Cookie Notice

As far as I know, and as far as I remember, nothing in this page does anything with Cookies.

2010/07/23

Quick Code Post - gen_password.pl

It has been suggested to me that I've let it go far too long since I've updated this blog, so I'm writing an update. This one is on some code I've been floating around for a while.

Everyone has a password scheme. For some people, their scheme is to write it down on a post-it note and stick it to their monitor. For some people, their scheme is to have one in memory and us it for their bank, their email, their online stores, their social media sites, etc. And, for a lot of people, their password is a string that they'll remember, like the name of a loved one or pet, or the registry number of their favorite starship.

The last scheme is profoundly stupid, especially when you can easily pop out hundreds of really random passwords.

The first scheme is seriously unadvisable. You should never ever ever ever ever write down a password.

The middle one .... it has problems. But assuming that you're not writing 'em down and leaving 'em everywhere, and assuming that you're using passwords that meet a strong security definition (8 characters or more, uppercase and lowercase and digits, not real dictionary words), you have a set of passwords that do not fit easily into your head and thus fall out when you need them.

I'm still struggling with this. But I have developed a password generator, included here, that's configurable for password length, using upper-case letters and digits, and number of rows of passwords. My take is to make a long list of passwords, find one you can make a mental mnemonic for, start using that one until you have it in your head, and then delete the list. If you have a secure machine to hold these passwords, they're held securely. So it's not really writing them down.

If the technique works for you, great. If you think it's dumb, tell me in comments and I'll adjust to a better scheme.


#!/usr/bin/perl

# A big password list generator

use 5.010 ;
use strict ;
use warnings ;
use Getopt::Long ;

srand ;

my @uppercase = 'A' ... 'Z' ;
my @lowercase = 'a' ... 'z' ;
my @digits    = 0 .. 9 ;
my @chars ;

my $uppercase = 0 ;
my $lowercase = 1 ;
my $digits    = 0 ;
my $cols      = 8 ;

my $rows = 20 ;
my $chars_per_column = 78 ;

GetOptions(
    'uppercase'   => \$uppercase ,
    'digits'      => \$digits ,
    'cols=i'      => \$cols ,
    'rows=i'      => \$rows ,
    ) ;

if ( $lowercase ) { push @chars , @lowercase ; }
if ( $uppercase ) { push @chars , @uppercase ; }
if ( $digits    ) { push @chars , @digits ; }
my $chars = $#chars ;

for ( 1 .. $rows ) {
    my @x ;
    for ( 1 .. int $chars_per_column / ( $cols + 1 ) ) {
        my $password ;
        for ( 1 .. $cols ) {
            $password .= $chars[ int rand $chars ] ;
            }
        push @x , $password ;
        }
    say join ' ' , @x ;
    }