\input texinfo @c -*-texinfo-*- @c %**start of header @setfilename passcheck.info @settitle passcheck @afourpaper @documentencoding UTF-8 @documentlanguage en @finalout @c %**end of header @dircategory Security @direntry * passcheck: (passcheck). Passphrase strength evaluator @end direntry @copying Copyright @copyright{} 2013, 2015 Mattias Andrée @quotation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''. @end quotation @end copying @ifnottex @node Top @top passcheck -- Passphrase strength evaluator @insertcopying @end ifnottex @titlepage @title passcheck @subtitle Passphrase strength evaluator @author by Mattias Andrée (maandree) @page @vskip 0pt plus 1filll @insertcopying @page @end titlepage @contents @menu * Overview:: Brief overview of @command{passcheck}. * Invoking:: Executing @command{passcheck}. * Factors:: Factors weighted in at evaulation. * GNU Free Documentation License:: Copying and sharing this manual. @end menu @node Overview @chapter Overview @command{passcheck} is a tool that rates passphrases based on the strengths, a highly rated passphrase is a string passphrase. You are recommended not to use any passphrases rated below 300. Passphrases are read from stdin and the rating followed by the passphrase for each passphrases is written to stdout, and stderr is quited unless the program files. @node Invoking @chapter Invoking @command{passcheck} parses each line (must end exactly with one UNIX line break) as a passphrase and puts the (positive integer) rating before the passphrase separated with one blankspace. You may want to pipe stdout to @command{sort -n} to get the strongest passphrase at the bottom. Use @option{--raw} or @option{-r} if the passphrase may contain a ESC character, otherwise it is parsed as an ANSI escape sequence wish is ignored in the rating and allows you to use colours in the passphrases. @node Factors @chapter Factors @command{passcheck} weights in the following factors when evaluating the strength of a passphrase: @itemize @bullet @item The passphrase is not a commonly use passphrase. Currently a top-1000 list is used. @item The degree to which characters are mixed. @item The classes of used characters. For example non-ASCII characters are better than ASCII chracters. @item The distance, on a QWERTY-keyboard, of successive keys. @item The length of the passphrase. @end itemize It has been argued that passphrases should not form grammatically correct sentence, even if the sentence itself if nonsense. The argument is that the majority of possible choices of words can be eliminated for each word position, based on the previous word. However a counterargument for this concern is that number of possible combinations, assuming the sentence is nonsensical, large enough even if choices can be eliminated using grammar. Currently, evaluation based on grammar is not made, so if you believe grammatically correct sentence should be avoided, please manually check that the passphrase you choose does not form a grammatically correct sentence, and preferably, not even in part. @node GNU Free Documentation License @appendix GNU Free Documentation License @include fdl.texinfo @bye