{"id":12534,"date":"2015-09-06T14:51:01","date_gmt":"2015-09-06T14:51:01","guid":{"rendered":"https:\/\/www.bartbusschots.ie\/s\/?p=12534"},"modified":"2016-02-24T20:39:59","modified_gmt":"2016-02-24T20:39:59","slug":"using-the-hsxkpasswd-terminal-command-part-2-of-2","status":"publish","type":"post","link":"https:\/\/www.bartbusschots.ie\/s\/2015\/09\/06\/using-the-hsxkpasswd-terminal-command-part-2-of-2\/","title":{"rendered":"Using the hsxkpasswd<\/code> Terminal Command (Part 2 of 2)"},"content":{"rendered":"

This is the second part of a two-part post – read part 1 here<\/a>.<\/p>\n

In part 1 we learned how to use the command line too hsxkpasswd<\/code> to generate passwords, and how to use various flags to specify custom password generation configurations, and word sources. In this second part we’ll look at how to save these customisations for future use with .hsxkpasswdrc<\/code> files.<\/p>\n

<\/p>\n

.hsxkpasswdrc<\/code> Files<\/h2>\n

Before we starts, I just want to say that I don’t want to type ‘.hsxkpasswdrc<\/code> file’ over and over again, so I’ll use the abbreviation version rc file<\/em> instead.<\/p>\n

Rc files allow you to specify default settings, and to define your own named presets. You can specify that a particular rc file should be used with the --rcfile<\/code> flag. However, if you save the file in your home directory, and give it the name .hsxkpasswdrc<\/code>, it will be loaded automatically.<\/p>\n

While rc files allow you to specify defaults, their contents will never take precedence over command line flags. So, if you specify a default word source in your rc file, and then specify a different word source with the -d<\/code> flag, the word source specified with the -d<\/code> flag is the one that will be used. Similarly, if a file called .hsxkpasswdrc<\/code> exists in your home directory, and you use the --rcfile<\/code> flag to point at a different rc file, the one pointed to by the --rcfile<\/code> flag will be used. You can also use the –rcfile flag with the special value NONE to ignore the file named .hsxkpasswdrc<\/code> in your home directory.<\/p>\n

You can see which rc file is in use, if any, and what settings from that file are being used with the --verbose<\/code> flag. At the the start of the output you will see a series of notes that show the path to the rc file being used, the entropy warning level in use, and where that setting came from, the config in use, and where it came from, the word source in use, and where it came from, and the random number generator in use, and where it came from.<\/p>\n

If we use the --verbose<\/code> flag and explicitly specify that no rc file should be used, you’ll get the following output:<\/p>\n

\r\nbart-iMac2013:~ bart$ hsxkpasswd --rcfile NONE --verbose 10<\/strong>\r\n*NOTE* loading of hsxkpasswdrc files disabled with --rcfile=NONE\r\n*NOTE* no custom entropy warning level set\r\n*NOTE* using standard default config\r\n*NOTE* using default word source\r\n*NOTE* using default rng<\/strong>\r\n\r\n*DICTIONARY*\r\nSource: Crypt::HSXKPasswd::Dictionary::EN\r\n# words: 1259\r\n# words of valid length: 1194 (95%)\r\nContains Accented Characters: NO\r\n\r\n*CONFIG*\r\nallow_accents: '0'\r\ncase_transform: 'ALTERNATE'\r\nnum_words: '3'\r\npadding_character: 'RANDOM'\r\npadding_characters_after: '2'\r\npadding_characters_before: '2'\r\npadding_digits_after: '2'\r\npadding_digits_before: '2'\r\npadding_type: 'FIXED'\r\nseparator_character: 'RANDOM'\r\nsymbol_alphabet: ['!', '$', '%', '&', '*', '+', '-', '.', '\/', ':', ';', '=', '?', '@', '^', '_', '|', '~']\r\nword_length_max: '8'\r\nword_length_min: '4'\r\n\r\n*RANDOM NUMBER CACHE*\r\nRandom Number Generator: Crypt::HSXKPasswd::RNG::Math_Random_Secure\r\n# in cache: 0\r\n\r\n*PASSWORD STATISTICS*\r\nPassword length: between 24 & 36\r\nPermutations (brute-force): between 2.91x10^47 & 1.57x10^71 (average 2.14x10^59)\r\nPermutations (given dictionary & config): 1.10x10^16\r\nEntropy (Brute-Force): between 157bits and 236bits (average 197bits)\r\nEntropy (given dictionary & config): 53bits\r\n# Random Numbers needed per-password: 9\r\nPasswords Generated: 0\r\n\r\n==64&texas&CLASS&prepare&67==\r\n~~51-hunt-READY-three-20~~\r\n**27^ORDER^separate^HUNGER^57**\r\n::22@division@PAGE@crops@71::\r\n::14-COUNTRY-picked-MEET-83::\r\n^^92;reach;FIRE;greece;02^^\r\n..10!SHOUT!raise!FINLAND!95..\r\n??62&suit&POEM&belgium&65??\r\n^^03-RIGHT-berlin-BABY-24^^\r\n::17!compare!APRIL!line!97::\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
