My last post was a little light hearted look at playing with randomness , but randomness can be a much more useful tool in many areas of computing. My favourite being Monte Carlo Simulations, but I’ll save that for another article. Today we’re generating passwords and using Python on Linux to help us do so.
Thinking up unique, high entropy passwords that are hard to guess and easy to remember is a difficult thing for people to do. From what I’ve seen, the 2 things tend to be inversely related, if only FqcA632yK(G^gdM6Z}Pk1xAZFYLVhE}Wy would stick in your mind after a couple of repetitions.
Here I’m introducing a couple of scripts that I’ve used occasionally over the last few years to give myself and other people some fairly sane unique passwords.
You can get them here on Github:
This one’s similar to an idea depicted in the XKCD Passwords Comic , generating a ‘pass phrase’ from randomly selected common words. These can be fairly easily remembered or spoken over the phone.
It uses the Linux dictionary in /usr/share/dict/words for its source of words. To set it up as a command in your path so that you can use anywhere, you might want to symlink it with something like:
There’s a few optional arguments to the script to fine tune your password generation.
They come in the form:
Play around and see what suits you best.
If you’re running Windows or an OS without an easily available dictionary to use, there are many freely available options on the web e.g.
rand_words does the job, but occasionally you’ll be faced with software or services enforcing daft password requirements / restrictions like “Your password must be less than 10 characters”. For these situations rand_chars helps you generate a bunch of random printable characters that you can select your password from:
The first argument is the number of lines to generate and the second is the length of those lines. The script defaults to 10 lines of 80 characters long.
You may find it useful to symlink rand_chars, as we did before with rand_words.
I think Randall Munroe’s quote says it best:
“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
Let’s stop using (and re-using) crappy passwords and start trying to do simple security better. It’s a Wild West out there on the Web and the Internet, make sure you don’t become easy prey to the highwaymen.
How to monitor the progress of a dd process, even after it has started.
Monitoring frequency drift on the RTL SDR dongle
High entropy passwords are serious business! Here some little helpers to create better ones.
Running Linux and need to look busy quick? Try this little bit of command line fun :)
Bash scripts and command line examples are often littered with ampersands. Here's what they do.