
13

gab-social

Mirror of Gab Social, fork of Mastodon used by fascists, not quite up-to-date
JavaScript
10
star
14

qubes-keyboard

USB keyboard where keystrokes are end-to-end encrypted between the keyboard and dom0
9
star
15

skyscraper

Scrape posts from Bluesky, store them in a local database, and search them
JavaScript
9
star
16

linux_harden

CSS
8
star
17

fauxsig

simple script to help you be more confident in downloading files that don't have digital signatures
Shell
7
star
18

qubes-hacks

Python
5
star
19

dotfiles

Vim Script
5
star
20

hope_android

Android app for The Next HOPE
Java
5
star
21

quantum

code for Quantum Computing for Computer Scientists
Python
5
star
22

gopass

a password, passphrase, and passcode generator that uses a cryptographically secure random number generator
Go
5
star
23

semiphemeral.com

code for the now-defunct hosted semiphemeral.com tweet deleting service
Python
4
star
24

do-cli

A simple command line tool for listing, creating, and deleting DigitalOcean droplets
Python
4
star
25

hope9_android

Android app for HOPE Number 9
Java
4
star
26

fix-macosx

https://fix-macosx.com/
JavaScript
4
star
27

neuronbox

Usable local and private AI on your own computer
Python
3
star
28

supercipher

Experimental. Don't use yet.
Python
3
star
29

slides

Slides for my talks
3
star
30

discord-analysis

a web app to search discord chatrooms
Python
3
star
31

hope_iphone

iPhone app for The Next HOPE
JavaScript
3
star
32

onionshare-weblate

Weblate translations of OnionShare. Main OnionShare repo is at https://github.com/micahflee/onionshare
Python
3
star
33

check-dkim

A simple CLI script to verify DKIM signatures on EML files
Python
3
star
34

ctf-usable-crypto

Python
2
star
35

trollwot_gnupg

Fork of gnupg 1.4.13, available at http://www.gnupg.org/download/index.en.html
C
2
star
36

sigbin

Python
2
star
37

micahflee.github.io

HTML
1
star
38

cryptopals

Rust
1
star
39

civicrm-extension-stripe

CiviCRM extension for Stripe payment processor
PHP
1
star
40

hope_schedule

A scheduling web application for the Next HOPE
PHP
1
star
41

staticfp

Fingerprint the exact version of web apps based on their static resources.
Python
1
star
42

radslide

a simple wordpress plugin for adding slideshows to websites
PHP
1
star
43

mastodon-stats

Python
1
star