Steve Gibson really set the cat among the pigeons with his Password Haystacks site a few months ago, and XKCD’s ‘Correct Horse Battery Staple’ web comic brought that message home to many many nerds and geeks. The basic idea is that you’re better off making your passwords long and memorable than short and complex. In the simplified XKCD example the password is simply made up of 4 common words, but Steve Gibson suggests you should add some padding around those words to make the passwords much harder to guess.
This is a lovely theory, but I’m not imaginative, and I need to invent a lot of passwords every week, so I wrote a Perl module to do it for me, and called it
xkpasswd.pm. The first thing I’m announcing today is that I’ve made this library available for free for both personal and commercial use (under the FreeBSD license), you can download it from www.bartb.ie/xkpasswd.
It’s great to have a library for nerds to play with, but what about everyone else? Well, that’s where my second announcement comes in, I’ve also created www.xkpasswd.net, a simple web front-end to the
In case anyone is wondering where the name comes from? It’s a mashing together of XKCD, and
passwd, the Linux/Unix command for changing passwords. Because I used to use Solaris, and hence the
yppasswd command, I liked the idea of keeping the prefix to just two letters, hence
xkpasswd, rather than
For any programmers interested in using the Perl module, it has no prerequisites other than base Perl, and all you need to get started is the module and a dictionary file to point it at. The download package contains the module, a sample dictionary, and a sample Perl script which invokes the module.