====== Introduction ======
A generator for random passwords
''apg'' generates several random passwords. It uses several password generation algorithms (currently two) and a built-in pseudo random number generator.
Default algorithm is pronounceable password generation algorithm designed by Morrie Gasser and described in A Random Word Generator For Pronounceable Passwords National Technical Information Service (NTIS) AD-A-017676. The original paper is very old and had never been put online, so I have to use NIST implementation described in FIPS-181.
Another algorithm is simple random character generation algorithm, but it uses four user-defined symbol sets to produce random password. It means that user can choose type of symbols that should appear in password. Symbol sets are: numeric symbol set (0, ..., 9) , capital letters symbol set (A, ..., Z) , small letters symbol set (a, ..., z) and special symbols symbol set (#, @, !, ...).
Built-in pseudo random number generator is an implementation of algorithm described in Appendix C of ANSI X9.17 or RFC1750 with exception that it uses CAST or SHA-1 instead of Triple DES. It uses local time with precision of microseconds (see gettimeofday(2)) and /dev/random (if available) to produce initial random seed.
''apg'' also have the ability to check generated password quality using dictionary. You can use this ability if you specify command-line options ''-r dictfile'' or ''-b filtername'' where dictfile is the dictionary file name and filtername is the name of Bloom filter file. In that dictionary you may place words (one per line) that should not appear as generated passwords. For example: user names, common words, etc. You even can use one of the dictionaries that come with dictionary password crackers. Bloom filter file should be created with ''apgbfm'' utility included in apg distribution. In future releases I plan to implement some other techniques to check passwords (like pattern check) just to make life easier.
====== Links ======
===== General =====
[[http://www.adel.nursat.kz/apg/]] (currently offline)\\
====== Docs ======
''/usr/share/doc/apg/APG_TIPS''
====== Files and Directories ======
===== General Files and Directories =====
None
===== Configuration Files =====
^ File or Directory ^ Description ^
| ''/etc/apg.conf'' | System-wide apg configuration for all users on the system. |
====== Getting Help ======
Manual pages:
user@host:~$ man apg
For the bloom filter program:
user@host:~$ man apgbfm
====== Install ======
To install //apg// on Debian:
root@host:~$ apt-get update
root@host:~$ apt-get -y install apg
====== Configuration ======
Any command line option can be added to the Variable ''APG_PARM'' in the configuration file ''/etc/apg.conf''.
====== Usage ======
===== General Usage =====
user@host:~$ apg
===== Command Line Parameters =====
==== Output Formatting ====
^ Option ^ Description ^
| ''-d'' | Do NOT use any delimiters between generated passwords. |
| ''-y'' | Print generated passwords and crypted passwords (see man crypt(3)). |
| ''-q'' | Quiet mode, do not print warnings. |
| ''-l'' | Spell genetated passwords. |
| ''-t'' | Print pronunciation for generated pronounceable password. |
==== Password Complexity ====
^ Option ^ Description ^
| ''-a 0|1'' | Algorithm used for password generation.\\0 - (default) pronounceable password generation.\\1 - random character password generation. |
| ''-n num'' | Generate ''num'' number of passwords. Default is 6. |
| ''-m min'' | Generate passwords with minimum length ''min''. Default minimum password length is 8. |
| ''-x max'' | Generate passwords with maximum length ''max''. Default maximum password length is 10. |
| ''-M mode'' | Password generation mode. ''mode'' consists of: \\ **S**: Generator must use special symbol set for every generated password. \\ **s**: Generator should use special symbol set for password generation. \\ **N**: Generator must use numeral symbol set for every generated password. \\ **n**: Generator should use numeral symbol set for password generation. \\ **C**: Generator must use capital symbol set for every generated password. \\ **c**: Generator should use capital symbol set for password generation. \\ **L**: Generator must use small letters symbol set for every generated password. \\ **l**: Generator should use small letters symbol set for password generation. |
| ''-E excl'' | Exclude characters in ''excl'' from password generation process. |
| ''-s'' | Ask user for random sequence for password generation. |
| ''-c seed'' | Use ''seed'' as a random seed for password generation. |
==== Password Quality Control ====
^ Option ^ Description ^
| ''-r file'' | Check generated passwords for their appearance in ''file''. |
| ''-b file'' | Check generated passwords for their appearance in ''file'', which should be created with ''apgbfm''. |
| ''-p min'' | Check every substring of the generated password for appearance in ''file''. If any of such substrings would be found in the ''file'' then generated password would be rejected and apg(1) will generate another one. ''min'' specifies minimum substring length to check. This option is active only if ''-b'' option is defined. |
===== Example Usage =====
To generate one password with a length of 16 characters, consisting of lower and upper case characters, numerals and symbols in random order:
user@host:~$ apg -a 1 -M SNCL -m 16 -x 16 -n 1
To generate 5 pronouncable passwords with a length between 16 and 32 characters and showing their pronounciation:
user@host:~$ apg -a 1 -M SNCL -m 16 -x 32 -n 5 -t
===== Status Check =====
None
====== Recipies ======
====== Known Issues ======
None