Re: Please Review First Program: Random Password Generator

Where will these passwords be used?

If the passwords are truly random and not meant to be memorised by humans, then a very simple design is possible. Something like:

head -c 12 /dev/random | perl -e 'use MIME::Base64; print encode_base64(<>)'

On the other hand, if these passwords are meant to be used and memorised by humans, then I think you should look a the physcology of passwords, because if you give people random passwords they will either change them to easy to remember (and easy to crack) alternatives, or they will write them down, possibly on sticky notes attached to their monitors.

I have on my desk a copy of Security Engineering by Ross Anderson. Assuming you don't have access to a paper copy, then chaper 2, which includes a good discussion on passwords and password psychology is online.

From that book one good suggestion I saw was to randomly generate passwords in the form of alternating constanants and vowels, eg: cVcVcVcVc. That gets you a password that has a good amount of entropy, and cannot easily be cracked as it is not in a dictonary, but at the same time is easy to remember because it can be pronounced.

Comment on Re: Please Review First Program: Random Password Generator Select or Download Code

Replies are listed 'Best First'.
Re^2: Please Review First Program: Random Password Generator by hakkum (Acolyte) on Feb 05, 2011 at 05:58 UTC
I did orignally intend to replace all my current web passwords with randomly generated passwords. However, after doing the research to create this script I did realize that it'd not be ideal to do so (unless I wanted to refer to some file containing all my passwords every time one was needed). Though I no longer needed a random generator, I still had the program idea in mind and went forth anyways. It's definitely a great learning experience. I guess at this point I'd only implement this to generate initial passwords for new accounts of somekind. Although, most likely I'd use a much simpler script like your suggestion or the one suggested by BrowserUk. Thank you for your input and reference. Though at this point, security is not a huge priority of mine, it's good to know I have a starting point when that time comes. -- hakkum ...never forget the hakkum bakkum, the hakkum bakkum never forgets...	[reply]

Replies are listed 'Best First'.

Re^2: Please Review First Program: Random Password Generator
by hakkum (Acolyte) on Feb 05, 2011 at 05:58 UTC

I did orignally intend to replace all my current web passwords with randomly generated passwords. However, after doing the research to create this script I did realize that it'd not be ideal to do so (unless I wanted to refer to some file containing all my passwords every time one was needed). Though I no longer needed a random generator, I still had the program idea in mind and went forth anyways. It's definitely a great learning experience.

I guess at this point I'd only implement this to generate initial passwords for new accounts of somekind. Although, most likely I'd use a much simpler script like your suggestion or the one suggested by BrowserUk.

Thank you for your input and reference. Though at this point, security is not a huge priority of mine, it's good to know I have a starting point when that time comes.

-- hakkum

...never forget the hakkum bakkum,
the hakkum bakkum never forgets...

[reply]