-
Notifications
You must be signed in to change notification settings - Fork 1
Styles
In "make-password" tool, we can choose various styles of generated passphrases by "specifiers".
Simple specifiers are like a short mnemonics like
d16 (16 digits), x8 (8 hexadecimals) or A8 (8 alphabets or numeric digits),
also e5 (5 English words) or -j5 (5 Japanese words separated by hyphens).
We can put them together as A8-d8 or -e5-d10.
Additionally, you can specify 'entropy' of generated passphrases in bits,
like e:100 or j:100, or x:128.
More detailed combinations of style specifiers are described below.
Most common-case styles of random passwords are specified with single-character mnemonics, followed by a number representing character counts. For example:
-
d16: 16 numeric digits (e.g.1234567890123456) -
A8: 8 alpha-numeric characters (e.g.a1Ab2Bc3) -
x16: 16-digit hexadecimal number (e.g.0123456789abcdef).
There are also some character sets called by names:
for example, [base32] gives a character set composed of
lowercase-alphabet or digits from 2 to 7.
(e.g. [base32]7 → a2b3c4d)
The currently-available names for character sets are as follows:
| name | mnemonic | content | num. characters |
|---|---|---|---|
[digit] |
d |
decimal digits (0-9) |
10 |
[lower] |
l |
lowercase alphabets (a-z) |
26 |
[upper] |
capital alphabets (A-Z) |
26 | |
[lower_alnum] |
a |
lowercase alphabets + numerals (a-z0-9) |
36 |
[alnum] |
A |
alphabets + numerals (a-zA-Z0-9) |
62 |
[graph] |
s |
ASCII printable symbols (!-~ or a-zA-Z0-9!-/:-@[-\`{-~) |
94 |
[xdigit] |
x |
hexadecimal digits, lowercase (0-9a-f) |
16 |
[upper_xdigit] |
X |
hexadecimal digits, capital (0-9A-F) |
16 |
[base32] |
BASE32 digits, lowercase (a-z2-7) |
32 | |
[base32upper] |
BASE32 digits, capital (A-Z2-7) |
32 | |
[base64] |
B |
BASE64 symbols (A-Za-z0-9+/) |
64 |
[base64_fssafe] |
b |
BASE64 filesystem-safe variant (A-Za-z0-9_-) |
64 |
[icao] |
lowercase alphabets (a-z), ICAO phonetic alphabets hinted |
26 | |
[ICAO] |
capital alphabets (A-Z), ICAO phonetic alphabets hinted |
26 | |
[hiragana] |
Japanese hiragana characters | 46 | |
[katakana] |
Japanese katakana characters | 46 |
There are some mnemonics used for word-based passphrases.
-
E4: 4 random words chosen from nearly 10k-word English corpus. (e.g.anyone become calendar)
Lower-caseeuses words from Basic English (2k-word). -
j3: 3 random romanized Japanese words (nouns) (e.g.angou butsuri cha... corresponding to "暗号 物理 茶 [cryptography physics tea])
The currently-available names for word sets are as follows:
| name | mnemonic | English content | num. words |
|---|---|---|---|
[basicenglish] |
Words for Basic English | 859 | |
[english] |
e |
extended Basic English | 2 009 |
[gutenberg10k] |
E |
Top-10k common English words in Gutenberg Project | 9 912 |
[crossword] |
Words in Scrrabble Players Dictionary | 113 809 | |
[skey] |
4-char words used in S/Key onetime password | 2 048 | |
[icaowords] |
ICAO Phonetic Alphabets spelled out, lower-case | 26 | |
[ICAOwords] |
ICAO Phonetic Alphabets spelled out, upper-case | 26 | |
[kana] |
Romanization of Japanese kana characters | 46 |
| name | mnemonic | Japanese content | num. words |
|---|---|---|---|
[naist-jdic-simple] |
j |
Simple nouns in NAIST-JDIC | 37 614 |
[naist-jdic] |
J |
Japanese words in NAIST-JDIC | 131 897 |
[jwikipedia10k] |
Top-10k words extracted from Japanese Wikipedia | 6 688 |
| name | mnemonic | Others | num. words |
|---|---|---|---|
[uuid] |
UUID, randomly generated (variant 2, version 4) | 2122 |
Separators can be put before mnemonics or set names to separate words.
