hc-passphrase 1.2.1

Generates cryptographically secure passphrases and passwords

Passphrase

Passphrase is a tool to generate cryptographically secure passphrases and passwords. A passphrase is a list of words usually separated by a blank space. This tool acts like a diceware generator (more about this in EFF’s website).

Its security is based on Python’s os.urandom to get cryptographically secure random bits to make an integer number. It also makes use of the EFF’s Large Wordlist as words reference for passphrases.

Who is this tool for: Passphrase is a library and a CLI tool, thus its intended audience are developers and advanced users that love to use the terminal :)

A secure passphrase must be of at least 6 words, but 7 is better, and maybe you can add a random number to the list. If you need a password, make it bigger than 8 characters (NIST’s latest recommendation), and prefer more than 12 (I recommend 16 or more). Passwords are comprised of digits, upper and lowercase letters and punctuation symbols - more specifically: ascii_lowercase, ascii_uppercase, digits and punctuation from Lib/string -.

Those settings mentioned are specifically for the EFF’s Large Wordlist. If you specify a different wordlist, the minimum amount of words for a passphrase to be secure changes: for shorter lists, the amount increases. The minimum secure amount of words (for a passphrase) or characters (for a password) are calculated by Passphrase and a warning is shown if the chosen number is too low (when used as a script), by calculating the list’s entropy.

Important note: the quality and security of generated passphrases rely on:

• the OS-specific randomness source, and

• the quality of the wordlist.

If you are not sure which wordlist to use, just use the one provided by Passphrase (it is used by default when running as a script) or one of the EFF’s wordlists (check at about the middle of this blog post).

Requirements

• Python 3.5+.

How to use it

Passphrase can be used as a package in other apps, or as a stand-alone script.

Start by downloading the files, preferrably fom the latest release - releases are always signed -.

You can also use `pip <https://pypi.python.org/pypi/hc-passphrase>`__ but I discourage it, given that there’s no cryptographic verification of signatures nor hashes at all.

As a package

Check the developers guide.

As a script

Once downloaded and verified, you can install it with setup.py install or make package-install but I recommend you do make install for system-wide installation or make altinstall for user-wide installation, as it will create a single executable zip file plus install the man page.

To uninstall, run respectively make package-uninstall, make uninstall or make altuninstall.

Another option is to run pip install --user hc-passphrase (for user-wide installation) or pip install hc-passphrase (for system-wide installation), but I advise against this way given that pip doesn’t do any cryptographic verification of signatures nor hashes at all.

Examples of use

Check the man page for more information.

Generally, you should rely on Passphrase’s entropy calculation instead of fixing a desired amount, unless you specifically need some length/word amount. The default entropy is 77 bits, and using over 128 bits is a wiser choice on the long term.

Generate a passphrase of 6 words (default settings)

:~$ passphrase
trophy affiliate clobber vivacious aspect thickness

Generate a passphrase of 128 bits of entropy

:~$ passphrase -e 128
shorty collie prison reopen barge morally flavoring shifter scarcity perfume

Generate a passphrase of 6 words and a number (minimum recommended)

:~$ passphrase -w 6 -n 1
jasmine identity chemo suave clerk copartner 853727

Generate a passphrase of 6 words with 5 characters uppercase

:~$ passphrase -w 6 --use-uppercase 5
LiTmus cocoa littEr equation uNwrapped sibliNg

Generate a passphrase of 6 words with 5 characters lowercase

:~$ passphrase -w 6 --use-lowercase 5
MOrTUARY SIesTa MAKEOVER CURABLE JET MARSHy

Generate a password of 16 characters (minimum recommended)

:~$ passphrase -p 16
E`31nDL0^$oYu5='

Generate a password of 8 alphanumeric characters only

:~$ passphrase -p 8 --use-lowercase --use-uppercase --use-digits
Warning: Insecure password length chosen! Should be bigger than or equal to 13
7wmivbmR
:~$ passphrase -p 8 --use-alphanumeric
Warning: Insecure password length chosen! Should be bigger than or equal to 13
ipLdqmGU

Generate a secure password of lowercase characters only

:~$ passphrase -p --use-lowercase
yafwodlcbfumtfsbb
:~$ passphrase -p --use-lowercase -e 128
fbwzekpmmridyapdouvejmlzlrjn

Use an external wordlist to generate a passphrase

:~$ passphrase -i eff_short_wordlist_1_1column.txt
wimp broke dash pasta zebra viral outer clasp
:~$ passphrase -d -i eff_short_wordlist_1.txt
mouse trend coach stain shut rhyme baggy scale

