README.rst 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. xkcdpass
  2. ========
  3. .. image:: https://badges.gitter.im/Join%20Chat.svg
  4. :alt: Join the chat at https://gitter.im/redacted/XKCD-password-generator
  5. :target: https://gitter.im/redacted/XKCD-password-generator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
  6. A flexible and scriptable password generator which generates strong passphrases, inspired by `XKCD 936 <http://xkcd.com/936/>`_::
  7. $ xkcdpass
  8. > correct horse battery staple
  9. .. image:: http://imgs.xkcd.com/comics/password_strength.png
  10. Install
  11. =======
  12. ``xkcdpass`` can be easily installed using pip::
  13. pip install xkcdpass
  14. or manually::
  15. python setup.py install
  16. Source
  17. ~~~~~~
  18. The latest development version can be found on github: https://github.com/redacted/XKCD-password-generator
  19. Contributions welcome and gratefully appreciated!
  20. Requirements
  21. ============
  22. Python 2 (version 2.7 or later), or Python 3 (version 3.2 or later).
  23. Running ``xkcdpass``
  24. ====================
  25. ``xkcdpass`` can be called with no arguments::
  26. $ xkcdpass
  27. > pinball previous deprive militancy bereaved numeric
  28. which returns a single password, using the default dictionary and default settings. Or you can mix whatever arguments you want::
  29. $ xkcdpass --count=5 --acrostic='chaos' --delimiter='|' --min=5 --max=6 --valid_chars='[a-z]'
  30. > collar|highly|asset|ovoid|sultan
  31. > caper|hangup|addle|oboist|scroll
  32. > couple|honcho|abbot|obtain|simple
  33. > cutler|hotly|aortae|outset|stool
  34. > cradle|helot|axial|ordure|shale
  35. which returns
  36. * ``--count=5`` 5 passwords to choose from
  37. * ``--acrostic='chaos'`` the first letters of which spell 'chaos'
  38. * ``--delimiter='|'`` joined using '|'
  39. * ``--min=5 --max=6`` with words between 5 and 6 characters long
  40. * ``--valid-chars='[a-z]'`` using only lower-case letters (via regex).
  41. A concise overview of the available ``xkcdpass`` options can be accessed via::
  42. xkcdpass --help
  43. Usage: xkcdpass [options]
  44. Options:
  45. -h, --help
  46. show this help message and exit
  47. -w WORDFILE, --wordfile=WORDFILE
  48. List of valid words for password
  49. --min=MIN_LENGTH
  50. Minimum length of words to make password
  51. --max=MAX_LENGTH
  52. Maximum length of words to make password
  53. -n NUMWORDS, --numwords=NUMWORDS
  54. Number of words to make password
  55. -i, --interactive
  56. Interactively select a password
  57. -v VALID_CHARS, --valid-chars=VALID_CHARS
  58. Valid chars, using regexp style (e.g. '[a-z]')
  59. -V, --verbose
  60. Report various metrics for given options, including word list entropy
  61. -a ACROSTIC, --acrostic=ACROSTIC
  62. Acrostic to constrain word choices
  63. -c COUNT, --count=COUNT
  64. number of passwords to generate
  65. -d DELIM, --delimiter=DELIM
  66. separator character between words
  67. A large wordlist is provided for convenience, but the generator can be used with any word file of the correct format: a file containing one 'word' per line. The default word file can be found in ``xkcdpass/static/default.txt``.
  68. The default word list is derived mechanically from `12Dicts <http://wordlist.aspell.net/12dicts/>`_ by Alan Beale. It is the understanding of the author of ``xkcdpass`` that purely mechanical transformation does not imbue copyright in the resulting work. The documentation for the 12Dicts project at
  69. http://wordlist.aspell.net/12dicts/ contains the following dedication:
  70. ..
  71. The 12dicts lists were compiled by Alan Beale. I explicitly release them to the public domain, but request acknowledgment of their use.
  72. Using xkcdpass as an imported module
  73. ====================================
  74. The built-in functionality of ``xkcdpass`` can be extended by importing the module into python scripts. An example of this usage is provided in `example_import.py <https://github.com/redacted/XKCD-password-generator/blob/master/examples/example_import.py>`_, which randomly capitalises the letters in a generated password. `example_json.py` demonstrates integration of xkcdpass into a Django project, generating password suggestions as JSON to be consumed by a Javascript front-end.
  75. A simple use of import::
  76. from xkcdpass import xkcd_password as xp
  77. # create a wordlist from the default wordfile
  78. # use words between 5 and 8 letters long
  79. wordfile = xp.locate_wordfile()
  80. mywords = xp.generate_wordlist(wordfile=wordfile, min_length=5, max_length=8)
  81. # create a password with the acrostic "face"
  82. print(xp.generate_xkcdpassword(mywords, acrostic="face"))
  83. When used as an imported module, `generate_wordlist()` takes the following args (defaults shown)::
  84. wordfile=None,
  85. min_length=5,
  86. max_length=9,
  87. valid_chars='.'
  88. While `generate_xkcdpassword()` takes::
  89. wordlist,
  90. numwords=6,
  91. interactive=False,
  92. acrostic=False,
  93. delimiter=" "
  94. Insecure random number generators
  95. =================================
  96. `xkcdpass` uses crytographically strong random number generators where possible (provided by `random.SystemRandom()` on most modern operating systems). From version 1.7.0 falling back to an insecure RNG must be explicitly enabled, either by using a new command line variable before running the script::
  97. xkcdpass --allow-weak-rng
  98. or setting the appropriate environment variable::
  99. export XKCDPASS_ALLOW_WEAKRNG=1
  100. Filtered word list
  101. ===================
  102. While we recommend the standard word list for most purposes, we note that this list is uncensored and, as such, generated passwords could offend. For this reason, `a filtered word list can be found in the github repo <https://github.com/redacted/XKCD-password-generator/tree/master/contrib/office-safe.txt>`_ (filtered by Twig Nyugen and included here with permission).
  103. An important caveat: due to the significant reduction in the size of the filtered word list when compared to the default, the strength of the corresponding passwords is also reduced. Users should expect approximately an *order of magnitude* reduction in the strength of a five word passphrase. This can be mitigated by increasing the length of generated passphrases.
  104. Changelog
  105. =========
  106. - **1.9.0** Improvements to interactive mode
  107. - **1.8.2** `generate_wordlist` behaviour didn't match doctring, fixed
  108. - **1.8.1** Fix typo in validation function
  109. - **1.8.0** Fix error in wordfile argument handling
  110. - **1.7.0** require explicit permission to fall back to insecure PRNG
  111. - **1.6.4** fix broken link in README
  112. - **1.6.3** ensure deduplication of wordlist
  113. - **1.6.2** move contributors to stand-alone CONTRIBUTORS file
  114. - **1.6.0** rename `--valid_chars` to `--valid-chars` for consistency
  115. - **1.5.0** migrate from deprecated `optparse` to `argparse`. Users on older python versions (below 2.7 or 3.2) will need to manually install `argparse`.
  116. License
  117. =======
  118. This is free software: you may copy, modify, and/or distribute this work under the terms of the BSD 3-Clause license.
  119. See the file ``LICENSE.BSD`` for details.
  120. -