{"id":12291,"date":"2015-08-22T15:12:21","date_gmt":"2015-08-22T15:12:21","guid":{"rendered":"https:\/\/www.bartbusschots.ie\/s\/?p=12291"},"modified":"2016-02-24T20:35:53","modified_gmt":"2016-02-24T20:35:53","slug":"using-the-hsxkpasswd-terminal-command-part-1-of-2","status":"publish","type":"post","link":"https:\/\/www.bartbusschots.ie\/s\/2015\/08\/22\/using-the-hsxkpasswd-terminal-command-part-1-of-2\/","title":{"rendered":"Using the hsxkpasswd<\/code> Terminal Command (Part 1 of 2)"},"content":{"rendered":"

Since version 3.5, the Crypt::HSXKPasswd<\/code> password generating perl module ships with a command line interface to the password generator called hsxkpasswd<\/code>. This provides a way for non-Perl programers to access the vast majority of the module’s functionality.<\/p>\n

The easiest way to install the module, and it’s accompanying terminal command is via CPAN:<\/p>\n

\r\nsudo cpan Crypt::HSXKPasswd\r\n<\/pre>\n
Once the module is installed, you’ll have access to the hsxkpasswd<\/code> terminal command.<\/p>\n
Getting started is simple, run the command with no arguments at all and it will generate one password using the default settings:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd<\/strong>\r\n@@26.MEASURE.below.LIFT.95@@\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
If you want more passwords, pass a number as an argument, and you’ll get that many passwords:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd 10<\/strong>\r\n~~08!hole!VOWEL!then!45~~\r\n$$49^monday^YELLOW^remember^22$$\r\n\/\/69-express-MONDAY-edge-54\/\/\r\n--42~KITCHEN~save~COLD~40--\r\n==51%REPLY%even%AUGUST%28==\r\n%%63&list&INSIDE&train&58%%\r\n^^19!spain!CONGO!spain!01^^\r\n::30@SMILED@from@PERIOD@90::\r\n&&05%decimal%THREE%remember%80&&\r\n..47^ROAD^dress^BERLIN^11..\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
<\/p>\n
Using Built-in Presets<\/h2>\n
The module, and hence the terminal command, ships with a number of pre-defined presets. To see a list of all available presets, use the -l<\/code> (or --list-presets<\/code>) flag:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd -l<\/strong>\r\nAPPLEID, DEFAULT, NTLM, SECURITYQ, WEB16, WEB32, WIFI, XKCD\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
To use a preset, use the -p<\/code> (or --preset<\/code>) flag:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd -p SECURITYQ<\/strong>\r\nangry call fast soldier Monday Delaware?\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
You can of course still generate as many passwords at once as you like:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd -p SECURITYQ 10<\/strong>\r\nsuddenly rich game desire Tuesday seeds.\r\npractice mile colour practice roll always.\r\npark resent offer signal even simple.\r\nlower dish room sent tomorrow mind?\r\nstory drawing strange spell Fiji burn.\r\nthink shall complete march afraid sight!\r\nsuffix finally surface again seem angle.\r\nkitchen later division dinner park killed?\r\nover period dollar hunger kept slowly?\r\nfellow Panama building what worn because.\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
It is also possible to tweak an existing preset by overriding the values in specific configuration keys. The first step to doing this is to peek under the hood and look at the settings specified by the preset you want to tweak, you can do that with the --verbose<\/code> flag (I’ve marked the relevant section of the verbose output in bold):<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd --verbose -p SECURITYQ<\/strong>\r\n*NOTE* no hsxkpasswdrc file loaded\r\n*NOTE* no custom entropy warning level set\r\n*NOTE* using standard preset 'SECURITYQ'\r\n*NOTE* using default word source\r\n*NOTE* using default rng\r\n\r\n*DICTIONARY*\r\nSource: Crypt::HSXKPasswd::Dictionary::EN\r\n# words: 1259\r\n# words of valid length: 1194 (95%)\r\nContains Accented Characters: NO\r\n\r\n*CONFIG*\r\nallow_accents: '0'\r\ncase_transform: 'NONE'\r\nnum_words: '6'\r\npadding_alphabet: ['!', '.', '?']\r\npadding_character: 'RANDOM'\r\npadding_characters_after: '1'\r\npadding_characters_before: '0'\r\npadding_digits_after: '0'\r\npadding_digits_before: '0'\r\npadding_type: 'FIXED'\r\nseparator_character: ' '\r\nword_length_max: '8'\r\nword_length_min: '4'<\/strong>\r\n\r\n*RANDOM NUMBER CACHE*\r\nRandom Number Generator: Crypt::HSXKPasswd::RNG::Math_Random_Secure\r\n# in cache: 0\r\n\r\n*PASSWORD STATISTICS*\r\nPassword length: between 30 & 54\r\nPermutations (brute-force): between 1.33x10^53 & 4.22x10^95 (average 2.37x10^74)\r\nPermutations (given dictionary & config): 8.69x10^18\r\nEntropy (Brute-Force): between 176bits and 317bits (average 247bits)\r\nEntropy (given dictionary & config): 62bits\r\n# Random Numbers needed per-password: 7\r\nPasswords Generated: 0\r\n\r\nspring might opposite poem London soil?\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
