I spent the weekend majorly re-factoring XKpasswd.pm, my Perl random password generation library. V0.1 was the last thing I wrote before reading Perl Best Practices, and looking back on that code really illustrated the value of that book when used in combination with the perlcritic code analyser.

The new version of the module provides all the functionality the old one did, and more. The refactoring has made the module simpler to use from within scripts, as well as easier to modify and extend. Some new features have also been added, including the ability to use the www.random.org web service as the source of randomness for the library. A full list of bug fixes and new features is included below.

I had hoped to distribute this version as both a ZIP file and a .PKG file, but XCode 4.4 is not being cooperative on the new Mountain Lion, so that will probably have to wait until version 0.3.

Update – 6 August 2012: The link below has been updated to point to version 0.2.1 of the code. Details of the bugs fixed in the release notes.

Download

Read more

Tagged with:

xkpasswd - a secure memorable password generator

Steve Gibson really set the cat among the pigeons with his Password Haystacks site a few months ago, and XKCD’s ‘Correct Horse Battery Staple’ web comic brought that message home to many many nerds and geeks. The basic idea is that you’re better off making your passwords long and memorable than short and complex. In the simplified XKCD example the password is simply made up of 4 common words, but Steve Gibson suggests you should add some padding around those words to make the passwords much harder to guess.

This is a lovely theory, but I’m not imaginative, and I need to invent a lot of passwords every week, so I wrote a Perl module to do it for me, and called it xkpasswd.pm. The first thing I’m announcing today is that I’ve made this library available for free for both personal and commercial use (under the FreeBSD license), you can download it from www.bartb.ie/xkpasswd.

Download

It’s great to have a library for nerds to play with, but what about everyone else? Well, that’s where my second announcement comes in, I’ve also created www.xkpasswd.net, a simple web front-end to the xkpasswd.pm module.

www.xkpasswd.net

In case anyone is wondering where the name comes from? It’s a mashing together of XKCD, and passwd, the Linux/Unix command for changing passwords. Because I used to use Solaris, and hence the yppasswd command, I liked the idea of keeping the prefix to just two letters, hence xkpasswd, rather than xkcdpasswd.

For any programmers interested in using the Perl module, it has no prerequisites other than base Perl, and all you need to get started is the module and a dictionary file to point it at. The download package contains the module, a sample dictionary, and a sample Perl script which invokes the module.

In the future I also plan to release a JavaScript-only version if the library so that others can embed xkpasswd-based password generators in their own sites without needing Perl CGI support on their servers. I’m also experimenting with creating an OS X Service to allow people to easily generate xkpasswd passwords from anywhere within OS X, and perhaps even a native OS X Application. So stay tuned!

XKCD - Password Strength

Tagged with:

« go back