Password Generator


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
Special Forums Cybersecurity Password Generator
# 1  
Password Generator

I need a great Password Generator program. I looked at a few of them, but none of them seemed to be what I wanted. So I have decided to write my own. (That's the cool thing about being a programmer....I always get what I want in software Smilie )

Do you have any password generators that you like? Or do you have any thoughts on what you'd like to see in a password generator? I'm looking for ideas... No promises that I will implement anything. But you never know....I might. Or if I find a really great password generator, I might just go with that.

I plan on implementing this as a ksh script and I will be sure it runs on pdksh as well. So if have either ksh or pdksh you will be able to run the script.
# 2  
ease of use, and following unix shell scripting guidlines.

by that i mean, takes input, gives output. so it can be used in other scripts.

i feel like me saying that serves no purpose however, because from looking at your recursive ftp shell script, i have no doubt of the quality of your work.

when you write this, i know right away what i am going to use it for.

i run an mp3 server, it streams mp3s through apache using perl. when i give my friends who ask for it user names and passwords, i usually end up making up a password for them.

what i will do now is, i will put a request for membership on my site. that way when one of my friends wants a un and pw they can do it them selves.

ill have it take their name and email, and desired username. blah blah blah, itll send me an email and wait for confirmation. after thats done itll use htpasswd, and your password generator to add them to my password list.

Smilie
# 3  
No, your comments are useful. Especially since I moving away from that type of interface. I wrote a simple password generator and it worked good enough with ksh. But with pdksh, it broke pretty bad. The symptom was that I could predict what character it would pick under certain conditions. I traced the problem to pdksh's internal linear congruential random number generator.

This sent me down the path of making an ultra secure password generator. And another potential problem is that command line arguments are visible to an adversary. So I've been moving away from command line arguments toward a completely interactive solution. Also I've been working on a very good random number generator. The current version gathers entropy from the user. By examining the SECONDS variable, I know how long the user took to enter the command. That number, together with the length of the command, is used to very strongly vary the output of the random number generator. Simply tapping the return key a few times will tremendously "stir the pot".

Perhaps I've been obsessing with security too much. I could add in a method of non-interactive use. This would sacrifice the cryptographic strength of the RNG. But a password generator can function well without a cryptographic strength RNG.
# 4  
naw i think its a very good idea to use strong encryption, even at non mission critical sites.

like my setup, no ones trying to break into my network, other than the occasional port scan by script kiddies....but its nice to know they will have a tough time getting in if my ip just happens to interest them.

about command line arguments, a few scripts that ive written, ive implemented an interavtive mode, and a non interactive mode. do you think it would be practical for you to include something like that in your script?
# 5  
Yes I will certainly not abandon interactive mode. Non-interactive mode will be in addition to interactive mode. In addition to gathering entropy from the user, I like to present the user with many passwords. Then the user can pick one that seems easy to remember or whatever.

And cryptographic strength in a random number generator does not mean that any encryption is happening. Take a look at my primary random number generator:
Code:
#! /usr/bin/ksh


bc |&

typeset -Z16 Smaster_mwcrng
Smaster_mwcrng=0
Cmaster_mwcrng=0
Xmaster_mwcrng=0

function master_mwcrng {
    print -p "999999*$Xmaster_mwcrng+$Cmaster_mwcrng"
        read -p Smaster_mwcrng
    Cmaster_mwcrng=${Smaster_mwcrng%????????}
    Xmaster_mwcrng=${Smaster_mwcrng##????????*(0)}
        [[ -z $Xmaster_mwcrng ]] && Xmaster_mwcrng=0
}

echo S=$Smaster_mwcrng C=$Cmaster_mwcrng X=$Xmaster_mwcrng
print -n "Enter a seed - "
read Xmaster_mwcrng

i=0
while ((i<30)) ; do
        ((i=i+1))
        master_mwcrng
        echo S=$Smaster_mwcrng C=$Cmaster_mwcrng X=$Xmaster_mwcrng
done

exit 0
S=0000000000000000 C=0 X=0
Enter a seed - 27
S=0000000026999973 C=00000000 X=26999973
S=0026999946000027 C=00269999 X=46000027
S=0045999981269972 C=00459999 X=81269972
S=0081269891190027 C=00812698 X=91190027
S=0091189936622671 C=00911899 X=36622671
S=0036622635289228 C=00366226 X=35289228
S=0035289193076998 C=00352891 X=93076998
S=0093076905275893 C=00930769 X=5275893
S=0005275888654876 C=00052758 X=88654876

The X's are random numbers. This generator will pass any random number test you throw at it. But suppose you knew the first three numbers:
26999973
46000027
81269972
You could have a database of the first three numbers for every possible seed. You could look up these three numbers. Now you know that the seed was 27. And so you can predict every other random number that this generator will output. Thus this random number generator is said to be cryptographically weak. A cryptographically strong RNG is unpredictable.

