Skip to content

Releases: hatimhtm/Fortress

Fortress v3.0 — EFF Diceware, HIBP, FastAPI

10 May 23:40
@hatimhtm hatimhtm
v3.0.0
cfd68dc

Choose a tag to compare

View all tags
Fortress v3.0 — EFF Diceware, HIBP, FastAPI Latest
Latest

v3.0 — proper cryptography toolkit, not just a generator

Major rewrite. Fortress goes from "secure password generator" to "complete password tool with real entropy math, multi-scenario crack times, and breach-corpus lookups."

Generators

  • EFF Diceware Large wordlist (7,776 words, ≈ 12.93 bits/word) embedded — replaces the 60-word hardcoded stub. Six-word passphrases now hit ≈ 77 bits instead of ~30.
  • New generate_pin(length) — numeric PIN with proper entropy reporting.
  • New no_repeat config — forbid consecutive duplicate characters.
  • AMBIGUOUS_CHARS expanded (5/S, 8/B, quote-family glyphs).

Entropy + crack times

  • Split into two functions: entropy_of_random(length, charset_size) (exact, for Fortress-generated passwords) and estimate_entropy(password) (heuristic, for user input). 2.x conflated them.
  • crack_times(entropy) returns five attacker scenarios: throttled online, unthrottled online, bcrypt offline, GPU offline, ASIC cluster.
  • Strength bands expanded to 6 levels aligned with current NIST guidance.

Breach checks

  • HIBP k-anonymity lookup (fortress check --pwned): SHA-1 prefix sent, ~600 candidate suffixes matched locally. The password never leaves your machine.
  • Embedded NCSC top-1,000 common-passwords blocklist — works offline.

Surfaces

  • CLI rewritten with typer + rich: generate, passphrase, pin, check, serve. All commands accept --copy SECONDS (clipboard auto-clear), --json, --quiet.
  • fortress check reads from a hidden prompt when no argument given — no password in shell history.
  • FastAPI server: POST /v1/{generate,passphrase,pin,check} + /healthz. Install via pip install 'fortress[server]'.
  • New clipboard module: pbcopy / wl-copy / xclip / xsel / clip with daemon-thread auto-clear timer (à la pass(1)).

Packaging

  • Python 3.9 → 3.10 minimum.
  • Library has zero runtime dependencies; typer + rich only for the CLI; FastAPI + Pydantic only for the server.
  • New Dockerfile: python:3.12-slim, non-root, healthcheck.
  • CI matrix: Linux + macOS + Windows × Python 3.10/3.11/3.12 + ruff + black + wheel smoke-install. PyPI trusted publishing on tagged release. GHCR Docker on main + tag.

Install

pip install fortress                  # CLI only
pip install 'fortress[server]'        # adds FastAPI HTTP API

docker run --rm ghcr.io/hatimhtm/fortress:3.0.0 generate --length 24
Assets 2
Loading