I have marked the notes I am referring to in bold. Notice that a lot of information about the inner workings of the module are printed when --verbose<\/code> is used, but that the 10 passwords requested also get printed. For the remainder of this tutorial I’ll be truncating the output of --verbose<\/code> to show only what’s relevant at the time.<\/p>\n
Like all other data structures used by hsxkpasswd<\/code>, rc files must be in JSON format. To that end, you might find the JSON primer<\/a> I posted a few weeks ago useful.<\/p>\n
Defining Your Own Presets<\/h2>\n
To define your own presets, add a JSON dictionary to the root of the rc file called custom_presets<\/code>. The names in the custom_presets<\/code> JSON dictionary should be the names of the presets being defined, and the values should be JSON dictionaries containing the following key\/value pairs:<\/p>\n
    \n
  • descrption<\/code>: must be a non-empty string<\/li>\n
  • config<\/li>\n
    : a valid HSXKPasswd configuration as a JSON dictionary (just like the ones we used in part 1 for specifying custom configurations with the -c<\/code> key)\n<\/ul>\n
    Preset names must be in all caps, and contain only letters, digits, and underscores.<\/p>\n
    This sounds very complicated when you write it down, but it’s not. The following is a fully valid rc file that defines one custom preset called TRUE_XKCD<\/code>:<\/p>\n
    \r\n{\r\n    \"custom_presets\" : {\r\n        \"TRUE_XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    }\r\n}\r\n<\/pre>\n
    Before saving this file into your home directory, you might consider saving it somewhere else and giving it a name like test_hsxkpasswdrc<\/code>, and testing to make sure the format is valid. You can test the validity of an rc file using the --test-rcfile<\/code> flag, e.g.:<\/p>\n
    \r\nbart-iMac2013:~ bart$ hsxkpasswd --test-rcfile test_hsxkpasswdrc<\/strong> \r\nValiding the converted datatsructure from the hsxkpasswdrc file ...\r\n** hsxkpasswdrc data OK **\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
    You can also test that your preset does what you expect by combining the --rcfile<\/code> and -p<\/code> flags:<\/p>\n
    \r\nbart-iMac2013:~ bart$ hsxkpasswd --rcfile test_hsxkpasswdrc -p TRUE_XKCD 10<\/strong>\r\nWARNING - Crypt::HSXKPasswd::_update_entropystats_cache(): for attacks assuming full knowledge, the combination of the loaded config and dictionary produces an entropy of 40bits, below the minimum recommended 52bits at \/usr\/local\/bin\/hsxkpasswd line 451.\r\nmoment early spot table\r\nfish make dark talk\r\nlift paris train lose\r\nkilled printed journey east\r\nmovement within fight beat\r\nduck wrote round person\r\nspeed value norway yourself\r\nexpect neighbor finland those\r\ncurrent dare mother doubt\r\nsafety public indian mountain\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
    You should now notice two things, firstly, 10 passwords using the new custom preset were generated and printed, and secondly, the command issued a low entropy warning.<\/p>\n
    What does this warning mean? It means that, in the very unlikely event that the person attacking your password knows ALL<\/strong> of the following, your password is not as secure as a truly random 8-character password:<\/p>\n
      \n
    1. that you use this tool to create your passwords<\/li>\n
    2. the exact configuration you use<\/li>\n
    3. the exact word source you use<\/li>\n<\/ol>\n
      It’s very unlikely than an attacker will know all of those things, so this warning refers to a very unlikely scenario. You probably want to suppress those warnings. You can do that using the -w<\/code> flag, or, you can set the warning level in your rc file.<\/p>\n
      There are three warnings levels, and I am listing them here from most to least paranoid:<\/p>\n
        \n
      1. SEEN<\/strong> – assume the attackers has full knowledge of how your password was made, and if the combination of configuration and word source in use would be easier for that attacker to crack than an 8 character truly random password, issue a warning.<\/li>\n
