Generating Passwords

January 7, 2009

There’s no shortage of ways to generate passwords on a Mac. I used to like Xyzzy, until I realised it’s really not that good. Keychain Access is fine for quickly generating one random password for, say a MySQL account, but isn’t really appropriate for creating password lists. There’s also plenty of cool tricks to generate them from within “the BSD subsystem”, but I always seem to forget them when the need comes.

So I decided to create my own password generator. My requirements were simple:

  • Ability to form passwords from any word list
  • A switch to set the minimum length and max count
  • Support for different output separators
  • CamelCase support (randomly uppercasing certain characters)
  • A mapping feature (arbitrarily mapping certain characters to something else) and ASCII conversion (stripping accented characters)

The first point is very important because it allows you to create native passwords, ie use words indigenous to the language your users speak. I haven’t done the math, but a nice Finnish compound word is probably much less susceptible to a dictionary crack. Converting everything to ASCII may weaken the password, but it also makes them usable regardless of the keyboard layout.

But enough talk, some examples:

 > ./passgen.php wordlist.txt

That’s a password list generated from a list of different apple varieties.

Thanks to the magic of PHP’s URL wrappers we can also use a HTTP URL as the word list:

> ./passgen.php 4 4 ,

You can download the script from here.