It’s been a while since I released a new version of XKPasswd.pm, the open source Perl module that powers the secure memorable password generator at www.xkpasswd.net. The main reason for the big gap is that I needed to learn some new skills to get the code to where I wanted it to be. There were three main problems I wanted solved:

  1. To get wide adoption, the Module needs to be available via CPAN
  2. The module needs unicode support to deal with non-English languages
  3. It needs to be easy to edit and tweak a config with the www.xkpasswd.net web interface, and then use it in your scripts.

While solving those problems, I also took the opportunity to tidy up some other odds and ends in the code base. It’s not that code was broken, it just that a few parts of it had a bit of a fishy smell – it seemed like there was probably a better way to do that, and there was!

So, here’s a summary of what’s changed from the the point of view of a user of the Module:

  • The Packaging – the module has a new name, and is now packaged with Module::Build, so it’s easier to install, and ready for distribution via CPAN.
  • Unicode Support – if it’s a unicode character, you can use it while generating passwords.
  • Redesigned Word Sources – more bundled with the module, and easier to create your own.
  • Redesigned Sources of Randomness – more bundled with the module, a better default, and easier to create you own.
  • A switch to Named Arguments (in both the constructor and functional interface).

I’ve put a lot of time and effort into developing this entirely free and open source module. If you find it useful, please consider making a donation:

*Download Beta of Crypt::HSXKPasswd via GitHub*

Read more

Tagged with:

XKPasswd.net Updated

Filed Under Computers & Tech, Security on November 10, 2014 | 10 Comments

After quiet a few months of work, I’ve just re-launched my secure memorable password generator – www.xkpasswd.net. The entire interface has been re-designed, and under the hood the site now uses version 2 of my XKPasswd.pm perl module.

The interface has been completely re-designed with an eye to making it easier to understand what the various configuration settings mean. The configuration is sections, and each section is headed by an English description of the current settings. You can read down through the headings to get a very good understanding of the configuration. Additionally, there is now a diagram showing the structure of the password that will be generated, and whether or not it will contain mixed case, digits, and symbols.

You can now generate multiple passwords at once, people often like to generate a few and choose one that speaks to them, so while not make that easier! Once passwords are generated, their strength, or Entropy, is reported, and colour-coded – green is good 🙂

I’ll be adding some more features over the next few months. I’ll mainly be focusing on adding more dictionaries, and allowing users to create their own custom dictionaries by mixing and matching separate word lists. What I have in mind is a set of base language dictionaries like English, and French, and so on, and then a selection of special dictionaries like place names, scientific terms, scifi characters and places, animals, fore names, and so on. I’m also planning to add the ability to store your own custom presets locally using HTML5’s local storage feature.

If you have any comments or suggestions, please do share them.

Tagged with:

It’s going to take me a few months to re-write the www.xkpasswd.net site so it uses the new XKPasswd 2 perl module. In the mean-time, thanks to the magic of Automator an OSX Services, Mac users can integrate XKPasswd 2 right into their OS with out very much effort at all.

This blog post is intended as a follow-on post to my earlier XKPasswd 2 beginners guide. This post assumes you have followed the installation instructions in the beginner’s guide to install the XKPasswd 2 module, that you followed along with that post and created a script that generates passwords in a format of your choice, and that you have tested that script to be sure it works. In this post I’ll be using the final example script from the beginner’s guide as my pre-written script.

Read more

Tagged with:

I’ve just released version two of the XKPasswd perl module, the module that powers the www.xkpasswd.net website. At the moment, only the module has been updated, not the website. It’s going to take me a few months to make all the changes I want to on that site. In the mean time you, can use the module directly. The prerequisites are that you have a computer with Perl and GIT installed, and a plain text editor (no difficult on Linux or Mac).

Read more

Tagged with:

It’s hard to believe, but it’s been nearly three years since I released my first attempt at a Perl library for generating secure memorable passwords. The original spark of inspiration came when Steve Gibson released and talked about his Password Haystacks page at around the same time as the now famous correct horse battery staple XKCD comic was released. Take the idea of using words as the basis for passwords from XKCD, add computers to introduce real randomness (we humans are terrible at being random), and season with come well-chosen and intuitively placed symbols and digits to increase the size of your haystack, and voila, passwords are are both human-friendly and secure!

The first version of the library worked, as evidenced by it’s years of service powering www.xkpasswd.net. That’s not a bad start. But, it was a first attempt at solving the problem, and, I was still a Perl padawan back then. Some of my early design decisions resulted in a less than ideal API making the library a lot less developer-friendly than it could have been, and I’ve learned a lot about Perl, and Perl best practices since 2011!