      2. BLIND<\/strong> – assume the attacker does not know how you create your passwords, and must resort to a brute-force attack (a very realistic scenario), warn if the passwords generated with the current config would be less secure than a 12 character truly random password.<\/li>\n
      3. NONE<\/code> – never warn about password strength<\/li>\n<\/ol>\n
        At the moment, the module, and the command-line tool, default to the most paranoid warning level of SEEN<\/code>. In hind sight I think that was probably a mistake, and it’s likely to change in future versions. I now think BLIND<\/code> would make a better default.<\/p>\n
        To set the warning level to BLIND<\/code>, we could specify -w BLIND<\/code> each time we use the hsxkpasswd<\/code> command like so:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd --rcfile test_hsxkpasswdrc -p TRUE_XKCD -w BLIND 10<\/code>\r\nnote fine sign discover\r\nprobable canada friends present\r\ntwelve forward nine farm\r\nholland belgium seem germany\r\ndrawing desire arrive cloud\r\ntokyo away actually true\r\nbottom galaxy workers corner\r\nfamily wind history evening\r\nchild give green hurry\r\nalso green hand describe\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Rather than passing our warning level each time, it probably makes more sense to use our rc file to set the default for us. We can do that by adding our desired value using a key called default_entropy_warnings<\/code>. Below is our original sample rc file with the default warning level added to it:<\/p>\n
        \r\n{\r\n    \"custom_presets\" : {\r\n        \"TRUE_XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    },\r\n    \"default_entropy_warnings\" : \"BLIND\"\r\n}\r\n<\/pre>\n
        You might want to test your file again, to make sure you didn’t make a mistake adding the default warning level:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd --test-rcfile test_hsxkpasswdrc<\/strong>\r\nValiding the converted datatsructure from the hsxkpasswdrc file ...\r\n** hsxkpasswdrc data OK **\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
        Assuming the file passes the test, you are now ready to move it into place as .hsxkpasswdrc<\/code> in your home directory:<\/p>\n
        \r\nmv test_hsxkpasswdrc ~\/.hsxkpasswdrc\r\n<\/pre>\n
        Once that’s done, you can use your new custom preset with just the -p<\/code> flag, as if it were a built-in preset:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd -p TRUE_XKCD 10<\/strong>\r\nship show small carry\r\nseason egypt hard type\r\nbetween duck seeds succeed\r\nseed settle moscow enter\r\nthey says almost hall\r\nknow drawing farmers death\r\nthrow wheels beside rock\r\nwants pole girl action\r\nrest received someone tools\r\nmember case finger neither\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        You’ll notice that your preset also shows up when you list the available presets with the -l<\/code> flag:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd -l<\/strong>\r\nAPPLEID, DEFAULT, NTLM, SECURITYQ, TRUE_XKCD<\/strong>, WEB16, WEB32, WIFI, XKCD\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Finally, you can use the --verbose<\/code> flag to verify that your rc file is being used:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd -p TRUE_XKCD --verbose 10<\/strong>\r\n*NOTE* using hsxkpasswdrc file \/Users\/bart\/.hsxkpasswdrc\r\n*NOTE* using entropy warning level specified in hsxkpasswdrc file\r\n*NOTE* using config from custom preset 'TRUE_XKCD'<\/strong>\r\n*NOTE* using default word source\r\n*NOTE* using default rng\r\n\r\n...\r\n\r\nmexico night decide instead\r\nbroke scotland matter june\r\nnine hunt minute daughter\r\ncompany appear outer fall\r\npossible entered bird neck\r\npractice tried rome certain\r\nearth great meeting farmers\r\nsave cents dark worn\r\nless gift divide bicycle\r\nmaster beauty exactly rome\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Overriding Standard Presets<\/h2>\n
        Presets defined in an rc file take precedence over the built-in presets, so, if you disagree with my choices, you can replace my version of a preset with your own.<\/p>\n
        Instead of adding a new preset called TRUE_XKCD<\/code>, you could equally well replace the standard preset XKCD<\/code> with your own version. You do this by simply creating a custom preset with the same name as the standard preset you want to override. We can alter our existing example to that by simply changing TRUE_XKCD<\/code> to XKCD<\/code>, resulting in the following file:<\/p>\n
