APG v1.2.12

doc/man/apg.1

@@ -0,0 +1,227 @@
+.\" Man page for apg.
+.\" Licensed under BSD-like License.
+.\" Created by Adel I. Mirzazhanov
+.\"
+.TH APG 1 "2001 Feb 13" "Automated Password Generator" "User Manual"
+.SH NAME
+apg
+\- generates several random passwords
+
+.SH SYNOPSIS
+.B apg
+[\fB-r\fP \fIdictfile\fP]
+[\fB-a algorithm\fP] [\fB-C\fP] [\fB-L\fP] [\fB-S\fP] [\fB-N\fP] [\fB-R\fP]
+[\fB-M mode\fP] [\fB-m min_pass_len\fP] [\fB-x max_pass_len\fP] [\fB-n num_of_pass\fP]
+[\fB-s\fP] [\fB-c cl_seed\fP] [\fB-d\fP] [\fB-y\fP] [\fB-h\fP] [\fB-v\fP]
+.PP
+.SH DESCRIPTION
+.B apg
+generates several random passwords. It uses several password generation
+algorithms (currently two) and a built-in pseudo random number generator.
+.PP
+Default algorithm is pronounceable password generation algorithm
+designed by
+.B Morrie Gasser
+and described in
+.B "A Random Word Generator For Pronounceable Passwords"
+.I National Technical Information Service (NTIS)
+.B AD-A-017676.
+The original paper is very old and had never been put online,
+so I have to use
+.I NIST
+implementation described in 
+.B FIPS-181.
+.PP
+Another algorithm is simple random character generation algorithm, but it
+uses four user-defined symbol sets to produce random password. It means that
+user can choose type of symbols that should appear in password. Symbol sets
+are: numeric symbol set
+.I (0,...,9)
+, capital letters symbol set
+.I (A,...,Z)
+, small letters symbol set
+.I (a,...,z)
+and special symbols symbol set
+.I (#,@,!,...).
+.PP
+Built-in pseudo random number generator is an implementation of algorithm
+described in
+.B Appendix C of ANSI X9.17
+or
+.B RFC1750
+with exception that it uses
+.I CAST
+instead of
+.I Triple DES.
+It uses local time with precision of microseconds (see
+\fBgettimeofday\fP(2)) and \fI/dev/random\fP (if available) to produce
+initial random seed.
+.PP
+.B apg
+also have the ability to check generated password quality using
+dictionary. You can use this ability if you specify command-line option
+.B -r
+.I dictfile
+where \fIdictfile\fP is dictionary file name. In that dictionary you may place words
+(one per line) that should not appear as generated passwords. For example: user names,
+common words, etc. You even can use one of the dictionaries that come with
+.I dictionary password crackers.
+This check is case sensitive. For example, if you want to reject word 'root',
+you should insert in \fIdictfile\fP words: root, Root, RoOt, ... , ROOT.
+It is not the easiest way to check password quality, but
+it is the most powerful way. In future releases I plan to implement some other
+techniques to check passwords (like pattern check) just to make life easier.
+.sp
+.SH "OPTIONS"
+.TP
+.B -M mode
+Use symbolsets specified with \fBmode\fP for password generation.
+\fBmode\fP is a text string consisting of characters \fBS[s]\fP, \fBN[n]\fP,
+\fBC[c]\fP, \fBL[l]\fP,\fBR[r]\fP. Where:
+.RS
+.TP
+.B S[s]
+use special symbol set (for random character password generation algorithm only).
+.TP
+.B N[n]
+use numeral symbol set.
+.TP
+.B C[c]
+use capital symbol set.
+.TP
+.B L[l]
+use small letters symbol set (always present if pronounceable password
+generation algorithm is used).
+.TP
+.B R[r]
+the same as \fBS[s]\fP but it does not generate symbols \fB`\fP, \fB'\fP,
+\fB"\fP, \fB|\fP, \fB$\fP, \fBbackslash\fP, \fB?\fP. Usefull for password generation in
+a shell script. (For random character password generation algorithm only).
+.RE
+.RS
+.br
+\fBmode\fP can not be more then 5 characters in
+length.
+.PP
+.B Examples:
+.br
+\fB-M sncl\fP or \fB-M SNCL\fP or \fB-M Cn\fP
+.PP
+\fB-M mode\fP is the new style password generation mode definition, but the old style
+options(-C, -N, -S, -L, -R) are also supported.
