MAN page from Mandrake 8.X apg-2.0.0final-2rph.i586.rpm
Section: User Manual (8)
Updated: 2001 Aug 9Index
apgd- server that generates several random passwords
] [-b filter_file
] [-M mode
] [-x max_pass_len
] [-n num_of_pass
program is a server that supportsPassword Generation Protocol
It uses several password generation algorithms (currently two) and a built-inpseudo random number generator.
apgdis normally invoked by the Internet superserver (see inetd(8)) for requests to connect to the pwdgen port (pwdgen port is 129 according toRFC1700) as indicated by the/etc/servicesfile (seeservices(5)).
Default algorithm is pronounceable password generation algorithmdesigned byMorrie Gasserand described inA Random Word Generator For Pronounceable PasswordsNational Technical Information Service (NTIS)AD-A-017676.The original paper is very old and had never been put online,so I have to useNISTimplementation described in FIPS-181.
Another algorithm is simple random character generation algorithm, but ituses four user-defined symbol sets to produce random password. It means thatuser can choose type of symbols that should appear in password. Symbol setsare: numeric symbol set(0,...,9), capital letters symbol set(A,...,Z), small letters symbol set(a,...,z)and special symbols symbol set(#,@,!,...).
Built-in pseudo random number generator is an implementation of algorithmdescribed inAppendix C of ANSI X9.17orRFC1750with exception that it usesCASTorSHA-1instead ofTriple DES.It uses local time with precision of microseconds (seegettimeofday(2)) and /dev/random (if available) to produceinitial random seed.
apgdalso have the ability to check generated password quality usingdictionary. You can use this ability if you specify command-line option-rdictfileor-bfilternamewhere dictfile is dictionary file name and filtername is thename of Bloom filter file. In that dictionary you may place words(one per line) that should not appear as generated passwords. For example: user namescommon words, etc. You even can use one of the dictionaries that come withdictionary password crackers.Bloom filter file should be created with apgbfm(1) utility includedin apg distribution. These checks are case sensitive. For example, if youwant to reject word 'root', you should insert in dictfile words: root,Root, RoOt, ... , ROOT. It is not the easiest way to check password quality,but it is the most powerful way. In future releases I plan to implement someother techniques to check passwords just to make life easier.
apgdhas the ability log user password generation activity and internal debug information. It does thisusing
priority=infofor user password generation activity logging
priority=debugfor internal debug information
See the syslogd
(8) and syslog.conf
(5) man pages for information on how to configure your syslog daemon.
- -M mode
- Use symbolsets specified with mode for password generation.mode is a text string consisting of characters S[s], N[n],C[c], L[l],R[r]. Where:
- use special symbol set.
- use numeral symbol set.
- use capital symbol set.
- use small letters symbol set (always present if pronounceable passwordgeneration algorithm is used).
- the same as S[s] but it does not generate symbols `, ',", |, $, backslash, ?. Useful for password generation ina shell script.
mode can not be more then 5 characters inlength.
-M sncl or -M SNCL or -M Cn
-M mode is the new style password generation mode definition, but the old styleoptions(-C, -N, -S, -L, -R) are also supported.
- use special symbol set.(old style - use -M mode instead).
- the same as -S but it does not generate symbols `, ',", |, $, backslash, ?. Useful for password generation ina shell script. (old style - use -M mode instead).
- use numeral symbol set.(old style - use -M mode instead).
- use capital symbol set.(old style - use -M mode instead).
- use small letters symbol set. Always present if pronounceable passwordgeneration algorithm is used.(old style - use -M mode instead).
- -a algorithm
- use algorithmfor password generation.
- 0- (default) pronounceable password generation
1- random character password generation
- -r dictfile
- check generated passwords for their appearance in dictfile
- -b filter_file
- check generated passwords for their appearance in filter_file. filter_file should be created with apgbfm(1)utility.
- -n num_of_pass
- generate num_of_passnumber of passwords. Default is 6.
- -m min_pass_len
- generate password with minimum length min_pass_len.If min_pass_len > max_pass_len then max_pass_len = min_pass_len.Default minimum password length is 6.
- -x max_pass_len
- generate password with maximum length max_pass_lenIf min_pass_len > max_pass_len then max_pass_len = min_pass_len.Default maximum password length is 8.
DEFAULT OPTIONSapgd -a 0 -N -C -L -n 6 -m 6 -x 8
(old style)apgd -a 0 -M NCL -n 6 -x 8 -m 6
On successful completion of its task,apgd
will complete with exit code 0. An exit code of -1 indicates an erroroccurred. Textual errors are written to thesyslogd
All textual info is written to thesyslogd
If you've found one, please send bug description to the author.
Adel I. Mirzazhanov, <a-delAATTiname.com>
Project home page: http://www.adel.nursat.kz/apg/
- DEFAULT OPTIONS
- EXIT CODE
- SEE ALSO
This document was created byman2html,using the manual pages.