        \r\n{\r\n    \"custom_presets\" : {\r\n        \"XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    },\r\n    \"default_entropy_warnings\" : \"BLIND\"\r\n}\r\n<\/pre>\n
        Now, we can use our version of the XKCD<\/code> preset as follows:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd -p XKCD 10<\/strong>\r\nhigh will effort cells\r\nhavana charge could beyond\r\nthree month spain thrown\r\nfinished angle saturday cool\r\nhimself moscow cake minutes\r\nmouth past there plan\r\ndoor entered money wood\r\nthrew poem case know\r\nniece explain noise sense\r\nquickly practice island wait\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Again, you can use the --verbose<\/code> flag to verify that the custom config in the rc file is taking precedence over the standard:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd -p XKCD --verbose 10<\/strong>\r\n*NOTE* using hsxkpasswdrc file \/Users\/bart\/.hsxkpasswdrc\r\n*NOTE* using entropy warning level specified in hsxkpasswdrc file\r\n*NOTE* using config from custom preset 'XKCD'<\/strong>\r\n*NOTE* using default word source\r\n*NOTE* using default rng\r\n\r\n...\r\n\r\nforest equal mind strength\r\ngoodbye white likely village\r\nguard this park burn\r\nmarch venus burn liar\r\nthrew silent course egypt\r\npage that nerve entire\r\nplural practice sold want\r\nfavor large numeral under\r\nwest shirt peru cannot\r\npublic century warm succeed\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        The default configuration used when no preset or config is supplied is the standard preset DEFAULT<\/code>. This is just a preset though, so, it can be replaced with your own custom preset using an rc file.<\/p>\n
        In the version of our example rc file below, I have added a new DEFAULT<\/code> preset of my own that is similar to, but not quite the same as, the standard APPLEID<\/code> preset:<\/p>\n
        \r\n{\r\n    \"custom_presets\" : {\r\n        \"DEFAULT\" : {\r\n            \"description\" : \"A custom default preset to ovrride the standard default\",\r\n            \"config\" : {\r\n                \"padding_alphabet\" : [\"!\", \"?\", \"@\", \"&\"],\r\n                \"separator_alphabet\" : [\"-\", \":\", \".\", \",\"],\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 2,\r\n                \"separator_character\" : \"RANDOM\",\r\n                \"padding_digits_before\" : 2,\r\n                \"padding_digits_after\" : 2,\r\n                \"padding_type\" : \"FIXED\",\r\n                \"padding_character\" : \"RANDOM\",\r\n                \"padding_characters_before\" : 1,\r\n                \"padding_characters_after\" : 1,\r\n                \"case_transform\" : \"ALTERNATE\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        },\r\n        \"XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    },\r\n    \"default_entropy_warnings\" : \"BLIND\"\r\n}\r\n<\/pre>\n
        This new preset will now be used when no configuration is specified:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd 10<\/strong>\r\n&60,SOLDIERS,flow,59&\r\n?14.shape.NATION.51?\r\n@20.USUALLY.note.54@\r\n!16-DELAWARE-grave-65!\r\n@35-PART-edge-11@\r\n@63:mail:EVER:51@\r\n@13.back.PRODUCTS.82@\r\n?48-that-MORNING-52?\r\n@35-OFFICE-malta-90@\r\n?43,BEYOND,addition,61?\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Again, we can use the --verbose<\/code> flag to verify that that is indeed what is going on:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd --verbose 10<\/strong>\r\n*NOTE* using hsxkpasswdrc file \/Users\/bart\/.hsxkpasswdrc\r\n*NOTE* using entropy warning level specified in hsxkpasswdrc file\r\n*NOTE* using custom default config from hsxkpasswdrc file<\/strong>\r\n*NOTE* using default word source\r\n*NOTE* using default rng\r\n\r\n...\r\n\r\n&98:suffix:START:31&\r\n@67.NECK.drive.93@\r\n@22:INDIAN:cold:23@\r\n?96-beauty-VIRGINIA-36?\r\n!69-manner-PROMISE-95!\r\n!85,YOURSELF,enemy,46!\r\n!35.GREAT.uncle.00!\r\n&93:ICELAND:road:29&\r\n?56.SENT.stream.45?\r\n!42.stock.FORGET.06!\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Specifying Default Word Sources<\/h2>\n
