Skip to content

Commit

Permalink
add latin wordlist
Browse files Browse the repository at this point in the history
  • Loading branch information
Aizen committed Oct 6, 2024
1 parent f78b6f9 commit 44308dd
Show file tree
Hide file tree
Showing 7 changed files with 114 additions and 124 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ You can customize the word style by creating a new instance from your own token

```go
myTokens := []string{"alpha", "bravo", "charlie", "delta"}
gen := cryptipass.NewInstanceFromList(myTokens)
gen := cryptipass.NewCustomInstance(myTokens, 1) //instead of 1, try 2,3,4 to see the tradeoff between fidelity to the wordlist and entropy gain.

pass, entropy := gen.GenPassphrase(3)
fmt.Println("Custom Passphrase:", pass) //e.g. alphar.bravo.delta
Expand Down
135 changes: 61 additions & 74 deletions cmd/genpw/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,117 +1,104 @@
# genpw - CryptiPass CLI
# genpw

`genpw` is a simple command-line interface (CLI) for generating high-entropy, pronounceable passphrases using the CryptiPass library. It allows users to specify the pattern used to generate each passphrase (e.g. the number of words, symbols, digits), the number of passphrases to generate making it easy to quickly create secure, human-friendly passwords directly from the terminal.

This tool is part of the [CryptiPass](https://github.com/francescoalemanno/cryptipass) project and resides in the `cmd/genpw` subdirectory.
**genpw** is a command-line tool that generates secure, pronounceable passwords and passphrases using customizable patterns. Built on top of the `cryptipass` library, **genpw** provides flexible options for creating memorable, yet strong passphrases with high entropy, making it ideal for secure applications, authentication, and more.

## Features

- **Generate Secure Passphrases**: Easily generate high-entropy, pronounceable passphrases with customizable length.
- **Customizable Output**: Control the number of words per passphrase and how many passphrases you want to generate.
- **Lightweight and Easy to Use**: Simple CLI flags for ease of use and quick password generation.
- Generate secure, pronounceable passwords.
- Customizable patterns for letters, numbers, symbols, and word formats.
- Visual strength meter for each generated passphrase.
- Cryptographic random number generator for secure randomness.
- High entropy and randomness assurance.

---

## Installation

To install the `genpw` CLI, first ensure you have Go installed. Then run:
To install **genpw**, use `go install`:

```bash
go install github.com/francescoalemanno/cryptipass/cmd/genpw@latest
```

This will install the `genpw` binary in your `$GOPATH/bin` directory.
Ensure `$GOPATH/bin` is added to your `PATH` to run the command directly.

---

## Usage

Once installed, you can generate passphrases by running `genpw` with the following options:
You can generate a set of passwords with the desired pattern using the following command:

```bash
Usage of genpw:
-n uint
number of passwords to generate (default 6)
-p string
pattern used to generate passphrase e.g. try:
-p WWW20dd

other possible patterns are formed by combining:
- 'w' lowercase word, 'W' for uppercase word.
- 'c' a lowercase character, 'C' a uppercase character.
- 's' symbol, 'd' digit.
(default "W.w.w")
genpw -p [PATTERN] -n [NUMBER OF PASSWORDS]
```

### Example Commands
### Pattern Options

1. **Generate 6 passphrases with 3 words each** (default):
- **w**: lowercase word.
- **W**: uppercase word.
- **c**: lowercase character.
- **C**: uppercase character.
- **d**: digit.
- **s**: symbol.

