.\" -*- nroff -*- .\" Generated automatically from ppgen.1.in by configure. .\" ppgen.1.in .\" Michael Shields .\" Public domain .\" .TH PPGEN 1 1995-08-29 Tembel . .SH NAME ppgen \- passphrase generator . .SH SYNOPSIS .B ppgen [\fB\-d \fIdicts\fR] [\fB\-e \fIbits\fR] [\fB\-n \fIcount\fR] [\fB\-p \fIpath\fR] . .SH DESCRIPTION .B ppgen generates passphrases on standard output. It can be used from the command line or by a modified .BR passwd (1). .PP The algorithm used is to choose words randomly from a dictionary, as many as are necessary to achieve the desired level of entropy (i.e., security). The resulting passphrases are longer than traditional cryptic passwords of the `aWCp+@4f' sort, but easier to remember and type; and using .B ppgen is much easier than thinking of an equally unguessable secret. . .SH OPTIONS .TP \fB\-d \fIdicts\fR Choose an alternate dictionary (or dictionaries); this is a colon-seperated list. The default is taken from the environment variable .BR PPGEN_DICTS , then defaults to `en'. .TP \fB\-e \fIbits\fR Generate a passphrase that has (at least) .I bits bits of entropy. This option changes the number of possible passphrases, and thus the space which an attacker must search. By default, it is\ 64; for comparison, DES keys have (at most) 56\ bits of entropy. .TP \fB\-n \fIcount\fR Output .I count passphrases, instead of just one. .TP \fB\-p \fIpath\fR Look for dictionaries in .IR path ; the default is .IR /usr/local/share/ppgen . . .SH BUGS .B ppgen is not magic. Having a good passphrase does not automatically provide you with security. If you write it down, deliberately give it to someone else, bypass it with .IR .rhosts , or send it in plaintext over an insecure channel, you lose. The only security .B ppgen gives you is protection against dictionary attacks, and knowledge that your password is strong without having to spend a great deal of effort constructing it. The best way to use .B ppgen is to generate strings which are hashed into keys for a challenge-response or ticket-based authentication system, such as S/Key or Kerberos, which provide protection against eavesdropping and replay. .PP .BR ppgen 's generated passphrases are only as unguessable as the random numbers used to generate them. By compile-time configuration, they come from .ie !"false"" PGP's cryptographically strong RNG. .el .BR random (3), folded four times. . .SH SEE ALSO .BR passwd (1) . .SH AUTHOR Michael Shields .