Random passwords generation (Python vs Perl) =)

[Steven D'Aprano]

On Mon, 29 Jan 2007 16:24:18 +0100, Laszlo Nagy wrote:

> NoName írta:
>> Hmmm..
>> In the Perl example password generates after user hit ENTER not 
>> continously like in Python you wrote... :)
>>
>> i want see various ways to generate passwords even if they some 
>> indirect like using BASE64
>>   
> I copied this from a recipe, I do not remember which one. I like it very 
> much because it creates password that are easy to type in. You can type 
> every odd letter with your left hand and every even letter with your 
> right hand.

That weakens the password significantly. For a six character alpha-numeric
password with no special characters, you have (26*2+10)**6 possible
passwords, or 56,800,235,584.

Using your password generator, you have:

>>> righthand = '23456qwertasdfgzxcvbQWERTASDFGZXCVB'
>>> lefthand = '789yuiophjknmYUIPHJKLNM'
>>> len(righthand)
35
>>> len(lefthand)
23

and therefore only:

35*23*35*23*35*23 = (35*23)**3 = 521,660,125

possible passwords. That's about one percent of the earlier figure, so
you lose about 99% of the strength of the password. For eight character
passwords the difference is even more dramatic: you reduce the strength of
the password by a factor of roughly 99,999,995/100,000,000.

In my opinion, if you're going to accept such a drastic reduction in
password strength, better to go for a password that is easier to memorise
than a hard-to-memorise-but-easy-to-type weak password.

Here's one such algorithm:

* think of a meaningful phrase you won't forget: e.g. "Snow White and the
Seven Dwarves"

* take the first letter of each word: "swatsd" 

* mix up the capitals and make it leet: "5Wat7D"

* add some special characters if you can: "5W&t7D"

* if it is not long enough, add a suffix or prefix or both: "p5W&t7D."

And now you have a strong password that you can remember but is unlikely
to be guessed.



-- 
Steven D'Aprano