```bash
genpw
```
### Example

This will output something like:
Generate 6 passphrases using a pattern of three words (with one capitalized), a two-digit number, and two lowercase characters:

```bash
Passphrase Log10(Guesses) Log2Entropy Strength

Retendmil.culabdo.maxagedome 24.79 83.34 [============]
Reenniter.sauntrolla.rhuff 24.85 83.56 [============]
Pestryste.obilling.decheme 24.69 83.03 [============]
Apperd.illatc.obserles 22.14 74.54 [===========.]
Hugalfi.jeasiltil.oyagenar 24.66 82.92 [============]
Waliquin.uniterai.muggight 23.53 79.18 [============]
genpw -p "W.w.w.ddcc" -n 6
```

1. **Generate passphrases with custom pattern**:

```bash
genpw -p "WW20dds" -n 5
Sample output:

```bash
Passphrase Log10(Guesses) Log2Entropy Strength

Mortw.retainish.quater.66es 21.49 72.40 [===========.]
Defamito.repeac.stateryb.91he 23.75 79.90 [============]
Grazi.subsider.pravi.83de 20.14 67.92 [==========..]
Alishin.dumpedial.prayingin.45po 23.85 80.23 [============]
Atoryone.imputt.moodly.76op 19.66 66.32 [==========..]
Hurred.buffyeare.uphonetin.97co 23.22 78.12 [============]
```

The output might look like:
### Parameters

```bash
Passphrase Log10(Guesses) Log2Entropy Strength

AckeraClinuil2073& 17.27 58.36 [=========...]
DompiciOniarlym2086% 18.71 63.16 [=========...]
TioutiLetormentr2023^ 18.65 62.94 [=========...]
GremMumpar2085- 14.06 47.71 [=======.....]
BatiousExqueld2048& 16.21 54.86 [========....]
```
- **`-p`**: Define the pattern for password generation (default: `W.w.w`).
- **`-n`**: Specify the number of passwords to generate (default: `6`).

or
---

```bash
genpw -p "w.w.w.w" -n 5
```
## Password Strength

The output might look like:
Each generated passphrase includes a strength meter, represented by a bar between `0` and `12` characters, where `=` indicates strength and `.` indicates relative weakness.

```bash
Passphrase Log10(Guesses) Log2Entropy Strength

euppidner.dumidg.knosel.gentebory 30.59 102.63 [============]
heariburt.rumphum.daterale.batyptook 33.84 113.41 [============]
aremore.gortleup.alstiormo.aupdater 34.19 114.58 [============]
anterser.fibershr.derice.paroservac 34.33 115.04 [============]
rusti.onerses.flobboate.takeopa 29.06 97.54 [============]
```
- **Log10(Guesses)**: The estimated number of guesses (in log10 scale) required to crack the password.
- **Log2Entropy**: The entropy (in bits) of the passphrase, reflecting its unpredictability.

### Entropy Considerations
---

Each password generated by CryptiPass comes with an exact entropy evaluation . For example:
- A 4-word passphrase (pattern "wwww") has on average 101 bits of entropy.
- A 6-word passphrase (pattern "wwwwww") has on average 152 bits of entropy.
## Customization

This allows for highly secure passphrases, even against brute-force attacks.
You can define your own patterns to create passphrases tailored to your security and usability needs. Patterns can be mixed and matched to create combinations of words, digits, symbols, and characters, offering high flexibility.

## Contributing
Examples:

- **Pattern**: `"wW.d.s"`
- Output: lowercase word, uppercase word, digit, and symbol.

Contributions are welcome! Please open an issue or submit a pull request via the [main repository](https://github.com/francescoalemanno/cryptipass).
```bash
genpw -p "wW.d.s" -n 4
```

---

## License

This tool is open-source and licensed under the MIT License.
**genpw** is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.

## Contact
---

## Contributing

For any questions, issues, or suggestions, please visit the [issue tracker](https://github.com/francescoalemanno/cryptipass/issues) on GitHub.
Contributions are welcome! Feel free to open an issue or submit a pull request for bug fixes, new features, or improvements.
33 changes: 19 additions & 14 deletions cryptipass.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,29 +15,33 @@ import (
"strings"
)

