Completely random passwords are difficult for people to remember, or at least an average person cannot remember very many. Passwords that are selected entirely by the user are always subject to breach by methods that are considerably easier than brute force, unless you are referring to brute force against the user rather than the password, itself.
So there is a need for being able to generate passwords that are somewhat ameanable to memorization, yet are generated by a stochastic process. This program allows the user to spec what is required, and then receive a list of passwords that fit the rules.
This is a one file, password generator, that works on common distros
of Linux, as well as Mac OS X It probably will work on Windows from a
git bash console window, but I have not tried it. The limitation for
Windows is the lack of a system-wide dictionary, but this program does
have the ability to use any dictionary.
The "bits" estimate is more correctly an estimate of the smallest list of passwords in which the generated password might appear. The source code will reveal all... For scaling/comprehension of large numbers:
- 50 bits -> 10^15 ('quadrillion')
- 60 bits -> 10^18 ('quintillion')
- 70 bits -> 10^21 ('sextillion')
The following is the current help, with an example output.
Usage: passwords [opts]
"I'm very highly educated. I know passwords, I know the best passwords. But
there's no better password than stupid."
-- Donald J. Trump, South Carolina, Dec 30, 2015.
Options are:
--assist : you are reading it.
-a / --alphabet : allowed chars in password, defaults to quite
the usual list of alpha, digits, and the most common "punctuation"
characters.
--bare : Just the passwords as output. Skip the narrative. Primarily
useful if the output is being fed to another program.
-b / --bits : bits of "entropy" required in each password. YES YES
I know this is not even sort of what is meant by 'entropy' in
physics, but I also know the word has taken root and it is
a measure of like, like something. Whatever. Actually.
-d / --debug : provide some mostly not-too-useful stats while running.
-e / --eval : evaluate this string as a password, rather than generating
one. This option must be used alone.
-l / --lists : location of the 'well known words' lists. This should
be a wildcard directory/filename. The default value is
$PWD/wordlist*txt. The lists are assumed to be a filter
(math meaning) on the smallest list.
-n / --number : how many passwords do you want? defaults to 10.
-w / --words : location of the dictionary file.
-x / --max-length : how long can they be? defaults to 40.
-z / --min-length : how long must each password be? defaults to 16.
a few of the printable characters.
Prints the options and a list of passwords. Example shown below.
Output is to stdout, so you may use standard I/O redirection.
---- Sample Output Begins ----
240 branches, with 0 branches pruned.
1.29 seconds creating passwords.
Passwords generated by using the following options:
--alphabet abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/+=!~-?
--bare False
--bits 50
--debug False
--eval None
--h False
--lists /home/george/python.programming/passwordgenerator/wordlist*txt
--max-length 40
--min-length 16
--number 10
--words /usr/share/dict/words
:: Password :: Len :: Bits :: CPU :: Q1 :: Q2
====================================================================================================
0 :: BsizygiaGharsh-soundingictic :: 28 :: 68.0 :: 0.231 :: 1.04 :: 4.0
1 :: 29FganeKiewitcheerLess :: 22 :: 68.3 :: 0.209 :: 0.788 :: 5.045
2 :: 4VQ6aLLegoricaLPthiram :: 22 :: 60.8 :: 0.14 :: 0.574 :: 4.045
3 :: cassinoidNGjLaquais :: 19 :: 54.1 :: 0.14 :: 0.349 :: 4.211
4 :: o78L7kTracheLospermum0 :: 22 :: 50.9 :: 0.071 :: 0.843 :: 3.909
5 :: runcLoaking7nnonfreeman :: 23 :: 51.8 :: 0.141 :: 0.734 :: 5.565
6 :: s9abashedGSj05+8 :: 16 :: 60.0 :: 0.071 :: 0.449 :: 4.0
7 :: rupestraLyhypothyroidismsphenopetrosaL :: 38 :: 62.3 :: 0.211 :: 0.681 :: 6.421
8 :: -bputted3mfqMJB~ :: 16 :: 69.3 :: 0.07 :: 1.018 :: 1.625
9 :: 2ETuscanCMontcLair :: 18 :: 51.1 :: 0.14 :: 1.087 :: 4.056
---- Sample Output Ends ----
Bits -- A calculation of the vague notion of password entropy. The password entropy is
cumulatively calculated as it is constructed, and then the password is evaluated
by decomposition. The lesser of the two calculations is shown.
CPU -- How many CPU seconds were spent on each password.
Q1 -- A number greater than zero that reflects the ratio between reverse and forward
calculations of entropy. Higher is better.
Q2 -- A number greater than zero that is a rough measure of the likelihood that this
password is vulnerable to topological analyses. If you analyze a password, you
will see the order N matrix, where N is the length of the password. A higher
number is a worse score.
---- Analysis of password #5 in the above list. ----
python passwords.py -e runcLoaking7nnonfreeman
[[1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 2 2 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 2 2 2 2 2 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 2 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 2 2 2 1 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 2 2 1 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 2 1 1 1 1 1 1 1]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 1 1 1]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 2 1 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1]
[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]]
Topological analysis vector: (1, 3, 3, 3, 5, 6, 7, 8, 6, 6, 3, 0, 0, 3, 4, 3, 3, 6, 6, 6, 6, 5, 4)