the making of mkpw

[Skaperen]

several years ago i wrote a program in C called mkpw that used only one optional argument: the length of the password to make and output (to stdout), with a growing default which today is 18 (i want to expand it to 20, now).  it makes the password from a random mix of lower case letters, upper case letter, decimal digits, and a few special characters. i would like to add some significant options to this program like:

1.  specific the minimum and maybe maximum number of characters for each character class.

2.  specify characters to be removed from and/or added to each character class.

3.  make new character classes with specific rules.

4.  allow defaults to be readable from files in system space and/or user space.

more to be determined later.

since this would involve significant recoding and i am now days writing most things in python (usually version 3), this is likely to be a near next program i "re"code in python for python 3.

does anyone else have an interest in this?  would you like to see if your can make a better version than i?

[micseydel]

I had a simple script (three lines?) for producing passwords until I switched to LastPass. I definitely recommend it, or anything like it, rather than reinventing the wheel.

[ichabod801]

I have a program like this at work, although it used a string as a template for generating passwords. I have about 20 different things I need to log on to at work, and they all have different passwords.

I thought about rewriting it recently, but lost steam in favor of other projects.

[Skaperen]

I had a simple script (three lines?) for producing passwords until I switched to LastPass. I definitely recommend it, or anything like it, rather than reinventing the wheel.

you use it.  tell me more about it.  is it as flexible as i seem to want?  what else can it do?

---

i just installed lastpass with pip. it looks to be something for storing passwords. but i am not sure. no CLI command in it. one .rst file. not clear how to use it.

[micseydel]

is it as flexible as i seem to want?  what else can it do?

I don't think it's as flexible as you want, but it works on Android and Linux. I didn't eve know it would work with pip.

Unless you really need that flexibility, I think using an existing solution is a really good idea.

[Ofnuts]

The strongest anti-cracking password feature is length. Except when logging on physical machines, you hardly ever type one, so anything goes if long enough.

For physical logging in it should be memorizable, reasonably easy to type, but still strong so special characters make it more resilient to dictionary attacks. But I don't see many password generators doing the right thing here.

[micseydel]

Yeah, my Lastpass-generated stuff is simply long, and that's enough. If I need something I can type I tend to use pass phrases which are even longer, with usually some punctuation. A little bit goes a long way.

[Skaperen]

i can do

mkpw 64

and get a really long password such as

Output:
iDJ6/c6Hd@c6.%.M_CBztCjH%p=dSsaN_hT@+&_J-1C1LVH0QSgS0mCpX5HqvxGy

which i won't attempt to memorize.  i have memorized one that is 27. it is luck that this is a nice one. i want to have options to ensure that to avoid all-letter passwords for certain cases.

[Ofnuts]

want to have options to ensure that to avoid all-letter passwords for certain cases.

If this rule is known to the cracker, it actually reduces the set of possible passwords...

[snippsat]

Something to think of that a rather long random gibberish word,
can have worse entropy than 4 random word.

correct horse

[Image: nE0LqF.jpg]image