~gagbo/diceware.py

ref: d40671f1ab3896495f1d13d1a6f0ffeb044bb942 diceware.py/README.md -rw-r--r-- 2.2 KiB
d40671f1 — Gerry Agbobada Minor lint 2 years ago

#Diceware implementation

#References

For the algorithm, and the words list I am targeting this paper

#Why Diceware ?

Diceware method for generating passwords is really nice and fun (I like throwing dice), and I would like to use it to generate passwords on the fly for the occasions where I don't have the time to actually do the full method (quick sign up on a site I'll probably visit only once).

#Reinventing the wheel

Diceware is simple enough so I can implement it in my own way, so here I am.

There are probably a lot of diceware implementations in the wild ( I'll update the README to add a list when I look for ways to implement the actual words list in my program).

I advise you to run the dice or trust these other guys, since crypto is not my forte (I know I have to use os.urandom() and that's pretty much it, this command line tool does not protect you from snooping eyes or other infections/memory watchers I do not know of)

#Usage

The project is not finished yet, but at most times running

./diceware.py

will display stuff (mostly examples and test cases).

That being said, I really want to run the simplest, smallest, easiest implementation of the algorithm ; Here are a few scenarios :

  • I want to create passphrases in any single language from command line (mainly targetting english and french for now)

  • I want to create passphrases using french (or any language) list but without accent. I am fine with small mistakes if it means the password is quicker to type on qwerty keyboards => Update : irrelevant as the list is already accent-free

  • I want my girlfriend to want to use that (which will bring portability issues later probably for anything non-CLI - Windows, iOS, Firefox, Browser integration...)

  • I want to be able to control the count of words for the list (When I have to give a dummy account for a one-time login a 3 word list would be fine)

  • I want to be able to add salt or not. Salting the passphrase makes it a lot better but it adds constraints on the memorability of the passphrase. The better solution from the implementation's point of view is to give the choice to the user.