12 Copyright (c) 2011 - 2015, Steven Tobin and Contributors.
15 Contributors: Steven Tobin,
16 Rob Lanphier <robla@robla.net>,
17 Mithrandir <mithrandiragain@lavabit.com>,
18 Daniel Beecham <daniel@lunix.se>,
19 Kim Slawson <kimslawson@gmail.com>,
20 Stanislav Bytsko <zbstof@gmail.com>,
21 Lowe Thiderman <lowe.thiderman@gmail.com>,
22 Daniil Baturin <daniil@baturin.org>,
23 Ben Finney <ben@benfinney.id.au>,
24 Simeon Visser <simeon87@gmail.com>,
25 Scot Hacker <shacker@birdhouse.org>,
26 Lars Noschinski <lars@public.noschinski.de>
28 Redistribution and use in source and binary forms, with or without
29 modification, are permitted provided that the following conditions are met:
30 * Redistributions of source code must retain the above copyright
31 notice, this list of conditions and the following disclaimer.
32 * Redistributions in binary form must reproduce the above copyright
33 notice, this list of conditions and the following disclaimer in the
34 documentation and/or other materials provided with the distribution.
35 * Neither the name of the <organization> nor the
36 names of its contributors may be used to endorse or promote products
37 derived from this software without specific prior written permission.
39 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
40 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
41 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
42 DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
43 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
44 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
46 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
47 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
48 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 # random.SystemRandom() should be cryptographically secure
53 rng
= random
.SystemRandom
54 except AttributeError:
55 sys
.stderr
.write("WARNING: System does not support cryptographically "
56 "secure random number generator or you are using Python "
58 "Continuing with less-secure generator.\n")
61 # Python 3 compatibility
62 if sys
.version_info
[0] >= 3:
67 def validate_options(parser
, options
, args
):
69 Given a set of command line options, performs various validation checks
72 if options
.max_length
< options
.min_length
:
73 sys
.stderr
.write("The maximum length of a word can not be "
74 "lesser then minimum length.\n"
75 "Check the specified settings.\n")
79 parser
.error("Too many arguments.")
82 # supporting either -w or args[0] for wordlist, but not both
83 if options
.wordfile
is None:
84 options
.wordfile
= args
[0]
85 elif options
.wordfile
== args
[0]:
88 parser
.error("Conflicting values for wordlist: " + args
[0] +
89 " and " + options
.wordfile
)
90 if options
.wordfile
is not None:
91 if not os
.path
.exists(os
.path
.abspath(options
.wordfile
)):
92 sys
.stderr
.write("Could not open the specified word file.\n")
95 options
.wordfile
= locate_wordfile()
97 if not options
.wordfile
:
98 sys
.stderr
.write("Could not find a word file, or word file does "
103 def locate_wordfile():
104 static_default
= os
.path
.join(
105 os
.path
.dirname(os
.path
.abspath(__file__
)),
108 common_word_files
= ["/usr/share/cracklib/cracklib-small",
111 "/usr/share/dict/words"]
113 for wfile
in common_word_files
:
114 if os
.path
.exists(wfile
):
118 def generate_wordlist(wordfile
=None,
123 Generate a word list from either a kwarg wordfile, or a system default
124 valid_chars is a regular expression match condition (default - all chars)
129 regexp
= re
.compile("^%s{%i,%i}$" % (valid_chars
, min_length
, max_length
))
131 # At this point wordfile is set
132 wordfile
= os
.path
.expanduser(wordfile
) # just to be sure
136 thisword
= line
.strip()
137 if regexp
.match(thisword
) is not None:
138 words
.append(thisword
)
145 def wordlist_to_worddict(wordlist
):
147 Takes a wordlist and returns a dictionary keyed by the first letter of
148 the words. Used for acrostic pass phrase generation
153 # Maybe should be a defaultdict, but this reduces dependencies
154 for word
in wordlist
:
156 worddict
[word
[0]].append(word
)
158 worddict
[word
[0]] = [word
, ]
163 def verbose_reports(length
, numwords
, wordfile
):
165 Report entropy metrics based on word list and requested password size"
168 bits
= math
.log(length
, 2)
170 print("The supplied word list is located at %s."
171 % os
.path
.abspath(wordfile
))
173 if int(bits
) == bits
:
174 print("Your word list contains %i words, or 2^%i words."
177 print("Your word list contains %i words, or 2^%0.2f words."
180 print("A %i word password from this list will have roughly "
181 "%i (%0.2f * %i) bits of entropy," %
182 (numwords
, int(bits
* numwords
), bits
, numwords
)),
183 print("assuming truly random word selection.")
186 def find_acrostic(acrostic
, worddict
):
188 Constrain choice of words to those beginning with the letters of the
189 given word (acrostic).
190 Second argument is a dictionary (output of wordlist_to_worddict)
195 for letter
in acrostic
:
197 words
.append(rng().choice(worddict
[letter
]))
199 sys
.stderr
.write("No words found starting with " + letter
+ "\n")
204 def choose_words(wordlist
, numwords
):
206 for i
in xrange(numwords
):
207 s
.append(rng().choice(wordlist
))
210 def generate_xkcdpassword(wordlist
,
216 Generate an XKCD-style password from the words in wordlist.
221 # generate the worddict if we are looking for acrostics
223 worddict
= wordlist_to_worddict(wordlist
)
225 # useful if driving the logic from other code
228 passwd
= delimiter
.join(choose_words(wordlist
, numwords
))
230 passwd
= delimiter
.join(find_acrostic(acrostic
, worddict
))
234 # else, interactive session
236 custom_n_words
= raw_input("Enter number of words (default 6): ")
239 numwords
= int(custom_n_words
)
241 numwords
= len(acrostic
)
245 while accepted
.lower() not in ["y", "yes"]:
247 passwd
= delimiter
.join(choose_words(wordlist
, numwords
))
249 passwd
= delimiter
.join(find_acrostic(acrostic
, worddict
))
250 print("Generated: ", passwd
)
251 accepted
= raw_input("Accept? [yN] ")
258 usage
= "usage: %prog [options]"
259 parser
= optparse
.OptionParser(usage
)
263 dest
="wordfile", default
=None, metavar
="WORDFILE",
265 "Specify that the file WORDFILE contains the list of valid words"
266 " from which to generate passphrases."))
269 dest
="min_length", type="int", default
=5, metavar
="MIN_LENGTH",
270 help="Generate passphrases containing at least MIN_LENGTH words.")
273 dest
="max_length", type="int", default
=9, metavar
="MAX_LENGTH",
274 help="Generate passphrases containing at most MAX_LENGTH words.")
277 dest
="numwords", type="int", default
=6, metavar
="NUM_WORDS",
278 help="Generate passphrases containing exactly NUM_WORDS words.")
280 "-i", "--interactive",
281 action
="store_true", dest
="interactive", default
=False,
283 "Generate and output a passphrase, query the user to accept it,"
284 " and loop until one is accepted."))
286 "-v", "--valid_chars",
287 dest
="valid_chars", default
=".", metavar
="VALID_CHARS",
289 "Limit passphrases to only include words matching the regex"
290 " pattern VALID_CHARS (e.g. '[a-z]')."))
293 action
="store_true", dest
="verbose", default
=False,
294 help="Report various metrics for given options.")
297 dest
="acrostic", default
=False,
298 help="Generate passphrases with an acrostic matching ACROSTIC.")
301 dest
="count", type="int", default
=1, metavar
="COUNT",
302 help="Generate COUNT passphrases.")
305 dest
="delimiter", default
=" ", metavar
="DELIM",
306 help="Separate words within a passphrase with DELIM.")
308 (options
, args
) = parser
.parse_args()
309 validate_options(parser
, options
, args
)
311 my_wordlist
= generate_wordlist(wordfile
=options
.wordfile
,
312 min_length
=options
.min_length
,
313 max_length
=options
.max_length
,
314 valid_chars
=options
.valid_chars
)
317 verbose_reports(len(my_wordlist
),
321 count
= options
.count
323 print(generate_xkcdpassword(my_wordlist
,
324 interactive
=options
.interactive
,
325 numwords
=options
.numwords
,
326 acrostic
=options
.acrostic
,
327 delimiter
=options
.delimiter
))
331 if __name__
== '__main__':