Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Any Python password-generators that are readable and pronounceable?

It's simple enough to generate a random string in Python (such as Python entropy shows). But are there any Python projects out there, which will generate password strings that are both somewhat pronounceable and readable? By readable, I mean not putting both zeros and O's in the same string, etc. I don't care if it's got maximum entropy, just something better than what I'm likely to pick. :)

like image 817
John C Avatar asked Mar 31 '11 14:03

John C


People also ask

Are random password generators secure?

The short answer is that it is safer to have a password generated by an online random password generator than to use a password even a toddler or weak hacking software can figure out. But the longer answer is a little more complicated.

Do password generators work?

Yes, generators aid in creating new strong passwords, but are they all the same? Varying password generators form passwords differently. They are like software programmed to work differently. Some create passwords randomly by combining numbers, special characters, and letters to form complex passwords.


2 Answers

If you're really just looking for something "better than I can make up" and "pronounceable," then maybe just use random.sample() to pull from a list of consonant-vowel-consonant pseudosyllables:

import string
import itertools
import random

initial_consonants = (set(string.ascii_lowercase) - set('aeiou')
                      # remove those easily confused with others
                      - set('qxc')
                      # add some crunchy clusters
                      | set(['bl', 'br', 'cl', 'cr', 'dr', 'fl',
                             'fr', 'gl', 'gr', 'pl', 'pr', 'sk',
                             'sl', 'sm', 'sn', 'sp', 'st', 'str',
                             'sw', 'tr'])
                      )

final_consonants = (set(string.ascii_lowercase) - set('aeiou')
                    # confusable
                    - set('qxcsj')
                    # crunchy clusters
                    | set(['ct', 'ft', 'mp', 'nd', 'ng', 'nk', 'nt',
                           'pt', 'sk', 'sp', 'ss', 'st'])
                    )

vowels = 'aeiou' # we'll keep this simple

# each syllable is consonant-vowel-consonant "pronounceable"
syllables = map(''.join, itertools.product(initial_consonants, 
                                           vowels, 
                                           final_consonants))

# you could trow in number combinations, maybe capitalized versions... 

def gibberish(wordcount, wordlist=syllables):
    return ' '.join(random.sample(wordlist, wordcount))

Then you just choose a suitably large number of "words":

>>> len(syllables)
5320
>>> gibberish(4)
'nong fromp glosk zunt'
>>> gibberish(5)
'samp nuv fog blew grig'
>>> gibberish(10)
'strot fray hag sting skask stim grun prug spaf mond'

My statistics are a little fuzzy, but this may be enough for non-NSA purposes. Note that random.sample() operates without replacement. I should also point out that if a malicious party was aware you were using this method, it would be vulnerable to a dictionary attack. A pinch of salt would help with that.

Update: For those interested, an updated and fork-able version of this is available at https://github.com/greghaskins/gibberish.

like image 72
Greg Haskins Avatar answered Sep 27 '22 22:09

Greg Haskins


I'm a big fan of the xkcd password generator. Very customizable, pip installable, and the "acrostic" feature provides a nice way to give users a memory clue for their generated word set.

like image 32
shacker Avatar answered Sep 27 '22 23:09

shacker