Thursday 21 May 2009

Another Password Generator

So I wrote a password generator, why not?!

I had some free time recently, I was about to reset someone's password for a site I administer, and I thought it would be nice to have a small script generate semi easy to remember but semi secure passwords.

Firstly, I usually use either of these two one liners:
$ for ((n=0;n<10;n++)); if="/dev/urandom" count="1"> /dev/null | uuencode -m -| head -n 2 | tail -n 1 | cut -c-8; done

$ for ((n=0;n<10;n++)); if="/dev/urandom" count="1" bs="8">/dev/null | uuencode -m - | tail -n 2 | head -n 1 | cut -c -8; done


The results are similar. You get a bunch of passwords looking like this:
zZqTqB23
Fh0qKx05
skhDDXPN
GmToF0H0
yWieCLfu
6lmrPOm5
Tq+Tz/G/
ybYWDvXp
u018CGWA
9FyV1zJq

Which is handy for setting up lots of accounts, which I do occasionally. However, people hate them because 9FyV1zJq is harder to remember than their cat's name.

The script I just wrote (in Perl) uses word lists and random numbers to generate passwords like this:
kagu757elf
matt37spif
hiss378gyro
err410eyed
zest957pirn
twin452road
czar210mum
mors720cops
floc684wok
odor384hymn


Sure, these aren't as secure, but they're better than "tiggles".

Oh, and my wordlists come from wordlist.sourceforge.net

#!/usr/bin/perl -w

# A utility to create reasonable strength and semi-easy to remember passwords
# out of word lists and random characters.
#
# Copyright 2009 Iain Buchanan. Freely redistributable and modifiable.

use strict;

my @lists = ('/home/iain/personal/ispell-enwl-3.1.20/altamer.0',
'/home/iain/personal/ispell-enwl-3.1.20/altamer.1',
'/home/iain/personal/ispell-enwl-3.1.20/altamer.2',
'/home/iain/personal/ispell-enwl-3.1.20/american.0',
'/home/iain/personal/ispell-enwl-3.1.20/american.1',
'/home/iain/personal/ispell-enwl-3.1.20/american.2',
'/home/iain/personal/ispell-enwl-3.1.20/british.0',
'/home/iain/personal/ispell-enwl-3.1.20/british.1',
'/home/iain/personal/ispell-enwl-3.1.20/british.2',
'/home/iain/personal/ispell-enwl-3.1.20/english.0',
'/home/iain/personal/ispell-enwl-3.1.20/english.1',
'/home/iain/personal/ispell-enwl-3.1.20/english.2',
'/home/iain/personal/ispell-enwl-3.1.20/english.3');

my @wordlist;

foreach my $list (@lists) {
open (WL, "$list") or print "Couldn't open wordlist '$list': '$!', skipping.\n";

while () {
chomp;

next if (length >= 5); # ignore long words
next if /^[A-Z]/; # ignore Nouns & abbvs.

push @wordlist, $_;
}
close (WL);
}

for (1..10) {
print $wordlist[int (rand ($#wordlist))];
print int (rand (999));
print $wordlist[int (rand ($#wordlist))];
print "\n";
}

2 comments:

Unknown said...

What's wrong with the tool "pwgen", which has all these nice options?

Iain said...

Nothing, of course! There's also makepasswd.

I like one-liners because I know exactly what they do, and I can see their internals every time. It also keeps me up to date with the tools.

I write scripts to learn, and I publish them so others can learn too. I find that many "example" programs (when you're learning a language) are not real-world and don't reveal the full story.

But thanks for the comment :)

 
Copyright 2009 Another Blog. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan