RPASS(1) | General Commands Manual | RPASS(1) |
rpass
— strong
password generator for humans
rpass |
[-V ] [bitlen] |
rpass
is a strong password generator for
human beings. The generated passwords are shorter than Diceware which suits
them better for use on mobile devices, the command line or other
environments where one has to frequently type the password. The passwords
are case-insensitive so that there is no alternation between keyboards on
insert. Blanks can be inserted at arbitrary places to enhance visual
representation. Furthermore, the passwords are both visually and
phonetically unambiguous.
-V
In order to determine the right bitlen three factors should be considered:
The default bitlen of 40 bits relies on the following requirements: the password is stored using bcrypt(3) with 2^10 rounds, it should only be secure for one year and the adversary has no more than $25,000.00 to spend on brute forcing the password (as of 2019).
The rpass
utility exits 0 on
success, and >0 if an error occurs.
Random password from the default key space:
$ rpass jikmus xuzjex
Random password from an 80 bit key space:
$ rpass 80 jultar ramlap rinwun bemvuh
In order to calculate the required bitlen let's consider a scenario with the following requirements: the generated password will be used for at most half a year and is stored using PBKDF2-HMAC-SHA256 with a million iterations. Furthermore the adversary has $25,000.00 to spend. According to “8x Nvidia GTX 1080 Ti Hashcat Benchmarks” as of 2019 the adversary can try 15 million hashes per second on PBKDF2-HMAC-SHA256 with a thousand iterations. This would be 15 thousand hashes per second on PBKDF2-HMAC-SHA256 with a million iterations. Hence the required key space is 15,000 * 3,600 * 24 * 183 * 2 = 38.8 bits.
bcrypt(3), 8x Nvidia GTX 1080 Ti Hashcat Benchmarks The Diceware Passphrase Home Page PKCS #5: Password-Based Cryptography Specification
Tim Kuijsten
The phonetic ambiguity of the current set of mnemonics depends on the spoken language and is currently optimized for the Dutch language.
December 13, 2019 | OpenBSD 6.6 |