{ "info": { "author": "Michael Munger", "author_email": "mj@hph.io", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3.6", "Topic :: Security", "Topic :: Security :: Cryptography" ], "description": "# pwgen_secure - Secure Python random password generator\n\nGenerate cryptographically secure random passwords with specified character sets, patterns, or lengths.\n\n## Quickstart: How do I make passwords?\n\n### Installation\n\npwgen_secure requires Python 3.6 above because it uses the `secrets` module for cryptographically secure random numbers.\n(\"cryptographically secure\" is a relative term. Read the *Security* section below).\n\nIf you do not have Python 3.6, you can download and install it from [python.org](https://www.python.org/downloads/).\n\n### Installation script\n\nFor your copy / paste pleasure. \n\n```\nsudo su\ncd /usr/src/\ngit clone https://github.com/mjmunger/pwgen_secure\ncd pwgen_secure\nchmod +x ./install.sh\n./install.sh\nexit\n```\n\n### Usage\n\n usage: spwgen [ -v ... ] [options] [] \n\n\n### Examples\nHere are examples for you, Captain Impatient...\n\n#### Random password for a website, and show the timing\n\n```\nspwgen slut 16\n```\n\n#### Random MAC address:\n```\nspwgen p 'h{2}:h{2}:h{2}:h{2}:h{2}:h{2}' \n```\n\n...or using a magic class\n\n```\nspwgen mac\n```\n#### Random three word pass phrase:\n```\nspwgen w 3\n```\n\n#### Create a google-style password:\n\n```\nspwgen google\n```\n\n#### Create one that's strong and easy to do on a phone\n```\nspwgen iphone\n```\n\nor\n\n```\nspwgen android\n```\n\n#### Escape the h so it starts with h\n\n```\nspwgen p '\\hu{12}' \n```\n### Full Usage\n\n```\nusage: spwgen [ -v ... ] [options] []\n\noptions:\n -v Be verbose.\n -d Debug mode. Same as -vvvvvvvvvvv\n -t Show how long it took to generate that password.\n -n= Generate n passwords.\n -a Show strength analysis of the generated password\n\nclasses:\n\n There are three classes:\n 1. magic classes Known good patterns to generate passwords for every day use. (You probably want this).\n 2. character classes Allows you to specifically define which character sets are used to generate your password.\n 3. pattern classes Allows you to define a custom pattern for password generation.\n\n magic classes:\n\n The following magic classes are short hand expressions that will create random passwords according to a\n specific recipe:\n\n google Generate Google-style app passwords e.g, ofgl ruwd ngzs iphh\n iphone Generate passwords that are easy to enter on the default iPhone keyboard\n android Generate passwords that are easy to enter on the default Android keyboard\n pin4 Generate a random 4-digit pin\n pin6 Generate a random 6-digit pin\n mac Generate a random mac address\n banking Generate a random password suitable for protecting bank accounts.\n strong Generate a strong password\n ridiculous Generate a ridiculous password\n ludicrous Generate a ludicrously strong password\n painful Really? Wow.\n\n Examples:\n\n `spwgen strong` outputs something like: `f5BjepTYdpUeJOhG`\n `spwgen mac` outputs something like: `46:06:e3:86:30:79`\n\n character classes:\n\n Character classes tell the password generator what character sets to use when generating the password. Each\n character class is represented by a single letter.\n\n When you use character classes, you *must* specify a password length as the class option.\n\n Available character classes are:\n\n u Include upper case characters: A-Z\n l Include lower case characters: a-z\n s Include symbol characters: !@#$%^&*\n d Include digits: 0-9\n b Include bracket characters: {}[]()<>\n m Include the minus character: -\n n Include the underscore character: _\n\n Extended options:\n w Generate a password based on words\n p Generate the password based on the given pattern (requires the pattern argument)\n e Exclude look-alike characters (homoglyphs): 1iIO0\n\n Examples:\n `spwgen slu 16` outputs something like: `#eZRnU%HlShbB**^`\n `spwgen dbmslu 32` outputs something like: `hahdJ(]Vizk@SW5RpKc(x($<8fwRC7HX`\n\n pattern classes:\n\n Pattern classes generate passwords based on the user specified pattern. The pattern defines the layout of the\n resulting password. Each character in the pattern dictates a character class that will be substituted at that\n position in the pattern.\n\n Characters that do not represent a specific character class will be substituted as-is.\n\n Use the following place holders to define your pattern:\n\n Base class place holders:\n u Upper case characters: A-Z\n l Lower case characters: a-z\n s Symbols: !