Here is my new password generation script. The attachment, swordfish.txt, is in dos format. Remember that you need to use dos2unix or flip or something to get it into unix format.
The script is self documenting. It has an extensive help system built-in. And you can run:
swordfish "set LineLength=75" "help user_guide"
to get a complete user guide.
Here is a sample run to show some of the features:
Code:
$ ./swordfish
>>}###@>---- format +s +x 10
password statistics are on
password expansions are on
10 passwords will be generated per template
>>}###@>---- CvccEnnn
Template EEEEEEEE has 2,992,179,271,065,856 possibilities
Template CvccEnnn has 3,982,230,000 possibilities
YisdG633 YANKEE india sierra delta GOLF six three three
DehtK503 DELTA echo hotel tango KILO five zero three
Hickt465 HOTEL india charlie kilo tango four six five
SeydP384 SIERRA echo yankee delta PAPA three eight four
Fakt0554 FOXTROT alpha kilo tango zero five five four
FexrS395 FOXTROT echo x-ray romeo SIERRA three nine five
Bamwv220 BRAVO alpha mike whiskey victor two two zero
XumtF501 X-RAY uniform mike tango FOXTROT five zero one
HilbS790 HOTEL india lima bravo SIERRA seven nine zero
Xijsw021 X-RAY india juliet sierra whiskey zero two one
>>}###@>----
I can generate random hexadecimal numbers. Password generators are very close to being random number generators. So it is fair to ask a password generator to pass tests intended for a random number generator. I did this:
Code:
$ ./swordfish "define X=(n{ABCDEF})" "format 1000000" "X<80>" > hex.txt
This command took 13711 seconds.
$
At that point I had one million lines of hexadecimal numbers, each 80 characters in length. This is exactly the input format needed by the asc2bin program of the diehard test suite. I ran diehard on the data file, selecting all 15 tests. The data passes all 15 tests. The results are attached.
need help. when i tried running the sworfish from the same folder that it is residing i could get the passwords working perfectly fine. However, when i tried running it from a different path by giving the absolute path i get the below mentioned warning message. i also tried running it through the shell scripts i tried a cd to the folder and then launched using the command ./swordfish.txt some times this works and some times it fails can some one help me understand why is it failing some times?
Quote:
../utl/swordfish.txt
********************************
* *
* Warning: Entropy is zero! *
* *
********************************
generating weak entropy...
scribe[108]: linecount=linecount+1: bad number
Starts = 1
Period = 9,194,221,792,649,674,751
Total Calls = 0
I will post a new copy of swordfish making these changes:
Code:
In the weak_start_tigershark function: the line in green is new.
function weak_start_tigershark
{
typeset -i i final duration
((final=SECONDS+2))
while((SECONDS < final)) ; do
i=$RANDOM
done
((Carry=0))
((X0=$$))
((X1=RANDOM))
((X2=RANDOM))
((X3=RANDOM))
((DEBUG)) && echo weakstart X3=$X3 X2=$X2 X1=$X1 X0=$X0 Carry=$Carry
Sum=0
((Stigershark=Stigershark+1))
return 0
}
In the Main section: The lines in red go away:
if [[ $Entropy = $ZeroEntropy ]] ; then
echo "********************************" >&2
echo "* *" >&2
echo "* Warning: Entropy is zero! *" >&2
echo "* *" >&2
echo "********************************" >&2
echo generating weak entropy... >&2
weak_start_tigershark
status_tigershark
entropy_generator 1 array
echo Entropy = ${Entropy}
NeedMoreEntropy=1
fi
It is too early in the program to call status_tigershark since linecount has not be initialized and also it is sending unsolicted output to stdout. And that "echo Entropy" should have been directed to stderr as well. The remaining error message should be enough to call attention to the fact that swordfish is not operating in an optimum manner. And the user can always turn on debug mode for more output.
Yes, my intent is that swordfish be invoked always in the same directory. swordfish maintains an entropy file which is random data used to initialize the internal random number generator. But the first time the random number generator is called, there won't be an entropy file. So swordfish will initialize the RNG from /dev/urandom or /dev/random. If neither of those is available then swordfish is stuck with no decent source of initial random numbers. So it invokes the internal ksh RANDOM routine to get a few random numbers and it uses its current PID for one more random number. It first spends a couple of seconds burning off some of KSH's random numbers so it is not as bad as it might otherwise be. But it still complains about the situation. This is what is happening to you. Even HP-UX finally implemented /dev/random in 11.23. What OS are you using without a /dev/random?
If you really want to call swordfish from arbitrary directories, you could change the line:
ENTROPYFILE=swordfish.ent
to be an obsolute path to your entropy file. But remember, if other people can read your entropy file, they might be able to predict the passwords it
will generate.
I use your tool on Solaris 10, only i get this error.
[machine:user]$ ./swordfish
>>}###@>---- format +s +x 10
./swordfish[39]: !X0 && !X1 && !X2 && !X3 && !X4 && !Carry : bad number
password statistics are on
password expansions are on
10 passwords will be generated per template
I use your tool on Solaris 10, only i get this error.
[machine:user]$ ./swordfish
>>}###@>---- format +s +x 10
./swordfish[39]: !X0 && !X1 && !X2 && !X3 && !X4 && !Carry : bad number
password statistics are on
password expansions are on
10 passwords will be generated per template
Opps! Sorry ArcAngel, I had not noticed your report before. Better late than never I guess. There is no X4, it only goes up to X3. The fix was to remove "!X4 && " from that line. Actually, it's odd that the script ran everywhere else.
I have recently been ordered to use 12 character randomly generated passwords that meet strong complexity requirements. That is why I have dusted off this old script. I need it badly right now. Ironically, I want to to run on Solaris just like ArcAngel. I also tested it on RedHat and it broke on the latest ksh. I had to change my character slicing technique to get it work. I used to do stuff like this:
Code:
first=${x%${x#?}}
to get the first character. That breaks depening on the contents of the field. That had always been the case but it breaks more easily with today's ksh. I switched to
Code:
first=$x
while ((${#first} > 1 )) ; do
first=${first%?}
done
which works all the time and it much faster than it looks. I upgraded the help system a little, corrected spelling errors, etc. I had to reverse engineer my own code so I upgraded the comments quite a bit as well. It saved me from needed to memorize a string of garbage from a lesser password generator. I hope others can use it as well.
I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login.
Following the provided link I attempted to update my password to one of my own... (1 Reply)
I am using the below to random generate a password but I need to have 2 numeric characters and 6 alphabetic chars
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8 ; echo ''
6USUvqRB
------ Post updated at 04:43 PM ------
Any Help folks - Can the output be passed onto a sed command to... (9 Replies)
Hi,
I am new to bash scripting and i wanted to make a bash script that will generate a password for a user. The user must enter his/her name and the url of the site the password is used for. And the script will generate a password with those two elements in the password. So if the url is... (0 Replies)
Hi experts,
I'd like to generate the table/file containing:
number of milliseconds elapsed since midnight till midnight.
It should contain 5 columns (hours minutes seconds milliseconds):
Table will have theoretically 86 400 000 rows.
My question is , is there somewhere the file or source... (7 Replies)
I need a great Password Generator program. I looked at a few of them, but none of them seemed to be what I wanted. So I have decided to write my own. (That's the cool thing about being a programmer....I always get what I want in software :) )
Do you have any password generators that you... (13 Replies)
12-18-2004
There is no X4, it only goes up to X3. The fix was to remove "!X4 && " from that line. Actually, it's odd that the script ran everywhere else.