~gagbo/diceware.py

Python implementation of the Diceware passphrase generation method
ee7ff790 — Gerry Agbobada 2 years ago
Try to fix the requirements for pylint
e6f92041 — Gerry Agbobada 2 years ago
Fix typo in requirements file
f8871008 — Gerry Agbobada 2 years ago
Use flake8 for linting; rename .flake8 for pyls

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~gagbo/diceware.py
read/write
git@git.sr.ht:~gagbo/diceware.py

You can also use your local clone with git send-email.

#Diceware implementation

#References

For the algorithm, and the words list I am targeting this paper

#License acks

The bundled data/diceware-fr-5-jets.txt word list is a list of french words to get with 5 throws. This list has been produced by Christophe-Marie Duquesne under CC-BY-3.0 license.

#Why Diceware

Diceware method for generating passwords is really nice and fun (I like throwing dice), and I would like to use it to generate passwords on the fly for the occasions where I don't have the time to actually do the full method (quick sign up on a site I'll probably visit only once).

#Reinventing the wheel

Diceware is simple enough so I can implement it in my own way, so here I am.

There are probably a lot of diceware implementations in the wild ( I'll update the README to add a list when I look for ways to implement the actual words list in my program).

I advise you to run the dice or trust these other guys, since crypto is not my forte (I know I have to use os.urandom() and that's pretty much it, this command line tool does not protect you from snooping eyes or other infections/memory watchers I do not know of)

#Usage

The project is not finished yet, but at most times running

./diceware.py

will display stuff (mostly examples and test cases).

That being said, I really want to run the simplest, smallest, easiest implementation of the algorithm ; Here are a few scenarios :

  • I want to create passphrases in any single language from command line (mainly targetting english and french for now)

  • I want to create passphrases using french (or any language) list but without accent. I am fine with small mistakes if it means the password is quicker to type on qwerty keyboards => Update : irrelevant as the list is already accent-free

  • I want my girlfriend to want to use that (which will bring portability issues later probably for anything non-CLI - Windows, iOS, Firefox, Browser integration...)

  • I want to be able to control the count of words for the list (When I have to give a dummy account for a one-time login a 3 word list would be fine)

  • I want to be able to add salt or not. Salting the passphrase makes it a lot better but it adds constraints on the memorability of the passphrase. The better solution from the implementation's point of view is to give the choice to the user.