pass-gen

A codesections project | Source available on GitHub or GitLab


pass-gen is a command-line utility that generates secure, pronounceable passphrases which can be used on their own, copied to a GUI password manager, or piped directly into a password manager that accepts standard input.

Password security is important. But imagine you need to log into your email account from a computer at the library. Which password would you rather type in: {!]&Sk)r"ss|$K40:]PP''3k- or skirt?UNSTEADY?legend?SUPERJET?livable?DINGBAT?507? What if I told you that the second one is just as secure as the first?

Anytime you might need to type in a password, or read a password out to someone else, or use a password on a device that doesn't have your password manager installed—that is, anytime at all—you would be better off using a securely generated passphrase.

Of course, that doesn't mean that you shouldn't use a password manager for those times when you don't need to type your password in. So, ideally you'd want a password generator that plays well with your password manager. In the Unix tradition, the best way for one tool to play well with another is to produce plain-text standard output.

pass-gen does exactly that. Use it to generate secure, pronounceable passphrases and then pipe them on to any other tool that accepts standard input.

pass-gen is:

Installation

To install pass-gen, run the following command in your terminal:

 git clone https://gitlab.com/codesections/pass-gen.git && \
 cd pass-gen && \
 sudo make install

If you ever need to uninstall, run the following command from the pass-gen directory:

 sudo make uninstall

Usage

See the manual page for full details (after installing pass-gen, run man pass-gen) or run pass-gen --help for shorter information.

basic usage:

 $ pass-gen 
 Generated passphrase copied to clipboard.  Will clear in 45 seconds.
 $ pass-gen -e
 Generated passphrase copied to clipboard.  Will clear in 45 seconds.
 OUTTHINK-barman-AFTERMOST-liqueur-LANDLORD-jovial-134

advanced usage:

 $ pass-gen --padding-before 2 --padding-after 1 --length 7 -e 
 Generated passphrase copied to clipboard.  Will clear in 45 seconds.
 34OUTBREAK^caucus^PROBLEM^attempt^CARLESS^outsell^CORRECT^8

Usage with pass, the standard Unix password manager:

 $ pass-gen -e | pass add -e USERNAME
 Generated passphrase copied to clipboard.  Will clear in 45 seconds.
 [master 8563f73] Add given password for USERNAME to store.
   1 file changed, 0 insertions(+), 0 deletions(-)
   create mode 100644 USERNAME.gpg

If you do not wish to pass command-line options to pass-gen, you may optionally create a ~/.passgenrc file to specify default values different from the built-in defaults.

Example ~/.passgenrc configuration file;

 word-list=~/pass-gen/wordlists/Beale_wordlist
 echo-password
 padding-after=1
 padding-before=1
 character-list=~/pass-gen/character-lists/ASCII_symbol_list

Alternatives to pass-gen

There are many alternative passphrase generators. I believe they all have some issues, which is why I wrote pass-gen. However, in the interest of full disclosure, I list them all below.

Bug reports and contributing

pass-gen is under active development and would welcome new contributors. pass-gen is currently co-hosted on both GitLab and GitHub, so please feel free to file issues, make pull requests, or otherwise contribute through either site. Also feel free to submit bug reports or patches via email, either to pass-gen@codesections.com or to daniel@codesections.com.