test, and password generator

Will Ware wware at alum.mit.edu
Wed Aug 29 08:57:16 EDT 2001


Paul Rubin wrote:

> If you're running linux, you should get random data by reading bytes
> from /dev/urandom.

OK, this seems to work. Though apparently /usr/dict/words is no longer
available now that I've switched to Red Hat 7.1 (which regrettably is
still on Python 1.5.2).
----------------------------------------------------------
#!/usr/bin/env python
import random, math

urandom = open("/dev/urandom")

def choice(lst):
     sum = 0L
     for x in range(6):
         sum = (sum << 8) + ord(urandom.read(1))
     return lst[int(sum % len(lst))]

if 1:
     # To avoid confusion, leave out 0, O, 1, l, S and %.
     units = "ABCDEFGHIJKLMNPQRTUVWXYZabcdefghijkmnopqrstuvwxyz2346789"
     units = units + """!@#$%^&*+=;:,.""" # Compensate with punctuation.
     separator = ""
elif 0:
     units = "abcdefghijkmnopqrstuvwxyz0123456789"
     separator = ""
else:
     units = [ ]
     separator = "-"
     inf = open("/usr/dict/words")
     for x in inf.readlines():
         units.append(x[:-1])
     inf.close()

length = 10

e = length * math.log(len(units)) / math.log(2)
print "Entropy is %g bits" % e
# Assume the attacker attempts 100 logins per second, but doesn't get
# access to a hash which would allow him to test faster.
print "Cracking time is", (0.01 * 2**e) / (3600 * 24 * 365.24), "years"

pw = ""
for i in range(length):
     pw = pw + choice(units) + separator
if len(separator):
     pw = pw[:-len(separator)]

print "Password:", pw

urandom.close()
-------------------------------------------------------




More information about the Python-list mailing list