Just for the heck of it, I wanted a cryptographically strong RNG. So what I do is call the main RNG 500 times and load the results into an array. Then when a command is entered, one of 60 auxiliary RNG's is selected based loosely on the SECONDS variable. This RNG generates a number between 0 and 499. That element of the array is returned and the master RNG is called again to replace it. There's a lot more to it...this is the reader's digest version. Suffice it to say that if you give me the first n random numbers that it outputs, I cannot predict n+1. And it's not just that I don't have enough computers. Infinite computing resources still would not do it. I would also need to know what commands you are entering and the value of the system clock each time that you press return. In addition the automatic stuff that happens, there are user commands to restart the RNG's, scramble the arrays, etc.

In a command line driven version, I will have to select one auxiliary RNG and go with that. No it won't be as secure. The output will be just as good. The danger would come from an evil Perderabo on the system while the password generator is running. He *might* be able to to acquire enough information to guess the generated password.
# 6  
Quote:
Originally posted by Perderabo
Whatta mess...

Maybe this will get it...

sed -n '/\~ST\^/s/.*\~ST\^//p' < inputfile | awk -v FS=^ '$1=855 { print $5 }'

Impressive.

Makes we want to generate a file of plain gibberish and give Perderabo the task to extract some useful information. (just kidding ...)

"The Perderabo Challenge" LOL Smilie

Neo

Note: This originally appeared in this thread.

Last edited by Perderabo; 10-01-2004 at 09:58 AM..
# 7  
Quote:
Originally posted by Neo
Impressive.

Makes we want to generate a file of plain gibberish and give Perderabo the task to extract some useful information. (just kidding ...)

"The Perderabo Challenge" LOL Smilie

Neo
You laugh, but I've actually spent the better part of the past few weeks attempting to generate a file from which no information can be extracted!

I'm working on a random number generator for use with a password generator. So far it passes every test I can find except for test number 10 of the Diehard test suite. Diehard has a well deserved reputation as the toughest suite of tests for random number generators.
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #914
Difficulty: Medium
In bash, grep -v -e '^[[:space:]]*$' file.txt will filter all the blank lines from file.txt and save the results in a file called file.txt.
True or False?

9 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

Hostsfile generator

Hello I use a bash script to creating the hosts file /etc/hosts But there is a bug inside my output and I want to fix this. My Array looks like this: 205,IP 111.122.133.20 205,HOST2 unas 205,HOST1 unas15533 205,COMMENT # UNAS 775,IP ... (9 Replies)
Discussion started by: Marti95
9 Replies

3. Shell Programming and Scripting

Random Password generator with 2 digits and 6 characters

I am using the below to random generate a password but I need to have 2 numeric characters and 6 alphabetic chars head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8 ; echo '' 6USUvqRB ------ Post updated at 04:43 PM ------ Any Help folks - Can the output be passed onto a sed command to... (9 Replies)
Discussion started by: infernalhell
9 Replies

4. UNIX for Beginners Questions & Answers

Password generator with user inputs

Hi, I am new to bash scripting and i wanted to make a bash script that will generate a password for a user. The user must enter his/her name and the url of the site the password is used for. And the script will generate a password with those two elements in the password. So if the url is... (0 Replies)
Discussion started by: Kvr123
0 Replies

5. Shell Programming and Scripting

Sequence generator

Thanks Guys This really helped (5 Replies)
Discussion started by: robert89
5 Replies

6. Cybersecurity

swordfish --- a password generator

Here is my new password generation script. The attachment, swordfish.txt, is in dos format. Remember that you need to use dos2unix or flip or something to get it into unix format. The script is self documenting. It has an extensive help system built-in. And you can run: swordfish "set... (8 Replies)
Discussion started by: Perderabo
8 Replies

7. Shell Programming and Scripting

time generator

Hi experts, I'd like to generate the table/file containing: number of milliseconds elapsed since midnight till midnight. It should contain 5 columns (hours minutes seconds milliseconds): Table will have theoretically 86 400 000 rows. My question is , is there somewhere the file or source... (7 Replies)
Discussion started by: hernand
7 Replies

8. What is on Your Mind?

Barcode Generator

QR Code Generator (0 Replies)
Discussion started by: Neo
0 Replies

9. Shell Programming and Scripting

Range generator

Dear All, I have a sorted file like 1 2 3 8 9 10 45 46 47 78 The output will be range like 1 3 8 10 45 47 78 78 (9 Replies)
Discussion started by: saifurshaon
9 Replies

Featured Tech Videos