+.RE
+.TP
+.B -S
+use special symbol set. For random character password generation algorithm only.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -R
+the same as \fB-S\fP but it does not generate symbols \fB`\fP, \fB'\fP,
+\fB"\fP, \fB|\fP, \fB$\fP, \fBbackslash\fP, \fB?\fP. Usefull for password generation in
+a shell script. For random character password generation algorithm only.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -N
+use numeral symbol set.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -C
+use capital symbol set.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -L
+use small letters symbol set. Always present if pronounceable password
+generation algorithm is used.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -a algorithm
+use 
+.B algorithm
+for password generation.
+.RS
+.B 0
+- (default) pronounceable password generation
+.br
+.B 1
+- random character password generation
+.RE
+.TP
+.B -r \fIdictfile\fP
+check generated passwords for their appearance in 
+.B dictfile
+.TP
+.B -s
+ask user for random sequence for password generation
+.TP
+.B -c cl_seed
+use
+.B cl_seed
+as a random seed for password generation. I use it when i have to generate
+passwords in a shell script.
+.TP
+.B -d
+do NOT use any delimiters between generated passwords. I use it when i have to generate
+passwords in a shell script.
+.TP
+.B -n num_of_pass
+generate 
+.B num_of_pass
+number of passwords. Default is 6.
+.TP
+.B -m min_pass_len
+generate password with minimum length 
+.B min_pass_len.
+If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP.
+Default minimum password length is 6.
+.TP
+.B -x max_pass_len
+generate password with maximum length 
+.B max_pass_len.
+If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP.
+Default maximum password length is 8.
+.TP
+.B -y
+print generated passwords and crypted passwords (see man \fBcrypt\fP(3))
+.TP
+.B -h
+print help information and exit
+.TP
+.B -v
+print version information and exit
+.SH "DEFAULT OPTIONS"
+\fBapg -a 0 -N -C -L -n 6 -x 8 -m 6\fP (old style)
+.br
+\fBapg -a 0 -M NCL -n 6 -x 8 -m 6\fP (new style)
+.PP
+If you want to generate realy secure passwords,
+you should use option \fB-s\fP. To simlify
+.B apg
+usage, you can write a small shell script. For example:
+.br
+\fB[begin]----> pwgen.sh\fP
+.br
+\fB#!/bin/sh\fP
+.br
+\fB/usr/local/bin/apg -m 8 -x 12 -s\fP
+.br
+\fB[ end ]----> pwgen.sh\fP
+.SH "EXIT CODE"
+On successful completion of its task,
+.B apg
+will complete with exit code 0.  An exit code of -1 indicates an error
+occurred.  Textual errors are written to the standard error stream.
+.SH "DIAGNOSTICS"
+If \fI/dev/random\fP is not available, \fBapg\fP will display a
+message about it.
+.SH "FILES"
+.B None.
+.SH "BUGS"
+.B None.
+If you've found one, please send bug description to the author.
+.SH "SEE ALSO"
+.B apgd
+(8)
+.SH "AUTHOR"
+Adel I. Mirzazhanov, <a-del@iname.com>
+.br
+Project home page: http://www.adel.nursat.kz/apg/

doc/man/apgd.8

@@ -0,0 +1,229 @@
+.\" Man page for apgd.
+.\" Licensed under BSD-like License.
+.\" Created by Adel I. Mirzazhanov
+.\"
+.TH APGD 8 "2001 Jan 8" "Automated Password Generator" "User Manual"
+.SH NAME
+apgd
+\- server that generates several random passwords
+
+.SH SYNOPSIS
+.B apgd
+[\fB-r\fP \fIdictfile\fP]
+[\fB-a algorithm\fP] [\fB-C\fP] [\fB-L\fP] [\fB-S\fP] [\fB-N\fP]
+[\fB-m min_pass_len\fP] [\fB-x max_pass_len\fP] [\fB-n num_of_pass\fP]
+.PP
+.SH DESCRIPTION
+.B apgd
+program is a server that supports
+.B "Password Generation Protocol"
+described in
+.B RFC972.
+It uses several password generation algorithms (currently two) and a built-in
+pseudo random number generator.
+.PP
+.B apgd
+is normally invoked by the Internet superserver (see 
+.B inetd
+(8))  for requests to connect to the pwdgen port (pwdgen port is 129 according to
+.B RFC1700
+) as indicated by the
+.I /etc/services
+file (see
+.B services
+(5)).
+.PP
+Default algorithm is pronounceable password generation algorithm
+designed by
+.B Morrie Gasser
+and described in
+.B """A Random Word Generator For Pronounceable Passwords"""
+.I National Technical Information Service (NTIS)
+.B AD-A-017676.
