the xkcd password generator

lotus 28c36c4e31 Merge branch 'master' of https://git.zerohack.xyz/lotus/xpg 1 month ago
include b3fba6be2f Removed limit of 999 passwords able to generate at once. Instead now max passwords is UINT_MAX; i.e. 4.2 million. Cleaned up code with some refactors, included debug and optimized build options, prepared for unit testing 2 months ago
tests b3fba6be2f Removed limit of 999 passwords able to generate at once. Instead now max passwords is UINT_MAX; i.e. 4.2 million. Cleaned up code with some refactors, included debug and optimized build options, prepared for unit testing 2 months ago
.clang_complete c2a8177d4a Added more paths to clang_complete depending on lib version 1 month ago
.gitignore 3e775a85cc added new implementation files 7 months ago
.travis.yml 3ff6df99e0 added travis build, updated readme with badge 1 month ago
LICENSE.md 9883e4afaa first 8 months ago
README.md 3ff6df99e0 added travis build, updated readme with badge 1 month ago
compile_commands.json b3fba6be2f Removed limit of 999 passwords able to generate at once. Instead now max passwords is UINT_MAX; i.e. 4.2 million. Cleaned up code with some refactors, included debug and optimized build options, prepared for unit testing 2 months ago
main.cpp b3fba6be2f Removed limit of 999 passwords able to generate at once. Instead now max passwords is UINT_MAX; i.e. 4.2 million. Cleaned up code with some refactors, included debug and optimized build options, prepared for unit testing 2 months ago
makefile bb0bf9de78 fixed path for install and uninstall 1 month ago
xpg.1 2aec58769c fixed -n flag bug, changed default path, removed uneeded feature, updated readme 6 months ago
xpg.cpp b3fba6be2f Removed limit of 999 passwords able to generate at once. Instead now max passwords is UINT_MAX; i.e. 4.2 million. Cleaned up code with some refactors, included debug and optimized build options, prepared for unit testing 2 months ago

README.md

License Build Status

Link to the original comic strip

Motivations:

Simply wanted a quick way to generate memorable passwords from the command line.

Features:

  • fully unit test code coverage [NYI]
  • man docs
  • choose your casing (camelCase, PascalCase, snake_case, lisp-case)
  • specify a specific number of words
  • generate any number of passwords
  • auto copy to clipboard (do not echo) [NYI]

Prerequisites

  • Compiler capable of C++14 (i.e. GCC5 or Clang3.4)
  • POSIX make (GNU make, Bmake, etc.)
  • libsodium

thanks to dwyl for publishing the plaintext dictionary

Install:

Source

# on ubuntu
sudo apt install build-essential libsodium-dev
git clone https://git.zerohack.xyz:443/lotus/xpg.git
cd xpg
make && sudo make install
# creates ~/.xpg/dict.txt (the default dictionary location)

# if you want to build a debug version
make debug

# if you want to build an optimized version
make opt

Binary

Check out the Releases page..

Usage:

xpg                                # use config file specified settings (or default)
xpg -c snake                       # use snake_case
xpg -c pascal                      # use PascalCase
xpg -c camel                       # use camelCase
xpg -c lisp                        # use lisp-case
xpg -w 12                          # specify 12 words to be used
xpg -n 6 -w 12                     # create 6 passwords each using 12 words

Security considerations:

The default settings are meant to be sane and secure. None of the settings will degrade the security of your passwords, they simply cater to your personal preference.

The random number generator used is from libsodium, a new and strong crypto library. The RNG is also seeded by libsodium in the proper fashion. The reasoning behind choosing libsodium is that it is quickly installed via most unix package managers, therefore most people either already have it installed, or can install it easily. I wanted to use only standard library features, but couldn't find a safe way to to so.

There has been much online debate regarding the safety of using this scheme. There is enough evidence to show that as long you are using passwords in a safe manner you will be safe using this scheme. This means using a password manager, and not using one password for all your different logins. You can read some of the arguments for and against the scheme here, here, and here. If you are looking for a good password manager, I suggest pass.

Feel free to send me suggestions for improving the security of this application. I'm open to being shown where there are errors.

Built with:

Free and Open Source software and the help of the church of Emacs ;)

Notes:

Currently only ASCII english dictionaries are supported.

License / Disclaimer:

BSD 3-Clause; See LICENSE.md. Please use a secure password manager.