One of the most important things when it comes to security is good passwords. Ideally, a password should be of reasonable, but random length and consist of at least one digit, meta-character, upper-case letter and lower-case letter. This may seem extreme, but most people tend to forget that usually passwords can consist of phrases and words can be easily modified to match this criteria.
For a while now, I’ve been using simple scripts to generate totally random, really difficult passwords (or passphrases, which really is more appropriate). Although the human mind is quite amazing at storing this kind of information, memorizing a few dozen of these can get tedious.
The script I currently use, transforms randomly selected dictionary words to generate a passphrase that matches the above criteria. I’ve written it in Python and will keep on adding more options and features as new ideas come to mind.
One idea I have is to generate random, non-dictionary words which are easy to remember and pronounce, but can’t be cracked using a simple dictionary attack or even one which tries all the possible substitutes (such as ‘@’ in place of an ‘a’). I memoramember fincovering another password generator that utiliates like this, though writing a function to test the readapronability could be an abonomatorically daunteresting task. Reminds me of the BlackAdder III episode about the origins of the Dictionary. 🙂
Give ‘passgen.py’ a try here and please do suggest a better name. I’m thinking along the lines of ‘pypass’ or ‘pygen’:
http://ahmedszaidi.com/python/passgen.py
The code is available here:
http://ahmedszaidi.com/python/passgen.txt
Please note that this is more of a demo. Since the generated passwords are transmitted in plain text to your browser (unless you are using SSL), there is a possibility of them being picked up on the way. The same script will run from the command line so run it from there.
4 thoughts on “Password Generator”
or, you could just use apg. That is really configurable, and has the option of creating pronounceable password.
Speaking of password generators, Jon Udell’s blog has a link to a bookmarklet in Javascript that MD5s your own password with the site domain name you’re visiting. That way, you get a different passphrase for each site that you visit, but only have to remember one.
I think APG was the one that inspired me to add some of the current functionality of pronounceable passwords. I know there are many other generators out there, but it’s just more fun and a good workout to create your own.
When I was starting out on scripting, writing a totally random password generator became kind of a first step (after “Hello World”) as well as fulfilling a need. Initially I wrote some in Perl and C, which was quite a challenge. Then tried it in bash. But Python was just too much fun to play with.
Next goal is to try to catch up to APG. 🙂
At my ugrad computer science club I learned a wonderful way to generate very random but very hard to guess passwords – the phrase method. For example
take the phrase `Sajjad is a silly puppy, but I still like him’ take the first letters of each word and you get: SiaspbIslh, random enough for ya?! And trivially easy to remember!
The phrase method. It works great if you are doing it for your own use, though without digits and other strange characters, can still be easily cracked using a good cracking tool.
When you’re in a place like mine where you regularly have to create passwords for relatively clueless users, making them remember a bastardized password from a dictionary is easier than something based on a phrase which may be your favorite, but something the user never heard before.
Anyway, give the new version a try:
http://ahmedszaidi.com/pykey/
(and no Bri’ish jokes please ;))
Comments are closed.