Skip to main content

A quick and simple cryptographically secure script to generate high entropy passphrases using the Electronic Frontier Foundation's wordlists

Project description

passphraseme

A quick and simple cryptographically secure script to generate high entropy passphrases using the Electronic Frontier Foundation's wordlists, including their fandom-inspired wordlists.

Installation

pip install passphraseme

Usage

Run passphraseme with a number to generate secure passphrases using EFF's short wordlist, like this:

$ passphraseme 7
plug-scan-skate-shown-ritzy-self-bud
$ passphraseme 5
drank-amino-spoil-badge-copy

You can also optionally choose a different wordlist. Here are all of the command line arguments:

Short Long Description
-h --help show help message
--sep Separator (default "-")
-l --large Use EFF's general large wordlist
-s1 --short1 Use EFF's general short wordlist (default)
-s2 --short2 Use EFF's short wordlist with unique prefixes
-got --game-of-thrones Use EFF's Game of Thrones wordlist (Passwords of Westeros)
-hp --harry-potter Use EFF's Harry Potter wordlist (Accio Passphrase!)
-st --star-trek Use EFF's Star Trek wordlist (Live Long and Passphrase)
-sw --star-wars Use EFF's Star Wars wordlist (The Passphrase Is Strong With This One)
-d [dictionary] --dictionary [dictionary] Custom wordlist filename

For example, you can choose to EFF's short wordlist with unique prefixes like this:

$ passphraseme -s2 5
leftover-human-podiatrist-clergyman-elk

Or you can embrace your inner nerd and use a fandom wordlist:

$ passphraseme --game-of-thrones 5
skull-putting-twenty-aid-bluntly
$ passphraseme --harry-potter 5
summoning-jealous-loads-somehow-unregistered
$ passphraseme --star-trek 5
destroying-maximum-radiation-yells-causes
$ passphraseme --star-wars 5
duels-zett-rock-silenced-blockade

You can also choose to use a custom wordlist, like this:

$ passphraseme -d /usr/share/dict/words 7
Sphinx's-congas-adjudge-revalue-scotched-decapitations-scampered

And if you prefer, you can use a custom separator, like or . instead of -:

$ passphraseme --sep " " 5
drown elder drown sport hula
$ passphraseme --sep . 5
stage.stash.speak.shack.pound

Strength of passphrases

This table shows the strength (bits of entropy) of passphraseme-generated passphrases of different lengths (1-10 words).

Bits of entropy/word 1 2 3 4 5 6 7 8 9 10
EFF short wordlists (default) 10.339 10.3 (0 s) 20.7 (0 s) 31.0 (0 s) 41.4 (4 s) 51.7 (1 h) 62.0 (83 d) 72.4 (295 y) 82.7 (382.3k y) 93.1 (495M y) 103.4 (642B y)
EFF large wordlist 12.925 12.9 (0 s) 25.8 (0 s) 38.8 (0 s) 51.7 (1 h) 64.6 (1 y) 77.5 (10.6k y) 90.5 (82M y) 103.4 (642B y) 116.3 (4.99e15 y) 129.2 (3.88e19 y)
EFF fandom wordlists 11.965 12.0 (0 s) 23.9 (0 s) 35.9 (0 s) 47.9 (6 m) 59.8 (17 d) 71.8 (196 y) 83.8 (787.1k y) 95.7 (3B y) 107.7 (1.26e13 y) 119.7 (5.04e16 y)

The brute force time is calculated like this:

I'm assuming you're using a passphrase for macOS 10.8+ (PBKDF2-SHA512) to encrypt your disk with FileVault. According to this post, the password cracking tool hashcat can guess 193,900 passphrases per second on an Amazon AWS p3.16xlarge instance, which costs $24.48 per hour.

If an attacker is willing to spend up to $1 billion per day to guess your passphrase, they can afford to run 1.7 million of these AWS instances at once, meaning they can guess ~330 billion passphrases per second. On average, a brute force attack will find the passphrase after searching half the keyspace, so the times above are how long it takes to search half the keyspace.

Note that the time "3.88e19 y" means "3.88 x 1019 years". Also note that the brute force times will vary wildly, both much quicker or much slower, depending on the hash function or KDF used -- basically, depending on what software you're using this passphrase with.

Check out calc_passphrase_strength.py to see the maths.

Licenses

The wordlists included were created by Electronic Frontier Foundation, and are distributed under the Creative Commons Attribution 3.0. For the fandom wordlists (Game of Thrones, Harry Potter, Star Trek, and Star Wars), EFF notes that "Any trademarks within the word list are the property of their respective trademark holders, who are not affiliated with the Electronic Frontier Foundation and do not sponsor or endorse these passwords."

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

passphraseme-0.1.7.tar.gz (105.6 kB view details)

Uploaded Source

Built Distribution

passphraseme-0.1.7-py3-none-any.whl (103.1 kB view details)

Uploaded Python 3

File details

Details for the file passphraseme-0.1.7.tar.gz.

File metadata

  • Download URL: passphraseme-0.1.7.tar.gz
  • Upload date:
  • Size: 105.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.3

File hashes

Hashes for passphraseme-0.1.7.tar.gz
Algorithm Hash digest
SHA256 c1843867a82d0f32ddc2d87b4c3be61cb9ff8428722b365b9ebd192aa268af0d
MD5 6e9bf7c3cd766166c896e11817d32ba3
BLAKE2b-256 fc4b5100db5ec77b1c8367514e4532f2f9c5b03612eec76cfcad002c266f70ad

See more details on using hashes here.

File details

Details for the file passphraseme-0.1.7-py3-none-any.whl.

File metadata

  • Download URL: passphraseme-0.1.7-py3-none-any.whl
  • Upload date:
  • Size: 103.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.3

File hashes

Hashes for passphraseme-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 97959c2950bb4739fc299f27d0760b011ad4b125c84df3b62e7ff95785905883
MD5 34dd151eb42dc6e44d0122fa706b03e1
BLAKE2b-256 93f46748ca758f0b67186bbeae13b7b1c5fd362a63ca91e6255180251dc1332b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page