rpass.1 (3174B)
1 .\" Copyright (c) 2017, 2019 Tim Kuijsten 2 .\" Copyright (c) 2020, Stephen Gregoratto 3 .\" 4 .\" Permission to use, copy, modify, and/or distribute this software for any 5 .\" purpose with or without fee is hereby granted, provided that the above 6 .\" copyright notice and this permission notice appear in all copies. 7 .\" 8 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 .\" 16 .Dd February 11, 2020 17 .Dt RPASS 1 18 .Os 19 .Sh NAME 20 .Nm rpass 21 .Nd strong password generator for humans 22 .Sh SYNOPSIS 23 .Nm 24 .Op Ar bitlen 25 .Sh DESCRIPTION 26 The 27 .Nm 28 utility generates strong passwords for human beings. 29 The generated passwords are shorter than Diceware, making them suitable for 30 environments where one has to frequently input them. 31 The passwords are case-insensitive so that there is no alternation between 32 keyboards on insert. 33 Blanks are inserted at arbitrary places to enhance visual representation. 34 Furthermore, the passwords are both visually and phonetically unambiguous. 35 .Pp 36 The 37 .Ar bitlen 38 argument determines the password's keyspace, 39 defaulting to 40 if unspecified. 40 In order to determine the right 41 .Ar bitlen , 42 three factors should be considered: 43 .Bl -enum -offset Ds 44 .It 45 The hashing mechanism used to store the password. 46 .It 47 The time for which this password has to be secure. 48 .It 49 The processing power of the adversary. 50 .El 51 .Pp 52 The 40 bit default relies on the following requirements: 53 the password is stored using 54 .Xr bcrypt 3 55 with 56 .EQ 57 2 sup 10 58 .EN 59 rounds, it should only be secure for one year and the adversary has no more than 60 $25,000.00 to spend on brute forcing the password (as of 2019). 61 .Sh EXIT STATUS 62 .Ex -std 63 .Sh EXAMPLES 64 Random password from the default key space: 65 .Bd -literal -offset 4n 66 $ rpass 67 jikmus xuzjex 68 .Ed 69 .Pp 70 Random password from an 80 bit key space: 71 .Bd -literal -offset 4n 72 $ rpass 80 73 jultar ramlap rinwun bemvuh 74 .Ed 75 .Pp 76 In order to calculate the required 77 .Ar bitlen , 78 consider a scenario with the following requirements: the generated 79 password will be used for at most half a year and is stored using 80 PBKDF2-HMAC-SHA256 with a million iterations. 81 The adversary can compute 15 thousand hashes per second with a million 82 iterations. 83 Thus the required key space is 84 .EQ 85 log sub 2 (15000 times 3600 times 24 times 183 times 2) approx 38.8 86 .EN 87 .Sh SEE ALSO 88 .Xr bcrypt 3 89 .Rs 90 .%B PKCS #5: Password-Based Cryptography Specification 91 .%I Internet Engineering Task Force 92 .%D January 2017 93 .%R RFC 8018 94 .Re 95 .Sh AUTHORS 96 .An -nosplit 97 The 98 .Nm 99 utility was written by 100 .An Tim Kuijsten Aq Mt info@netsend.nl 101 and is maintained by 102 .An Stephen Gregoratto Aq Mt dev@sgregoratto.me . 103 .Sh CAVEATS 104 The phonetic ambiguity of the current set of mnemonics depends on the spoken 105 language and is currently optimized for the Dutch language.