I’ve spent the past half year or so re-implementing the same basic idea from scratch. In terms of functionality very little has changed, there are a few additions, but the big change is in the API. Basically, the old API was a mess – you needed one config hashref to instantiate the object, then a different config hashref to call the password generation function. Nonsense! That’s not intuitive, not obvious, and not efficient! The new API allows you to achieve the same result with less code, and the code you will have will be easier to read and understand.

You’ll find the project page for the new library at the link below – this page provides links for downloading the code, and links to the module’s very detailed documentation.

XKPasswd 2 Project Page (http://bartb.ie/xkpasswd)

Read more

Tagged with:

I’m betting most people won’t be interested in this, but if anyone’s curious how this programmer goes about building up a perl module from scratch, you can watch along on as I build XKPasswd 2.0 over on GITHub: github.com/bbusschots/xkpasswd.pm.

I’m re-implementing XKPasswd from scratch. The resulting functionality will be mostly the same, but with some additions. The reason for starting over is two-fold. Firstly, the first implementation of XKPasswd was very much a prototype, and as with any prototype, I learned some valuable lessons, and there are lots of things I’d do differently if I was doing it again. Secondly, the first version of XKPasswd is almost three years old now, and since then, my Perl skills have increased a lot. Probably the single biggest difference between the me of 2014 and the me of 2011 is that I read Perl Best Practices, and started to run all my Perl code through Perl Critic. Another big difference is that, thanks to JQuery, I’ve fallen in love with Code References in all the languages I use that support them, including Perl.

Since this is a re-write, I’m really focusing on building a solid foundation, so I’m starting with the utility functions that will let me build up functionality gradually, and I’m writing the user documentation in parallel with the code. Before every commit to GITHub, everything that’s done so far is getting documented with POD, and, the code has to pass Perl Critic with no warnings.

Tagged with:

www.xkpasswd.net Updated

Filed Under Computers & Tech, Security on August 6, 2012 | 2 Comments

www.xkpasswd - A Secure Memorable Password GeneratorThis afternoon I updated www.xkpasswd.net to version 0.2.1 of the XKpasswd.pm Perl module, and added the needed UI to expose some of the new features introduced in version 0.2.* of the module:

  1. It is now possible not to use any separator between the words that form the basis of your randomly generated password
  2. The padding character can now be set to be randomly chosen, independently of the separator character. This is now the default setting, and provides more entropy by default.
  3. An additional care transform has been added, you can now choose to have the capitalisation alternate on each subsequent word.

Tagged with:

This is a minor bug-fix update for XKpasswd (my Perl random password generation module). It squashes two minor bugs which came to light while updating www.xkpasswd.net to use version 2 of the module.

  1. When the custom_separator option was left blank, no separator was used, rather than the expected random separator.
  2. When the custom_separator option was left blank or set to RANDOM, and the pad_char option to SEPARATOR, the results were un-expected, different random character was used for each, rather than the same random character.

For documentation and detailed release notes on version 2 of the module, see the release notes for version 2.0.

Download

Tagged with:

Automator + XKpasswdA few weeks ago on the Chit Chat Across the Pond segment of the Nosillacast, I mentioned that I had an OS X service set up to generate a random password using my XKpasswd Perl module and copy it to the clipboard. Listeners enquired as to how they would go about doing that, so as promised, here’s a quick tutorial.

Obviously this tutorial is for Mac OS X users only, because OS-wide Services and Automator are OS X features. The screenshots are taken on 10.8 Mountain Lion, but this same technique definitely also works on OSX 10.7 Lion, and probably even on 10.6 Snow Leopard. This tutorial also assumes that you have downloaded the XKpasswd module, and saved it somewhere on your computer, along with either the sample dictionary file included with the module or one of your own making, and that you know where on your computer those files have been saved. In other words, you need to have XKpasswd.pm and a text file with one word per line somewhere on your hard drive. In my sample code I’m going to assume you’ve installed the Perl module to the suggested location, /usr/local/xkpasswd/XKpasswd.pm, and that you have customised the sample dictionary a little (more secure that way), and saved it to /usr/local/xkpasswd/dict.txt.


Read more

Tagged with:

I spent the weekend majorly re-factoring XKpasswd.pm, my Perl random password generation library. V0.1 was the last thing I wrote before reading Perl Best Practices, and looking back on that code really illustrated the value of that book when used in combination with the perlcritic code analyser.

The new version of the module provides all the functionality the old one did, and more. The refactoring has made the module simpler to use from within scripts, as well as easier to modify and extend. Some new features have also been added, including the ability to use the www.random.org web service as the source of randomness for the library. A full list of bug fixes and new features is included below.

I had hoped to distribute this version as both a ZIP file and a .PKG file, but XCode 4.4 is not being cooperative on the new Mountain Lion, so that will probably have to wait until version 0.3.

Update – 6 August 2012: The link below has been updated to point to version 0.2.1 of the code. Details of the bugs fixed in the release notes.

Download

Read more

Tagged with:

« go backkeep looking »