Explanation: |
There are password generators that generate far more random passwords choosing from letters, letters and numbers, or the whole keyboard. These passwords are impossible for normal human beings to remember assuring that they will be written down in a readily accessible location, thus largely defeating the purpose of good passwords. Real security threats are more likely to be internal than external. Some years ago I had the opportunity to work with the U.S. State Department's Controlled User Environment password generator. It generated 8 character passwords in the form of CVC99CVC or consonant, vowel, consonant, digit, digit, consonant, vowel, consonant.
These passwords had two easily pronounceable pieces separated by two digits. For passwords not subject to dictionary attacks or easily associated with personal interests or information, these passwords were surprisingly easy to remember, making much better practical passwords than true randomly generated passwords. The only problem with this approach is that there are only some 400+ million passwords which isn't many with today's computing power and brute force attacks.
I have tried to extend the core concept but keep most of it's advantages. With the defaults I chose password.pl pseudo randomly adds up to two additional consonants following the core four. Further the first character of either or both letter sequences is pseudo randomly upper cased. Also one of the digits is sometimes replaced by a punctuation mark. Resulting passwords are 7 - 9 characters and have at least one digit and one upper case character. Many have a punctuation mark or symbol but only from those characters that I find relatively easy to type without looking at the keyboard. I estimate this extends password universe by approximately 1000 times but could be way off. If you change the defaults or logic you'll change the number of possible passwords.
Run with my original settings you get 10 passwords at a time. Some should meet virtually any requirements for length, letters, numbers and symbols. Typically a few are fairly easy to remember but still much better than those I have been choosing for myself and the system admin accounts I have been responsible for over the past 10 years.
If $siz = 8, $addConsonants = 0, $firstUpper = 0, $mixedCase = 0, and $symbolOdds = 0 you'll see State Department style passwords except in lower case.
I suggest that anyone who makes frequent use of this, change the "User Changeable Constants" to fit your tastes and environment. I chose hardcoded values rather than command line options in the belief that anyone who can use a text editor can easily and permanently adjust the behavior of this program more easily than remembering or typing command line options. Each choice is documented.
|