chbshash: XKCD’s Correct Horse Battery Staple passphrase generator and hasher

XKCD comic #936: Password Strength

chbshash is a Python library and command-line tool for generating random passphrases and hashing buffers and files. It is inspired by the XKCD #936 comic.

Quick Start

chbshash offers two command-line tools:

$ chbs
knockoff bodybuilders appraisal hypopodia
$ echo "hello world" | chbssum
oxaluria hematodynamics lemmoblastic blinks  -
$ echo "hello world" > hello.txt
$ chbssum hello.txt > checksum.txt
$ cat checksum.txt
oxaluria hematodynamics lemmoblastic blinks  hello.txt
$ chbssum -c checksum.txt
hello.txt: OK

It’s also available as a Python library:

>>> from chbshash import random, hash
>>> random()
'practicing elatery unbenight stopwork'
>>> random(3, sep="-")
'muscicide-pycnonotinae-appendance'
>>> hash(b"hello world\n")
'oxaluria hematodynamics lemmoblastic blinks'
>>> hash(b"hello world\n", 3, sep="-")
'oxaluria-hematodynamics-lemmoblastic'

Entropy and Security

chbshash uses a dictionary of the 370,105 most common English words to generate passphrases. With the default 4 words per passphrase, there are 370,1054 ≈ 274 ≈ 1022 possible combinations. That’s more than in the XKCD comic! This makes it much stronger than typical passwords, as explained by the comic.

For hashing, this is lower than the industry standard, SHA-256, which features entropy of 2256 ≈ 1077. This means it is still statistically impossible to obtain a collision with chbshash hashes by chance, but it is not cryptographically secure, as a collision may be crafted given enough computing power and time.

Credits

Licenses