- Go 95.2%
- Just 3.4%
- Dockerfile 1.4%
| | ||
|---|---|---|
| api | ||
| assets | ||
| bin | ||
| command | ||
| config | ||
| corpus | ||
| embedded_licenses | ||
| entropy | ||
| generate | ||
| .gitignore | ||
| docker-compose.yml | ||
| Dockerfile | ||
| EMBEDDED_LICENCES | ||
| go.mod | ||
| go.sum | ||
| justfile | ||
| LICENSE | ||
| main.go | ||
| README.md | ||
gophrase
CLI diceware passphrase generator written in Go
About Diceware Passwords
Diceware is a method that allows anyone to use ordinary dice to generate an easy to remember passphrase from a list of words using only dice. The original creator was Arnold Reinhold. Passwords generated in this way possess about 12.9 bits of entropy per word if the attacker knows Diceware was the method used, the list, and the word length. Less information can yield higher passphrase entropy.
About Entropy
Entropy is essentially a measure of how unpredictable a password is.
The below chart is a good metric of password strength based on entropy.
< 28 bits = Very Weak; might keep out family members
28 - 35 bits = Weak; should keep out most people, often good for desktop login passwords
36 - 59 bits = Reasonable; fairly secure passwords for network and company
60 - 127 bits = Strong; can be good for guarding financial information
128+ bits = Very Strong; often overkill (Pleacher)
Gophrase Usage
Call the bin file and pass a number that represents the number of words you would like your phrase to be. Gophrase defaults to a three word passphrase with no capitalization, special characters or numbers.
Ex: gophrase gen will yield a passphrase using the default size. Ex: gophrase gen 6 will yield a six word passphrase
The current recommendation for secure passwords is a passphrase of at least six words.
If you want to switch the word list simply pass the letter a, b, c, or d after the number of words. Ex: gophrase gen 3 d
Note: If changing the default passphrase length, wordlist must be the second argument.
Options
a = EFF short word list 2
b = EFF short word list 1
c = EFF large word list
d = Reinhold word list
Flags
-c Adds capital letters to the passphrase
-n Adds numbers to the passphrase
-s Adds special characters to the passphrase
Ex: gophrase gen -n -s -c will generate a three word passphrase with numbers, special characters, and capitals.
The order of the flags does not matter but the flags must be passed before the arguments gophrase gen -s 5.
Corpus
This passphrase defaults to the Electronic Frontier Foundation's short word list that uses only words that have unique three-character prefixes. If you're interested I would recommend reading the EFF's post on their word lists. There are 4 lists to choose from, if you opt for the Reinhold list it's possible you will have numbers in the generated password. If you don't want numbers or special characters, the other lists should work for you.
Further Reading
https://theworld.com/~reinhold/diceware.html
https://www.pleacher.com/mp/mlessons/algebra/entropy.html
Usage in Production Environments
This is the use at your own risk warning.
Timing Attack
As this program uses the math/rand package and not the crypto/rand package, I would avoid production environments because of the possibility of being subject to a timing attack. That being said, security is all about threat models, and most users who need a quick simple password aren't being actively targeted on their machines.
Replacing the math/rand with crypto/rand isn't out of the picture, it's just not a priority at the moment.
API/Web Applications
The API allows you to both generate a passphrase and submit a passphrase for evaluation on its entropy. This entails sending and recieving data from the server, so proceed with caution. This application does not use cookies or track anything submitted to it, but being aware of how data moves is helpful.