// NewInstanceFromList creates a new instance of the cryptipass password generator
// NewCustomInstance creates a new instance of the cryptipass password generator
// using a custom word list. The word list should consist of tokens (words) that
// will be used to construct pronounceable passphrases.
//
// The function returns a pointer to a generator instance, which can be used
// to generate passphrases with the provided word list.
//
// The generator uses a probabilistic transition model, initialized with a pre-defined
// set of tokens to construct pronounceable passwords based on patterns of letter transitions.
//
// Example usage:
//
// tokens := []string{"alpha", "bravo", "charlie", "delta"}
// gen := cryptipass.NewInstanceFromList(tokens)
// gen := cryptipass.NewCustomInstance(tokens, 1)
// passphrase, entropy := gen.GenPassphrase(4)
//
// Parameters:
// - tokens []string: A list of words (tokens) from which the generator will
// - tokens []string: A list of words (tokens) from which the generator will
// build passphrases.
// - chain_depth int: The correlation length used to distill the probabilistic model.
//
// Returns:
// - *generator: A new generator instance using the custom word list.
//
// If the random seed cannot be read from the crypto/rand source, the function
// will log a fatal error and terminate the application.
func NewInstanceFromList(tokens []string) *generator {
func NewCustomInstance(tokens []string, chain_depth int) *generator {
seed := [32]byte{}
n, err := cr.Reader.Read(seed[:])
if err != nil || n != 32 {
Expand All @@ -46,18 +50,15 @@ func NewInstanceFromList(tokens []string) *generator {
rng := rand.New(rand.NewChaCha8(seed))
g := new(generator)
g.Rng = rng
jtbl := distill(tokens)
jtbl := distill(tokens, chain_depth)
g.jump_table = &jtbl

g.depth = chain_depth
return g
}

// NewInstance creates a new generator using a default word list to
// produce pronounceable, secure passphrases.
//
// The generator uses a probabilistic transition model, initialized with a pre-defined
// set of tokens to construct pronounceable passwords based on patterns of letter transitions.
//
// Example usage:
//
// gen := cryptipass.NewInstance()
Expand All @@ -68,7 +69,12 @@ func NewInstanceFromList(tokens []string) *generator {
// NewInstance is ideal for general use cases where you want to generate secure
// passphrases with a focus on ease of pronunciation and memorization.
func NewInstance() *generator {
return NewInstanceFromList(eff_short_word_list_2_0)
return NewCustomInstance(WordListEFF(), 3)
}

// NewInstanceHE is a higher entropy version of NewInstance, it trades off pronounceability for an higher entropy margin, for a fuller documentation look at `NewInstance`.
func NewInstanceHE() *generator {
return NewCustomInstance(WordListEFF(), 2)
}

// GenPassphrase generates a passphrase composed of a specified number of words.
Expand Down Expand Up @@ -188,8 +194,7 @@ func (g *generator) GenFromPattern(pattern string) (string, float64) {

// GenNextToken selects the next token based on the current seed (context) and
// a probabilistic model derived from the transition matrix. It generates a
// token that is most likely to follow the given string context `seed`,
// where `seed` can be up to two characters long.
// token that is most likely to follow the given string context `seed`.
//
// If the `seed` is too short or does not match any known transitions in the
// matrix, it falls back to using shorter prefixes until a match is found.
Expand All @@ -199,7 +204,7 @@ func (g *generator) GenFromPattern(pattern string) (string, float64) {
// The function returns the selected token as a string and its entropy value.
//
// Parameters:
// - seed: A string representing the current context (up to 2 characters).
// - seed: A string representing the current context.
//
// Returns:
//
Expand All @@ -218,7 +223,7 @@ func (g *generator) GenFromPattern(pattern string) (string, float64) {
// if the selection process encounters an unexpected error while choosing
// the next token.
func (g *generator) GenNextToken(seed string) (string, float64) {
L := min(len(seed), 2)
L := min(len(seed), g.depth)
tok := strings.ToLower(seed[len(seed)-L:])
retry:
if tr, ok := (*g.jump_table)[tok]; ok {
Expand Down
Loading

0 comments on commit 44308dd

Please sign in to comment.