Generating Passwords

January 7, 2009

There’s no shortage of ways to generate passwords on a Mac. I used to like Xyzzy, until I realised it’s really not that good. Keychain Access is fine for quickly generating one random password for, say a MySQL account, but isn’t really appropriate for creating password lists. There’s also plenty of cool tricks to generate them from within “the BSD subsystem”, but I always seem to forget them when the need comes.

So I decided to create my own password generator. My requirements were simple:

  • Ability to form passwords from any word list
  • A switch to set the minimum length and max count
  • Support for different output separators
  • CamelCase support (randomly uppercasing certain characters)
  • A mapping feature (arbitrarily mapping certain characters to something else) and ASCII conversion (stripping accented characters)

The first point is very important because it allows you to create native passwords, ie use words indigenous to the language your users speak. I haven’t done the math, but a nice Finnish compound word is probably much less susceptible to a dictionary crack. Converting everything to ASCII may weaken the password, but it also makes them usable regardless of the keyboard layout.

But enough talk, some examples:

 > ./passgen.php wordlist.txt
Achr3n1n
AHOS3N
L4kk4Om3n4
An4n4sk4n3l1
AMOROS4
Astr4k44n1T
B3RG1US
Borgovskoj3
Ed3lM4n
El14ks3l4n

That’s a password list generated from a list of different apple varieties.

Thanks to the magic of PHP’s URL wrappers we can also use a HTTP URL as the word list:

> ./passgen.php http://www.hs.fi/uutiset/ 4 4 ,
Uut1s3T,H3ls1Ng1n,S4NOM4T,D1g1l3hT1

You can download the script from here.