+The original paper is very old and had never been put online,
+so I have to use
+.I NIST
+implementation described in 
+.B FIPS-181.
+.PP
+Another algorithm is simple random character generation algorithm, but it
+uses four user-defined symbol sets to produce random password. It means that
+user can choose type of symbols that should appear in password. Symbol sets
+are: numeric symbol set
+.I (0,...,9)
+, capital letters symbol set
+.I (A,...,Z)
+, small letters symbol set
+.I (a,...,z)
+and special symbols symbol set
+.I (#,@,!,...).
+.PP
+Built-in pseudo random number generator is an implementation of algorithm
+described in
+.B Appendix C of ANSI X9.17
+or
+.B RFC1750
+with exception that it uses
+.I CAST
+instead of
+.I Triple DES.
+It uses local time with precision of microseconds (see
+\fBgettimeofday\fP(2)) and \fI/dev/random\fP (if available) to produce
+initial random seed.
+.PP
+.B apgd
+also have the ability to check generated password quality using
+dictionary. You can use this ability if you specify command-line option
+.B -r
+.I dictfile
+where \fIdictfile\fP is dictionary file name. In that dictionary you may place words
+(one per line) that should not appear as generated passwords. For example: user names
+common words, etc. You even can use one of the dictionaries that come with
+.I dictionary password crackers.
+This check is case sensitive. For example, if you want to reject word 'root',
+you should insert in \fIdictfile\fP words: root, Root, RoOt, ... , ROOT.
+It is not the easiest way to check password quality, but
+it is the most powerful way. In future releases I plan to implement some other
+techniques to check passwords just to make life easier.
+.PP
+.B apgd
+has the ability log user password generation activity and internal debug information. It does this
+using
+.br
+.I facility
+=
+.I daemon
+.RS
+.br
+.I priority
+=
+.I info
+for user password generation activity logging
+.br
+.I priority
+=
+.I debug
+for internal debug information
+.br
+.RE
+See the \fBsyslogd\fP(8) and \fBsyslog.conf\fP(5) man pages for information on how to configure your syslog daemon.
+.sp
+.SH "OPTIONS"
+.TP
+.B -M mode
+Use symbolsets specified with \fBmode\fP for password generation.
+\fBmode\fP is a text string consisting of characters \fBS[s]\fP, \fBN[n]\fP,
+\fBC[c]\fP, \fBL[l]\fP,\fBR[r]\fP. Where:
+.RS
+.TP
+.B S[s]
+use special symbol set (for random character password generation algorithm only).
+.TP
+.B N[n]
+use numeral symbol set.
+.TP
+.B C[c]
+use capital symbol set.
+.TP
+.B L[l]
+use small letters symbol set (always present if pronounceable password
+generation algorithm is used).
+.TP
+.B R[r]
+the same as \fBS[s]\fP but it does not generate symbols \fB`\fP, \fB'\fP,
+\fB"\fP, \fB|\fP, \fB$\fP, \fBbackslash\fP, \fB?\fP. Usefull for password generation in
+a shell script. (For random character password generation algorithm only).
+.RE
+.RS
+.br
+\fBmode\fP can not be more then 5 characters in
+length.
+.PP
+.B Examples:
+.br
+\fB-M sncl\fP or \fB-M SNCL\fP or \fB-M Cn\fP
+.PP
+\fB-M mode\fP is the new style password generation mode definition, but the old style
+options(-C, -N, -S, -L, -R) are also supported.
+.RE
+.TP
+.B -S
+use special symbol set. For random character password generation algorithm only.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -R
+the same as \fB-S\fP but it does not generate symbols \fB`\fP, \fB'\fP,
+\fB"\fP, \fB|\fP, \fB$\fP, \fBbackslash\fP, \fB?\fP. Usefull for password generation in
+a shell script. For random character password generation algorithm only.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -N
+use numeral symbol set.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -C
+use capital symbol set.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -L
+use small letters symbol set. Always present if pronounceable password
+generation algorithm is used.
+(old style - use \fB-M mode\fP instead).
+.TP
+.B -a algorithm
+use 
+.B algorithm
+for password generation.
+.RS
+.B 0
+- (default) pronounceable password generation
+.br
+.B 1
+- random character password generation
+.RE
+.TP
+.B -r \fIdictfile\fP
+check generated passwords for their appearance in 
+.B dictfile
+.TP
+.B -n num_of_pass
+generate 
+.B num_of_pass
+number of passwords. Default is 6.