Let’s say we don’t like having question marks at the end of the generated security question answers, and lets say we want to alternate the case of each word, but leave the rest of the preset the same. We can do this with the -o<\/code> (or --overrides<\/code>) flag. This flag expects the value to be a JSON string representing configuration key name-value pairs (for help with JSON see this quick intro<\/a>). The command below makes our desired changes:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd -p SECURITYQ -o '{\"padding_alphabet\" : [\".\", \"!\"], \"case_transform\" : \"ALTERNATE\"}' 10<\/strong>\r\nSEEDS rain BRIGHT plan SOME receive.\r\nhappy HUNTING stop SHIP mine AFRAID!\r\nGOVERN sand SAIL into FRONT school.\r\ndish BETWEEN there SETTLE result AWAY!\r\nstory MEMBER british MISTER trust FIJI!\r\nSHOUT agree SINGLE halt INCLUDE spend.\r\nSTRENGTH english STREET than TEST laugh.\r\nlater BRITAIN turn EVEN nearly MEMBER!\r\nhowever NEVADA cuba RETURN happen WING.\r\nBRAZIL none TOWARD neptune BELL forever.\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
Creating Custom Presets<\/h2>\n
While tweaking existing presets might be a good approach much of the time, you may find yourself wanting to create a custom configuration that looks absolutely nothing like any of the presets. You can do this by creating a text file that represents your chosen settings in JSON format, and then passing the path to that file to hsxkpasswd<\/code> using the -c<\/code> (or --config-file<\/code>) flag.<\/p>\n
\n
Suggestion<\/h4>\n
You can use the load\/save tab in the web interface at https:\/\/www.xkpasswd.net\/ to generate your config, then copy and paste it into a text file. The output from that web form is in JSON format. The only small caveat is that to avoid warnings, you should delete the line \"random_increment\": \"AUTO\" <\/code> (and the trailing comma on the line above) from the file.<\/p>\n<\/blockquote>\n
As an example, I am going to save the following JSON markup to the file ~\/Documents\/Temp\/sampleconfig.json.txt<\/code>:<\/p>\n
\r\n{\r\n \"num_words\": 4,\r\n \"word_length_min\": 4,\r\n \"word_length_max\": 8,\r\n \"case_transform\": \"ALTERNATE\",\r\n \"separator_character\": \"RANDOM\",\r\n \"separator_alphabet\": [\r\n  \"-\",\r\n  \":\",\r\n  \".\",\r\n  \",\"\r\n ],\r\n \"padding_digits_before\": 2,\r\n \"padding_digits_after\": 2,\r\n \"padding_type\": \"FIXED\",\r\n \"padding_character\": \"RANDOM\",\r\n \"symbol_alphabet\": [\r\n  \"!\",\r\n  \"?\",\r\n  \"@\",\r\n  \"&\"\r\n ],\r\n \"padding_characters_before\": 1,\r\n \"padding_characters_after\": 1\r\n}\r\n<\/pre>\n
Once that file is saved, I can use my custom created config:<\/p>\n
\r\nbart-iMac2013:~ bart$ hsxkpasswd -c ~\/Documents\/Temp\/sampleconfig.json.txt 10<\/strong>\r\n?33-europe-CONTROL-wedge-PLANE-25?\r\n!31.power.DESIRE.know.MUST.81!\r\n@79:FOUR:lord:THOUSAND:light:21@\r\n?79,head,CHANCE,shake,COLUMN,28?\r\n?08:germany:SURPRISE:friends:FELT:08?\r\n&26:pull:TELL:steel:PARK:18&\r\n?56.GRAY.north.VERB.stood.13?\r\n@38-gone-VARIOUS-right-REASON-07@\r\n&85:BESIDE:probable:REALLY:inches:51&\r\n?46.DOUBT.daily.MADRID.bridge.28?\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
Specifying Word Sources<\/h2>\n
There are two flags that can be used to specify the word list the terminal command should use, -d<\/code> (or --dict-file<\/code>), and --dict-pkg<\/code> (perhaps accompanied by --dict-pkg-args<\/code>).<\/p>\n
The first flag allows users to specify the path to a dictionary file (more on this later), and the second flag allows the user to specify the name of a Perl module which will serve as the word source. The module ships with a number of standard dictionary module, and programmers can create their own custom modules by extending the class Crypt::HSXKPasswd::Dictionary<\/code>. Since this is a tutorial for terminal users rather than perl programmers, we won’t discuss the ins and outs of creating your own package. I’ll simply list the included dictionary modules of interest to terminal users:<\/p>\n