Monday, July 19, 2010

Pypass Password Generator

As an exercise in Python, I decided to write a random password generator.  I decided on a few features that it had to have: for one, it must produce passwords as randomly as is possible on a finite state machine.  Secondly, it must produce passwords of up to 63 characters in length.  Third, it must produce passwords in just about every logical combination of ASCII printable characters.

     The program is finished and I hope it is of use to the many Linux newcomers who need an easy to use password generator with a GUI.


Features


Pypass has the ability to:

  • Create pseudo-random passwords of up to 63 characters in length using the GNU/Linux built-in cryptographically secure PRNG -- /dev/urandom.
  • The ability to (attempt) at creating "truly" random passwords by utilizing /dev/random, which takes random input from the user and OS interrupts. [1]
  • Create seven different password "types."  That is, it can produce passwords consisting of all ASCII printable characters or simply lower-case only, mixed-case, numerical, hexadecimal, and letters + digits, etc.
  • Has an option to create a password using the "Diceware" method.
  • Each password generated is accompanied by an MD5, SHA-1, SHA-256, and a RIPEMD-160 hash.
  • Calculates the entropy of the password.
  • Calculates the length of time various machines would take to brute-force the password, on average.

It can be found in my Ubuntu PPA.  If on Ubuntu you can install it with the following command:
sudo apt-add-repository ppa:rookcifer/pypass && sudo apt-get update && sudo apt-get install pypass
To access it, look in your Main Menu ----> Accessories and you will see "Pypass password generator" there.

if not on Ubuntu, you can download the tar archive, which can be ran manually, by visiting my SourceForge page.

Here is a screenshot:


To do List:


     In the future I would like to rewrite the GUI and switch from ugly Tkinter to GTK+.  If anyone is willing to do the port to GTK for me, I would be much indebted. ;)

     I would also like to add one more password option to the mix: a mnemonic option; that is, an option that produces a single pronounceable password that is still randomly generated.


Footnotes:

1) There is some debate about the efficacy of /dev/random in producing anything like "truly" random numbers (i.e. numbers comparable in quality to that produced by quantum processes or even dice).  I am aware of this and only included the option to use /dev/random for the "tin-foil hat" types amongst us.

2 comments:

  1. Making up random stuff is fine for complex passwords, but I prefer to use an online password generator. Makes my life a lot easier

    ReplyDelete
  2. The features looks nice and made me think that i have found something really different from the rest. but will give it a try lets see what comes out.

    ReplyDelete