+.TP
+.B -m min_pass_len
+generate password with minimum length 
+.B min_pass_len.
+If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP.
+Default minimum password length is 6.
+.TP
+.B -x max_pass_len
+generate password with maximum length 
+.B max_pass_len
+If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP.
+Default maximum password length is 8.
+.SH "DEFAULT OPTIONS"
+\fBapgd -a 0 -N -C -L -n 6 -m 6 -x 8\fP (old style)
+.br
+\fBapgd -a 0 -M NCL -n 6 -x 8 -m 6\fP (new style)
+.SH "EXIT CODE"
+On successful completion of its task,
+.B apgd
+will complete with exit code 0.  An exit code of -1 indicates an error
+occurred.  Textual errors are written to the
+.B syslogd
+(8).
+.SH "DIAGNOSTICS"
+All textual info is written to the
+\fBsyslogd\fP(8).
+.SH "FILES"
+.B None.
+.SH "BUGS"
+.B None.
+If you've found one, please send bug description to the author.
+.SH "SEE ALSO"
+\fBapg\fP(1)
+.SH "AUTHOR"
+Adel I. Mirzazhanov, <a-del@iname.com>
+.br
+Project home page: http://www.adel.nursat.kz/apg/

doc/rfc0972.txt

@@ -0,0 +1,114 @@
+
+
+Network Working Group                                          F. Wancho
+Request for Comments: 972                                           WSMR
+                                                            January 1986
+
+                      Password Generator Protocol
+
+
+STATUS OF THIS MEMO
+
+   This RFC specifies a standard for the ARPA Internet community.  Hosts
+   on the ARPA Internet that choose to implement a Password Generator
+   Protocol (PWDGEN) are expected to adopt and implement this standard.
+   Distribution of this memo is unlimited.
+
+BACKGROUND
+
+   Many security-conscious host administrators are becoming increasingly
+   aware that user-selected login passwords are too easy to guess for
+   even casual penetration attempts.  Some sites have implemented
+   dictionary lookup techniques in their password programs to prevent
+   ordinary words from being used.  Others have implemented some variant
+   of a randomly generated password with mixed success.  The problem
+   arises from the fact that such passwords are difficult to remember
+   because they cannot be pronounced or are based on a relatively short
+   cycle pseudo-random number generator.
+
+   A version of the PWDGEN algorithm briefly described below has been in
+   use for several years at a small number of sites in the Internet.
+   Interest has recently been expressed at porting this algorithm to
+   other sites.  However, the relatively short cycle and the resulting
+   randomness of the pseudo-random number generator available on these
+   sites tends to interfere with the intended result of minimizing the
+   potential duplication of passwords both within a site and across
+   sites when a user has access to more than one site.
+
+   The PWDGEN Service described herein provides a means for sites to
+   offer a list of possible passwords for the user to choose one from
+   the first set, or optionally select from another set.  With more than
+   one site offering this service, it is then possible to randomly
+   select which site to use and have multiple fallback sites should that
+   site be unavailable.
+
+   Description
+
+      The PWDGEN Service provides a set of six randomly generated
+      eight-character CRLF-delimited "words" with a reasonable level of
+      pronounceability, using a multi-level algorithm.  An
+      implementation of the algorithm is available in FORTRAN-77 for
+      examination and possible implementation by system administrators
+      only.
+
+
+
+Wancho                                                          [Page 1]
+
+
+
+RFC 972                                                     January 1986
+Password Generator Protocol
+
+
+      The uniqueness of the generated words is highly dependent on the
+      randomness of the initial seed value used.  The availability of a
+      single system-wide seed, updated after each access is highly
+      desireable.  Seeds based on a time-of-day clock are unacceptable.
+      Seed values should be stored as values in excess of 32 bits for
+      best performance.
+
+   TCP Based PWDGEN Service
+
+      One PWDGEN service is defined as a connection based application on
+      TCP.  A server listens for TCP connections on TCP port 129.  Once
+      a connection is established, the six CRLF-delimited words are
+      generated and sent to the caller, and the connection is closed by
+      the server. No dialog is used or required.
+
+   UDP Based PWDGEN Service
+
+      Another possible PWDGEN service is defined as a datagram based
+      application on UDP.  A server listens for UDP datagrams on UDP
+      port 129.  When a datagram is received, the six CRLF-delimited
+      words are sent back in an answering datagram.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Wancho                                                          [Page 2]
+