Re^3: Please Review First Program: Random Password Generator

If you want a truly random password

Why would you want that? "password" is a perfectly valid password in that world.

You assume that the cracker knows and cares that your password is truly random. That's a bad assumption to make.

Otherwise, a cracking program can instantly eliminate all-letter passwords.

That's exactly what my suggestion defends against. Before my change, someone who has the hashes of all alphabetic passwords could crack some of the generated passwords instantly. With my change, if configured correctly (probably x=1,y=1,z=1, but least one for each), no such fluke is possible.

Comment on Re^3: Please Review First Program: Random Password Generator

Replies are listed 'Best First'.
Re^4: Please Review First Program: Random Password Generator by hakkum (Acolyte) on Feb 05, 2011 at 05:47 UTC
I do see what you're getting at. I agree to some extent. It is assumed that if the user does not use the -L -N or -S options, he/she would like the generated password to include at least one character from each. Thus separating each group and ensuring that one from each is generated prior to randomly selecting the remaining characters is optimal. But I think it should end there. IE if the user wants a nine character password, three of each letters, numbers, and symbols is not needed; rather one of each and the rest given an equal opportunity (Shuffling the results). I did not intend for this to have any production value, but continually modifying the code with that goal in mind can only strengthen my education. Thanks again for the comments to all. -- hakkum ...never forget the hakkum bakkum, the hakkum bakkum never forgets...	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.