        Another important use for rc files is to specify a default word source.<\/p>\n
        Just like there are two ways to specify a word source with flags (-d<\/code>\/--dict-file<\/code> and --dict-pkg<\/code>), there are two equivalent options in rc files.<\/p>\n
        Let’s start by specifying a Perl package as the default word source. Perhaps, your native language is not English, but Dutch, so you would like the Dutch dictionary used by default. The module ships with a Dutch dictionary package, specifically Crypt::HSXKPasswd::Dictionary::NL<\/code>, we can use that as the default word source by adding a top-level dictionary called default_dictionary<\/code> to the rc file. In that dictionary we add an entry with the name package<\/code> and the name of the desired Perl package as the value.<\/p>\n
        Below is our example rc file updated to use the built-in Dutch dictionary package by default:<\/p>\n
        \r\n{\r\n    \"custom_presets\" : {\r\n        \"DEFAULT\" : {\r\n            \"description\" : \"A custom default preset to ovrride the standard default\",\r\n            \"config\" : {\r\n                \"padding_alphabet\" : [\"!\", \"?\", \"@\", \"&\"],\r\n                \"separator_alphabet\" : [\"-\", \":\", \".\", \",\"],\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 2,\r\n                \"separator_character\" : \"RANDOM\",\r\n                \"padding_digits_before\" : 2,\r\n                \"padding_digits_after\" : 2,\r\n                \"padding_type\" : \"FIXED\",\r\n                \"padding_character\" : \"RANDOM\",\r\n                \"padding_characters_before\" : 1,\r\n                \"padding_characters_after\" : 1,\r\n                \"case_transform\" : \"ALTERNATE\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        },\r\n        \"XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    },\r\n    \"default_entropy_warnings\" : \"BLIND\",\r\n    \"default_dictionary\" : {\r\n        \"package\" : \"Crypt::HSXKPasswd::Dictionary::NL\"\r\n    }\r\n}\r\n<\/pre>\n
        We can now generate 10 passwords with Dutch words using our custom default preset as follows:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd 10<\/strong>\r\n&35.MEMBRAAN.verpacht.82&\r\n?06.BIJGEVAL.beijverd.94?\r\n&19,kopzijde,AFROEIT,79&\r\n!80,lijvigst,BITTERDE,23!\r\n&23,RIJT,kluppel,82&\r\n@01,ONTHIEF,vastheid,96@\r\n!31-AFTOMEN-enten-74!\r\n?97,oostkant,MEEGA,73?\r\n!10.vangrad.UITKEREN.21!\r\n@52:SMEEDDE:gedropen:77@\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Again, we can verify that the rc file is being properly interpreted with –verbose<\/strong>:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd --verbose 10<\/strong>\r\n*NOTE* using hsxkpasswdrc file \/Users\/bart\/.hsxkpasswdrc\r\n*NOTE* using entropy warning level specified in hsxkpasswdrc file\r\n*NOTE* using custom default config from hsxkpasswdrc file\r\n*NOTE* using dictionary package from hsxkpasswdrc file<\/strong>\r\n*NOTE* using default rng\r\n\r\n...\r\n\r\n@14,aanpap,ZEURIGST,59@\r\n@78.TONGPUNT.goud.12@\r\n?54,kromlag,STROPJE,70?\r\n!10:ZANGERES:treksels:91!\r\n@55:bevragen:BEKEERT:23@\r\n?75,broekpak,MADAMS,20?\r\n?78-puzzels-VOORAAN-50?\r\n&85-HOENTJES-zwingelt-24&\r\n!19,VRIJSTE,melodie,55!\r\n!83:GEDUURD:gelaten:35!\r\nbart-iMac2013:~ bart$ \r\n<\/pre>\n
        There is a lot of value in having a custom dictionary file of your own, so the second thing we’ll look at is how to specify a dictionary file rather than a package.<\/p>\n
        Just a reminder, dictionary files are text files containing one word per line, and lines starting with a #<\/code> symbol are ignored. This is the same format as the standard Unix words file.<\/p>\n
        As an example, let’s edit the rc file to use the standard Unix words file (\/usr\/share\/dict\/words<\/code> on OS X) as our default word source. We do this by changing the name package<\/code> to file<\/code> inside default_dictionary<\/code>, and changing the associated value from the package name to the path to our desired dictionary file. Below is our example rf file updated accordingly:<\/p>\n
        \r\n{\r\n    \"custom_presets\" : {\r\n        \"DEFAULT\" : {\r\n            \"description\" : \"A custom default preset to ovrride the standard default\",\r\n            \"config\" : {\r\n                \"padding_alphabet\" : [\"!\", \"?\", \"@\", \"&\"],\r\n                \"separator_alphabet\" : [\"-\", \":\", \".\", \",\"],\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 2,\r\n                \"separator_character\" : \"RANDOM\",\r\n                \"padding_digits_before\" : 2,\r\n                \"padding_digits_after\" : 2,\r\n                \"padding_type\" : \"FIXED\",\r\n                \"padding_character\" : \"RANDOM\",\r\n                \"padding_characters_before\" : 1,\r\n                \"padding_characters_after\" : 1,\r\n                \"case_transform\" : \"ALTERNATE\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        },\r\n        \"XKCD\" : {\r\n            \"description\" : \"A preset that mimicks the famous cartoon exactly\",\r\n            \"config\" : {\r\n                \"word_length_min\" : 4,\r\n                \"word_length_max\" : 8,\r\n                \"num_words\" : 4,\r\n                \"separator_character\" : \" \",\r\n                \"padding_digits_before\" : 0,\r\n                \"padding_digits_after\" : 0,\r\n                \"padding_type\" : \"NONE\",\r\n                \"case_transform\" : \"LOWER\",\r\n                \"allow_accents\" : 0\r\n            }\r\n        }\r\n    },\r\n    \"default_entropy_warnings\" : \"BLIND\",\r\n    \"default_dictionary\" : {\r\n        \"file\" : \"\/usr\/share\/dict\/words\"\r\n    }\r\n}\r\n<\/pre>\n
        Again, we can verify that things are working as expected with the --verbose<\/code> option:<\/p>\n
        \r\nbart-iMac2013:~ bart$ hsxkpasswd --verbose 10<\/strong>\r\n*NOTE* using hsxkpasswdrc file \/Users\/bart\/.hsxkpasswdrc\r\n*NOTE* using entropy warning level specified in hsxkpasswdrc file\r\n*NOTE* using custom default config from hsxkpasswdrc file\r\n*NOTE* using dictionary file from hsxkpasswdrc file<\/strong>\r\n*NOTE* using default rng\r\n\r\n*DICTIONARY*\r\nSource: Crypt::HSXKPasswd::Dictionary::Basic (loaded from: the file(s) \/usr\/share\/dict\/words)\r\n# words: 234252\r\n# words of valid length: 87066 (37%)\r\nContains Accented Characters: NO<\/strong>\r\n\r\n...\r\n\r\n!30-ESSENIS-dogvane-11!\r\n?45.undrying.MYRRH.79?\r\n&02-ZONELIKE-annoyer-15&\r\n@86-VARLETRY-notice-73@\r\n@53,INCONNU,rocklike,43@\r\n&54.CATLING.adipsy.11&\r\n&28,yearday,PHENOLIC,84&\r\n?65-BELLHOP-keyless-99?\r\n!93:HANKY:coupelet:26!\r\n!35.iguanian.MIAN.21!\r\nbart-iMac2013:~ bart$\r\n<\/pre>\n
        Final Thoughts<\/h2>\n
        We have not covered everything .hsxkpasswdrc<\/code> files can do in this short tutorial. For more details see the hsxkpasswd<\/code> man page:<\/p>\n
        \r\nman hsxkpasswd\r\n<\/pre>\n
        Using a .hsxkpasswdrc<\/code> file, it’s possible to use the hsxkpasswd<\/code> command with few, or no arguments, and still get a highly customised experience. This makes it very easy to customise hsxkpasswd<\/code>, and generate passwords just the way you like them.<\/p>\n","protected":false},"excerpt":{"rendered":"
        This is the second part of a two-part post – read part 1 here. In part 1 we learned how to use the command line too hsxkpasswd to generate passwords, and how to use various flags to specify custom password generation configurations, and word sources. In this second part we’ll look at how to save […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12,440,17,446],"tags":[406,410,458],"series":[],"class_list":["post-12534","post","type-post","status-publish","format-standard","hentry","category-computers-tech","category-tech-projects","category-security","category-sysadmin","tag-commandline","tag-hsxkpasswd","tag-tutorial"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p7t9xK-3ga","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/12534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/comments?post=12534"}],"version-history":[{"count":6,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/12534\/revisions"}],"predecessor-version":[{"id":13734,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/12534\/revisions\/13734"}],"wp:attachment":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/media?parent=12534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/categories?post=12534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/tags?post=12534"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/series?post=12534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}