@#$%^&*\n d Digits: 0-9\n b Bracket characters: {}[]()<>\n m The minus character: -\n n The underscore character: _\n p Punctuation: ,.;:\n\n Combination and sub-class place holders:\n a lower-case alphanumeric: a-z and 0-9\n A Upper-case alphanumeric: A-Z and 0-9\n M Mixed-case alphanumeric: a-z, A-Z, and 0-9\n N Mixed-case alphanumeric + symbols: a-z, A-Z, 0-9 + !@#$%^&*\n h Lower case hex character: 0-9 and a-f\n H Upper case hex character: 0-9 and A-F\n v Lower case vowel: aeiou\n V Upper case vowel: AEIOU\n Z Mixed case vowel: AEIOU and aeiou\n c Lower case consonant: bcdfghjklmnpqrstvwxyz\n C Upper case consonant: BCDFGHJKLMNPQRSTVWXYZ\n z Mixed case consonant: bcdfghjklmnpqrstvwxyz and BCDFGHJKLMNPQRSTVWXYZ\n\n Special placeholders\n \\ Escapes the proceeding character, and tells the generator to print it \"as-is\".\n {n} Print the previous character n times.\n\n Example:\n `uull-dddd` will result in:\n 1. Two upper case characters for the first two characters of the pattern, followed by:\n 2. Two lower case characters for the next two characters, followed by:\n 3. \"-\" followed by:\n 4. Four digits\n```\n\n## But why?\n\nThere are a number of reasons we wrote spwgen, but the main reason was: we wanted a password generator that was flexible and which would use the best available sources of entropy. \n\n### Secure by default\nBy default, pwgen creates passwords easy for a human to memorize. You have to use the `-s` option to get secure\npasswords. `pwgen_secure` generates secure passwords *by default* ... because users rarely rtfm, and usually use\ndefault settings.\n\n### Flexible\n\n`pwgen` is not flexible. Want to generate random mac addresses? Can't. Need some other pattern? Can't.\n`pwgen_secure` can.\n\n### Uses the `secrets` module\n\nThe secrets module automatically uses the best source of randomness available on your system, which gives us the best\nchance and making secure passwords. (See \"Cryptographically secure\" below). \n\n# Support and Issues\n\nFor support, problems, and issues, [file an issue on github](https://github.com/mjmunger/pwgen_secure) \n\n# Security\n\n## How secure can it be?\n\n\"Cryptographically secure\" is a somewhat relative term. The secrets module actually \"[...provides access to the most secure source of randomness that your operating system provides](https://docs.python.org/3/library/secrets.html#random-numbers)\". Thus, if you do not have a good source of randomness on your computer, you will not get good secure numbers. This is entirely dependent on whether or not your chipset has a [has a TRNG](https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide).\n\n## Password strength analysis\n\nPassword strength is a somewhat nebulous term. We would like it to mean: \"This password is hard to crack\", however the reality is that there are a number of ways to crack a password. The strength analysis this program performs is a search space calculation, which is compared against current cracking ability.\n\n### How we calculate search space\n\nThe command `spwgen.py -a strong` generates a password like: `SSWltcnwo0pARJY7`. This creates a possible search space of 1 match in 48,453,916,488,902,607,769,120,106,730 (4.8 x 10^28) possibilities. Now, we have a 1 in 2 chance of finding the password of we search half of that search space, and so, that reduces the search space to (2.4 x 10^28), which is still enormous. Now, given current cracking ability, we can try 100,000,000,000,000 attempts per second, we can divide out the possible combinations (2.4 x 10^28) by 1 x 10^14. This gives us the total number of seconds required to search 50% of the password's search space.\n\n### What we mean by \"crack\"\n\nFor the purposes of this calculator, a password is deemed to have been \"cracked\" after 50% of the search space can exhaustively be searched.\n\n### How we calculate \"strength\"\n\nThe strength of a password is determined by how likely a user will die before the password is brute forced, given current cracking technology. The target is to have a password that will take more than 100 years to crack. This way, a person can protect their data with a given password for their lifetime. Of course, as hashing and cracking technology increases, the speed we use to calculate this strength will need to be updated.\n\nStengths are therefore shown as:\n\n* Requires less than 1 year to crack: \"Awful. Don't use this.