Generating Offline Passphrases
I'm a huge fan of https://makemeapassword.ligos.net/generate/readablepassphrase, and regularly advise people to use it when generating passwords that need to be memorized or typed frequently. However, there's been numerous times people have expressed concerns that they're effectively generating passwords on someone else's computer. This is (typically) an acceptable risk to me. However, I understand that my threat model is not your threat model. Fortuity, there's an offline version of the same tool with even more flexibility!
Go to the link above, and look for the "PassphraseGenerator.Console.X.X.X.zip". This file contains the PassphraseGenerator.exe offline generator, and the necessary wordlists and configuration files. Here's a sample of it's default usage.
C:\PassphraseGenerator> .\PassphraseGenerator.exe Readable Passphrase Generator 1.2.0 Generating 10 phrase(s) of strength 'Random'... Must be between 1 and 999 characters. Dictionary contains 15,346 words (loaded in 84.99ms) Average combinations ~1.279E+024 (~80.08 bits) Total combinations 6.406E+010 - 8.802E+038 (35.90 - 129.37 bits) Using no mutators their corral blunted the quart and the matriarch tarantulas are sullying the modulator but not the uncharted hydrant those tests mumbled meteorites might want that impact a sandbank thought the hem exhibits sincerely since my fishtail a sawyer chuckled emulators fancies that tear my spinnaker warned my dolt and a scooter the motivator spoke the capsized chemical has insured prior to an enemy her bosom renewed an invasion a leper convulses a beehive after a swindler your steps reasoned the peafowl will file this jackass Generated 10 phrase(s) in 76.26ms. C:\PassphraseGenerator>
Using this, you can generate custom phrases on your own system with more options than are available in the online version. For example, we can generate 5 phrases, with a minimum length of 15 and maximum length of 20. We're going to use a - as our separator instead of a space. We're going to capitalize one random word, and add a number to the end of one random word.
C:\PassphraseGenerator> .\PassphraseGenerator.exe --count 5 --min 15 --max 20 --separator '-' --mutUpper wholeword --mutUpperCount 1 --mutNumeric endofword --mutNumericCount 1 Readable Passphrase Generator 1.2.0 Generating 5 phrase(s) of strength 'Random'... Must be between 15 and 20 characters. Dictionary contains 15,346 words (loaded in 85.60ms) Average combinations ~1.279E+024 (~80.08 bits) Total combinations 6.406E+010 - 8.802E+038 (35.90 - 129.37 bits) Using upper case word and numeric mutators (1 word(s), 1 number(s)) THE-throwbacks-bid7 OWLS2-stick-a-wuss a-ranch-RELAXES5 Todd4-graded-THE-map WARNINGS0-scuttle Generated 5 phrase(s) in 237.86ms. C:\PassphraseGenerator>
Let me be clear, neither of these are particularly good for your average use case. The first are way too long for most people (max of 999 characters!) the second are painful to type in and probably not long enough. You probably want to set the min and max limit, if nothing else, to something reasonable. Be sure to check out all the other options available though.
C:\PassphraseGenerator>.\PassphraseGenerator.exe --help Usage: PassphraseGenerator.exe [options] -c --count nnn Generates nnn phrases (default: 10) -s --strength xxx Selects phrase strength (default: Random) xxx = [normal|strong|insane][equal|required][and|speech] or 'custom' or 'random[short|long|forever]' --min xxx Specifies a minimum length for phrases (def: 1) --max xxx Specifies a maximum length for phrases (def: 999) --spaces true|false Includes spaces between words (default: true) --separator x Character(s) to separate words (default: ) -n --nongrammar nn Creates non-grammatical passphrases of length nn -m --stdMutators Adds 2 numbers and 2 capitals to the passphrase -m2 --altMutators Adds 2 numbers and capitalises a single word --mutUpper xxx Uppercase mutator style (default: Never) xxx = [startofword|anywhere|runofwords|wholeword] --mutUpperCount nn Number of capitals to add (default: 2 --mutNumeric xxx Numeric mutator style (default: Never) xxx = [startofword|endofword|startorendofword|endofphrase|anywhere] --mutNumericCount nn Number of numbers to add (default: 2 --mutConstant xxx Constant mutator style (default: Never) xxx = [startofphrase|endofphrase|middleofphrase|anywhere] --mutConstantValue x String to use as constant (default: .) -l --loaderdll path Specifies a custom loader dll -t --loadertype path Specifies a custom loader type -a --loaderargs str Specifies arguments for custom loader -d --dict str Specifies a custom dictionary file -p --phrase path Specifies a custom phrase file Must use -strength custom -q --quiet Does not display any status messages (default: show) -h --help Displays this message See https://github.com/ligos/readablepassphrasegenerator for more information Contact Murray via GitHub or at https://keybase.io/ligos C:\PassphraseGenerator>
Since the source code is available, you can inspect this and build your own if you want to (which is beyond the scope of this article). You can also monitor network connections to ensure that nothing is behind sent out (again, beyond the scope).
If the author ever reads this, I would love to see a --minWords and --maxWords option, to set the min/max number of words used in the phrase rather than overall length. I would also love to see a --muteSpecial and --mutSpecialCount to add symbols to a passphrase for those sites that still require them.