Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Generate random passwords via a perl script UNIX
For a little while, now, I've used this Perl script to generate truly random passwords. I don't actually bother to remember them, of course -- that's what Keychain is for.

The program uses /dev/urandom as its source of randomness, which is the best source available on OS X and (essentially) what gets used to generate SSL sessions, FileVault keys, and the like. The program lets you specify the length of the password as well as the set of characters to choose from. If you use the -v flag, it'll tell you how large a keyspace you're drawing from.

You can easily use this program for one-off Web passwords. (Well, 'easily' if you're not put off by using the Terminal.) Just pipe the output to pbcopy, and then paste into the Web form; you never even have to see the password. This works in verbose mode, as well, since the messages are sent to STDERR. It might look as simple as this:
 $ genpw | pbcopy
to generate a password and put it on the clipboard, if you're happy with the defaults. Or, it might look like this if you need a password for a Web site that restricts you to eight-letter (no digits or special characters) passwords, and if you want to get an idea of just how insecure that is:
 $ genpw -vUln8
 Generating a 8-character password
 using /dev/urandom
 and the following characters:
 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
 This password is drawn from a keyspace of 46 bits.
 ----8<----cut-here----8<----
 jtZJIjoP
 ---->8----cut-here---->8----
Full documentation and help is available through perldoc; just run perldoc genpw to have all your questions answered. This program is also BSD-licensed, so you can do almost anything you might like to do with it. Anybody who wants to wrap a GUI around it is more than welcome to do so.
    •    
  • Currently 2.80 / 5
  You rated: 5 / 5 (5 votes cast)
 
[16,447 views]  

Generate random passwords via a perl script | 18 comments | Create New Account
Click here to return to the 'Generate random passwords via a perl script' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Generate random passwords via a perl script
Authored by: merlyn on Mar 02, '06 07:13:01AM
Or, without installing anything, you can use the standard "openssl" command to generate crypto-strong passwords.

openssl rand -base64 6
will generate an 8-character string from the base64 charset (upper/lower letters, digits, and slash and plus). For longer strings, just use a multiple of 3 for every 4 characters you want in the output.

[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: badger brigade on Mar 02, '06 08:40:05AM

Is there a way to make it only use alphanumeric characters (ie not slash or plus), apart from piping it through sed?



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: fungus on Mar 02, '06 10:30:47AM

Why? Your password should be stronger than just alphanumeric.



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: stholland on Mar 02, '06 11:53:23AM

Unfortunately there are many Web sites out there that restrict passwords to alphanumeric characters only. Sometimes one can not avoid using them.

---
/
\
/



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: fungus on Mar 02, '06 02:16:56PM

Ok, good point.
Then in that case I might suggest using APG
http://www.adel.nursat.kz/apg/
"fink install apg"

It is highly configurable to output really good passwords with any charset you want. It can also try to make them pronouncable.

Also after you do this, send an email to that particular website's webmaster and complain about the problem with the password's limitations. These limitations should be unnaceptable.



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: victory on Mar 02, '06 07:19:27PM

Here's what I currently use (fiddle with the pipe-filtering to suit your own needs):

openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-32 | pbcopy

Generates a 32-character, alphanumeric, all lowercase password excluding the letters L (el) and O (oh) and copies it to the clipboard. Granted this only yields 5-bits of entropy per character, but in my case I exclude L and O (which resembles 1 and 0) so as to reduce user confusion.

Yeah, this is still somewhat of a kluge as there is an *extremely small* ( (6/64)^968, I think) probability that it will fail to yield the requested 32-characters.



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: badger brigade on Mar 04, '06 12:02:59AM

Nice one (I can live with those odds of failure).



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: Elander on Mar 04, '06 04:59:27AM

I personally favor Make-A-Pass, a Dashboard widget that can create passwords in a number of formats, including FIPS 181.

You can find it here:
http://andrew.hedges.name/widgets/

I am not affiliated with the author, don't even know him, but I like the widget.

---

/elander



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: foilpan on Mar 02, '06 08:19:07AM
like the previous response, i use this:
alias makepass="/usr/bin/openssl rand -base64 15"
in my .bashrc to do the same thing. and for semi-secure, phonetic passwords, i use a python script my brother wrote. it's not as secure, but it produces output from a word or phrase you enter, so if you need to remember the password, you can just pass it the same input again. diff'rent strokes...

[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: barefootguru on Mar 02, '06 10:19:55AM

Another password generator is built-in to the GUI: when changing a user's password in System Preferences, or creating a new password in Keychain Access, there's a key icon next to the password field.

Clicking it brings up Password Assistant which can create memorable, random, FIPS-181, etc., passwords. It also gives an indication of how strong a password is (manual or random), and supplies a number of hints related to the password (appears in dictionary, username, etc.)



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: boredzo on Mar 02, '06 12:32:09PM

in fact, that has its own hint.



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: boredzo on Mar 02, '06 12:35:17PM

rather than those cheesy ASCII scissors, use Unicode: ✂

or you could use the upper and lower halves: ✁✃

UnicodeChecker for the win.



[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: hughescr on Mar 02, '06 12:43:23PM
If you want better randomness in a portable script, you should consider using /dev/random instead of /dev/urandom. On OSX it makes no difference, but being a perl script, this might get run on other platforms. See here for more details.

[ Reply to This | # ]
Generate random passwords via a perl script
Authored by: kaih on Mar 02, '06 01:16:18PM
How about using apg - the automated password generator.
http://www.adel.nursat.kz/apg/

From the homepage, here are some advantages:
  • Built-in ANSI X9.17 RNG (Random Number Generator)(CAST/SHA1)
  • Built-in password quality checking system (it has support for Bloom filter for faster access)
  • Two Password Generation Algorithms:
  • Pronounceable Password Generation Algorithm (according to NIST FIPS 181)
  • Random Character Password Generation Algorithm with 27 (35 for APG >= 2.0.0b0) configurable modes of operation
  • Configurable password length parameters
  • Configurable amount of generated passwords
  • Ability to initialize RNG with user string
  • Support for /dev/random
  • Ability to crypt() generated passwords and print them as additional output.
  • Special parameters to use APG in script
  • Ability to log password generation requests for network version
  • Ability to control APG service access using tcpd
  • Ability to use password generation service from any type of box (Mac, WinXX, etc.) that connected to network
  • Ability to enforce remote users to use only allowed type of password generation

---
k:.

[ Reply to This | # ]

Generate random passwords via a perl script
Authored by: nine_mirrors on Mar 03, '06 01:25:52AM

APG is indeed a very good package, I use it on my linux machines but it needs fink.



[ Reply to This | # ]
Alternative in Darwinports
Authored by: ubiquitin on Mar 03, '06 03:12:18PM
You might find the mkpwd.darwinports.com port useful. They have instructions on how to install Darwinports as well as mkpwd there.

[ Reply to This | # ]
Less overkill version
Authored by: degackz on Mar 04, '06 11:49:04AM

#!/usr/bin/perl
my $newpw;
my @charset = (('A'..'Z'), ('a'..'z'), (0..9));
my $range = $#charset + 1;
for (1..8) {
   $newpw .= $charset[int(rand($range))];
}
print "password: $newpw\n";


[ Reply to This | # ]
Even less overkill version
Authored by: kenahoo on Mar 05, '06 10:45:19AM

#!/usr/bin/perl
my $newpw;
my @charset = ('A'..'Z', 'a'..'z', 0..9);
$newpw .= $charset[ rand @charset] for 1..8;
print "password: $newpw\n";


[ Reply to This | # ]