\"\n* Requires 1-10 years: Very weak\n* Requires 10-50 years: Weak\n* Requires 50-75 years: OK\n* Requires 75-100 years: Strong\n* Requires 100+ years: Very strong\n\nThis *does not guarantee* your password is strong, but it's a pretty damn good for most applications. Additionally, if you have a poor source of entropy on your computer, these calculations are all but meaningless. If you are really interested in having excellent, high-quality, secure passwords, make sure you have a computer with a chipset that can produce true random numbers with a TRNG or just pseudo-random numbers with a PRNG. See: [Intel's random number generator implementation guide](https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide) for more discussion.\n\n## Distribution specific installation information\n\n### Debian specific installation of Python 3.6.\n\nDebian stretch does not yet have Python 3.6 in an repository package, therefore, you can compile from scratch:\n\nPrep your system:\n```\napt build-dep python\napt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev\n```\n\nDownload Python 3.6 for Linux, and extract to /usr/src/, then:\n```\n./configure\nmake\nmake install\n```\n\nSecrets is part of the core library as of v3.6, so there is nothing else to install.\n\n## References\n* [Python secrets](https://docs.python.org/3/library/secrets.html#random-numbers)\n\n## Sources and contributions\n* Pattern functions based on [Keepass password generator](https://keepass.info/help/base/pwgenerator.html)\n* mmap usage for words.txt based on [Python fastest way to process large file](https://stackoverflow.com/questions/30294146/python-fastest-way-to-process-large-file)\n* English words list provided by [dwyl/englishwords](https://github.com/dwyl/english-words)\n\n## Acknowledgements\n\nThank you to [Theodore Ts'o](https://en.wikipedia.org/wiki/Theodore_Ts%27o) for his various contributions to the Linux project, including [pwgen](https://github.com/tytso/pwgen), [e2fsprogs](https://en.wikipedia.org/wiki/E2fsprogs), and [ext4 file system](https://en.wikipedia.org/wiki/Ext4), which are things we all use every day. Theodore Ts'o is imminently qualified to write the original pwgen, and this project hopes to follow in it's footsteps.\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mjmunger/pwgen_secure", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "pwgen-secure", "package_url": "https://pypi.org/project/pwgen-secure/", "platform": "", "project_url": "https://pypi.org/project/pwgen-secure/", "project_urls": { "Homepage": "https://github.com/mjmunger/pwgen_secure" }, "release_url": "https://pypi.org/project/pwgen-secure/0.9.0/", "requires_dist": null, "requires_python": "", "summary": "Generate cryptographically secure random passwords with specified character sets, patterns, or lengths.", "version": "0.9.0" }, "last_serial": 4737359, "releases": { "0.9.0": [ { "comment_text": "", "digests": { "md5": "c00c0e0ed46f4cf42ac793efd504a29c", "sha256": "976f3cb145628fc93d218e54c40095696137d0147f0449fda720fc841c434190" }, "downloads": -1, "filename": "pwgen_secure-0.9.0-py3-none-any.whl", "has_sig": false, "md5_digest": "c00c0e0ed46f4cf42ac793efd504a29c", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 11730, "upload_time": "2019-01-24T21:14:18", "url": "https://files.pythonhosted.org/packages/d4/a7/d28c274cc0d818a75fa9cd9ec7c872287a12c10cf1cad93fc739b33f9724/pwgen_secure-0.9.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c5b43e0079c229596a2f07cff8dd1e49", "sha256": "d27c635b56ec15c4d0d9bf65a1dc2d28652395c61e1fa29dfda64d9feb04b1f0" }, "downloads": -1, "filename": "pwgen_secure-0.9.0.tar.gz", "has_sig": false, "md5_digest": "c5b43e0079c229596a2f07cff8dd1e49", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15056, "upload_time": "2019-01-24T21:14:20", "url": "https://files.pythonhosted.org/packages/56/23/9cfbf9dcd7b473ed845ec272f054955190a91db9ad9038ba62aa54f1eca7/pwgen_secure-0.9.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "c00c0e0ed46f4cf42ac793efd504a29c", "sha256": "976f3cb145628fc93d218e54c40095696137d0147f0449fda720fc841c434190" }, "downloads": -1, "filename": "pwgen_secure-0.9.0-py3-none-any.whl", "has_sig": false, "md5_digest": "c00c0e0ed46f4cf42ac793efd504a29c", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 11730, "upload_time": "2019-01-24T21:14:18", "url": "https://files.pythonhosted.org/packages/d4/a7/d28c274cc0d818a75fa9cd9ec7c872287a12c10cf1cad93fc739b33f9724/pwgen_secure-0.9.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c5b43e0079c229596a2f07cff8dd1e49", "sha256": "d27c635b56ec15c4d0d9bf65a1dc2d28652395c61e1fa29dfda64d9feb04b1f0" }, "downloads": -1, "filename": "pwgen_secure-0.9.0.tar.gz", "has_sig": false, "md5_digest": "c5b43e0079c229596a2f07cff8dd1e49", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15056, "upload_time": "2019-01-24T21:14:20", "url": "https://files.pythonhosted.org/packages/56/23/9cfbf9dcd7b473ed845ec272f054955190a91db9ad9038ba62aa54f1eca7/pwgen_secure-0.9.0.tar.gz" } ] }