-
-E4: use hyphen between words (e.g.anyone-become-calendar) -
,[naist-jdic]3: use comma between words (e.g.angou,butsuri,cha) -
"@"E3: use at-mark between words (e.g.anyone@become@calendar) -
""[english]: no spaces between words (e.g.anyonebecomecalendar)
Allowed separators are space, hyphen, comma, under-bar, period or any
double-quoted string. Please note that use of space or
double-quotation will need single-quoting for the whole format spec
on most shell environments.
(e.g. make-password '""E3' or make-password ' J5')
If no separator is given, dictionary-words are space-separated and
characters are not separated by default.
Wordset can be subset by the first characters using
circumflex like [english^a-ex-z] or [j^kst]. (both names and
mnemonics are accepted before a circumflex). Character-based sets can
also be subset, if you need. It is an error to create a single-element or empty
set of words/characters (e.g. [d^a-z] (no alphabet in the digit
set), [x^f-k] (only f is contained), [english^O] (only
the word October begins with capital O)).
Several specifiers can be put side-by-side to generate compound passwords/passphrases.
-
a8d8(e.g.abcdefgh12345678) -
E4j3(e.g.anyone become calendar dictionary angou butsuri cha)
Separators can also be put before or between compound elements.
-
a8-d8: put hyphen between alphabet password and digits (e.g.abcdefgh-12345678)
Entropy specifier is possibly the most important feature of this tool. A colon followed by a decimal number at the end means minimum required quality of generated passphrases in "bits". More precisely, when ":n" is specified, generated passwords will have at least 2n possible combinations. To meet that requirement, the last element of the format is automatically repeated until satisfied.
-
E:96: a 96-bit passphrase from English words. (e.g.anyone become calendar dollar edit france garbage hole: 8 words) -
-j:40: a short 40-bit passphrase from Japanese words, separated by hyphen. (e.g.angou-butsuri-cha-denki) -
l8-d:80: 8 lowercase alphabets, separated by hyphen, and some digits to meet 80-bit quality in total. (e.g.abcdefgh-1234567890123: 13 digits after 8 alphabets) -
-x4:128: repeated set of 4 hexadecimal digits up to 128 bits. (e.g.0123-4567-89ab-cdef-1234-5678-9abc-def0)
This tool can also generate passwords for systems that require some 'conditions' about passwords, like "one digit and one capital character must be contained". Such restrictions are meaningless with machine-generated passwords with high randomness, but some systems want them to prevent human ignorance.
So-called "combinatorial password set" is specified by syntax {...}.
Inside the brace, there is a list of character-based sets,
each of which can optionally be followed by a number (e.g. {d1a1A1}).
Each list element specifies that a generated password may contain characters from that set, and must contain the specified number of characters specific in that set. As a shortcut, characters duplicated in two of those elements are removed from the larger set, if the smaller set is completely contained in the larger. The length of the generated password is specified either by a length or by an entropy specification, specified outside the brace. (Yes, its entropy is automatically computed!)
Some examples: {d1a1A1}10 specifies that the generated password
is 10 characters, with one or more digits, one or more lower-case
alphabets, and one or more capital alphabets.
(A1 here means that characters contained in A but not in a
and d (i.e. capital alphabets) must appear at least once.
Accordingly, a1 means at least one lower-case alphabets
(which are in a but not in d), and d1 means at least one digit.)__
The same set can be obtained by {d1a1A1}:59, as the set
contains approx. 59.3 bits of entropy.
Some useful combinations are as follows:
-
{Ad1}10... alphanumeric password with at least one digit (abcd0efghi) -
{A1a1d1}10... password containing all lower-case, capital and digits (abCD0efg1HI) -
{A1a1d1s1}10... also containing a symbol or more (abc0e!1Fg$)
{daA}10 is effectively equivalent to A10 (at least zero digits,
lower-cases and capitals...), and {X1x1}10 is error (capital
hexadecimals and lower-case hexadecimals are only partially
overlapping.)
Obviously, all of example outputs above are intentionally non-random at all. Never use these as passphrases!
make-password (c) 2018 National Institute of Advanced Industrial Science and Technology.