Save the output to a file

:~$ passphrase -o pass.txt
:~$ passphrase > pass.txt

Generate a passphrase and use it with GPG

:~$ sha256sum somefile.txt
589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2  somefile.txt
:~$ passphrase --no-newline -o pass.txt | gpg --symmetric --batch --passphrase-fd 0 somefile.txt
:~$ cat pass.txt | gpg --decrypt --batch --passphrase-fd 0 somefile.txt.gpg | sha256sum -
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2  -

Generate a passphrase avoiding shoulder surfing

:~$ passphrase -m -o pass.txt

Generate using the verbose mode

:~$ passphrase -v
Passphrase v1.1.3
by HacKan (https://hackan.net) FOSS under GNU GPL v3.0 or newer
Using 77 bits of entropy for calculations (if any). The minimum recommended is 77
Generating a passphrase of 6 words and 0 numbers using internal wordlist
The entropy of this passphrase is 77.55 bits
porridge browse undertone credibly underline gullible
:~$ passphrase -v -p
Passphrase v1.1.3
by HacKan (https://hackan.net) FOSS under GNU GPL v3.0 or newer
Using 77 bits of entropy for calculations (if any). The minimum recommended is 77
Generating password of 12 characters long using uppercase characters, lowercase characters, digits, punctuation characters
The entropy of this password is 78.66 bits
ZJN(Lvy{D'9H

Is this really secure?

First of all, we will say that a password or passphrase generator algorithm is secure if its output is trully random. To achieve that, Passphrase relies entirely on os.urandom, which always provides an interface to the OS’s cryptographically secure random generator. The whole program is quite big, but most of it is just the menues and the word list.

The generator algorithms are very short and simple, they are in passphrase.passphrase: Passphrase::generate() and Passphrase::generate_password(). The lower level functions are in passphrase.random, which directly uses os.urandom; higher level functions are in passphrase.secrets, that provides a convenient interface to those low level functions, so that implementation errors are avoided.

The whole magic is done by passphrase.secrets.randbelow(), that returns a random natural number lower than the given value, that is then used as index for the word or character list by passphrase.secrets.randchoice(), function used by the generators.

Both randbelow() and randint() where copyied from Python’s Lib/random, but trimmed down so that they don’t allow anything fishy. This also makes Passphrase independent from unnecessary libraries and potential external vulnerabilities.

The algorithms are very straight forward, easy to understand and verify. Boring crypto is the best crypto.

Attack surface

Let’s analyze some possible attack scenarios and its mitigations. If you want to add something or you see a mistake, please write an issue.

Attacker is root

TL;DR: game over.

An attacker that is root can do whatever it wants, so it’s out of the scope of this analysis.

Attacker can modify source code or wordlist

If it can modify the source code somehow, or the default wordlist, it’s also game over since a software that succesfully checks itself doesn’t exist yet. However, it could be mitigated by placing the files under the ownership of some privileged user (root).

Attacker can modify external libraries

Passphrase doesn’t require any external library, just Python 3 core.

Attacker can perform a timing attack

Words for passphrases and characters for passwords are randomly fetched from indexed lists. The process is: generate a random number, use it as index for the list, get the word or character. Timing - somehow - access time to this list would retrieve no difference from some number against another, so I think this scenario does not affect Passphrase, nor permits passphrase/password guessing.

However, it is possible to somehow force the list into certain memory pages and time cache-miss, and try to guess the word gotten from the list. It could be an over complicated attack, yet it does exist.

Timings

I realize at some point that the library was taking waaay longer to work than before (I solved it in 2c0eb8b), so I decided to measure each version runtime from now on. So here’s the runtime table for each tag:

Version (tag)	Runtime (ms)	Relative Runtime	Runtime Change Between Versions
v0.2.3	43.1	1.00	+0%
v0.2.3-1	41.2	0.96	-4%
v0.3.0	39.1	0.91	-5%
v0.4.1	107	2.48	+174%
v0.4.2	105	2.43	-2%
v0.4.4	105	2.43	+0%
v0.4.5	30.7	0.71	-71%
v0.4.7	30.6	0.71	-0%
v0.4.8	35.6	0.83	+16%
v0.5.0	35.6	0.83	+0%
v0.5.1	37.5	0.87	+5%
v1.0.0	37.3	0.87	-0%

You can try it yourself: download each release, unpack it and time it.

The command to run, depending on the release version, is:

• newer than v0.4.5, run: make timeit.

• older than v0.4.5, run python3 -m timeit -n 100 -r 10 -s 'import os' 'os.system("python3 -m passphrase -w6 -q")'.

• older than v0.4, run: python3 -m timeit -n 100 -r 10 -s 'import os' 'os.system("python3 src/passphrase.py -w6 -q")'.

License

Passphrase is made by HacKan under GNU GPL v3.0+. You are free to use, share, modify and share modifications under the terms of that license.

Copyright (C) 2017 HacKan (https://hackan.net)

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.