Any Python password-generators that are readable and pronounceable?

Question

It's simple enough to generate a random string in Python (such as Python entropy shows). But are there any Python projects out there, which will generate password strings that are both somewhat pronounceable and readable? By readable, I mean not putting both zeros and O's in the same string, etc. I don't care if it's got maximum entropy, just something better than what I'm likely to pick. :)

Answer 1

If you're really just looking for something "better than I can make up" and "pronounceable," then maybe just use random.sample() to pull from a list of consonant-vowel-consonant pseudosyllables:

import string
import itertools
import random

initial_consonants = (set(string.ascii_lowercase) - set('aeiou')
                      # remove those easily confused with others
                      - set('qxc')
                      # add some crunchy clusters
                      | set(['bl', 'br', 'cl', 'cr', 'dr', 'fl',
                             'fr', 'gl', 'gr', 'pl', 'pr', 'sk',
                             'sl', 'sm', 'sn', 'sp', 'st', 'str',
                             'sw', 'tr'])
                      )

final_consonants = (set(string.ascii_lowercase) - set('aeiou')
                    # confusable
                    - set('qxcsj')
                    # crunchy clusters
                    | set(['ct', 'ft', 'mp', 'nd', 'ng', 'nk', 'nt',
                           'pt', 'sk', 'sp', 'ss', 'st'])
                    )

vowels = 'aeiou' # we'll keep this simple

# each syllable is consonant-vowel-consonant "pronounceable"
syllables = map(''.join, itertools.product(initial_consonants, 
                                           vowels, 
                                           final_consonants))

# you could trow in number combinations, maybe capitalized versions... 

def gibberish(wordcount, wordlist=syllables):
    return ' '.join(random.sample(wordlist, wordcount))

Then you just choose a suitably large number of "words":

>>> len(syllables)
5320
>>> gibberish(4)
'nong fromp glosk zunt'
>>> gibberish(5)
'samp nuv fog blew grig'
>>> gibberish(10)
'strot fray hag sting skask stim grun prug spaf mond'

My statistics are a little fuzzy, but this may be enough for non-NSA purposes. Note that random.sample() operates without replacement. I should also point out that if a malicious party was aware you were using this method, it would be vulnerable to a dictionary attack. A pinch of salt would help with that.

Update: For those interested, an updated and fork-able version of this is available at https://github.com/greghaskins/gibberish.

Answer 2

I'm a big fan of the xkcd password generator. Very customizable, pip installable, and the "acrostic" feature provides a nice way to give users a memory clue for their generated word set.