tytso / pwgen Goto Github PK
View Code? Open in Web Editor NEWAutomatic Password generation
Automatic Password generation
There is no mention on this project's former homepage, https://sourceforge.net/projects/pwgen/, that the project has moved here to GitHub. Please add such indication there.
Examples include :
and ;
, ,
and .
, backtick and '
, etc.
As the development of haveged, the amount of seed in /dev/random has increased a lot. As a result, it can improve the security of password when use /dev/random as random source.
pw_random_number(max_num) simply performs a modulo of a random integer against the number of elements in the character array. Since there is no check whether the maximum integer value is divisible by the number of elements in the character array, modulo bias is introduced. This would need to be fixed before the command is used to generate passwords for a high security environment.
According to the password table published by hive systems, even the most secure 8 character passwords generated by this tool are now crackable within 5 minutes.
The link above explains how they came up with the table. Since the password table changes every year, I would like to include the table as it stands this year (2023) into this issue.
Number of characters | Numbers Only | Lowercase Letters | Upper and lowecase Letters | Numbers, Upper and lowecase Letters | Numbers, Upper and lowecase Letters, Symbols |
---|---|---|---|---|---|
4 | Instantly | Instantly | Instantly | Instantly | Instantly |
5 | Instantly | Instantly | Instantly | Instantly | Instantly |
6 | Instantly | Instantly | Instantly | Instantly | Instantly |
7 | Instantly | Instantly | 1 sec | 2 secs | 4 secs |
8 | Instantly | Instantly | 28 sec | 2 mins | 5 mins |
9 | Instantly | 3 secs | 24 mins | 2 hours | 6 hours |
10 | Instantly | 1 min | 21 hours | 5 days | 2 weeks |
11 | Instantly | 32 min | 1 month | 10 monts | 3 years |
12 | 1 sec | 14 hours | 6 years | 53 years | 226 years |
I think we can no longer adhere to the nist recommendation of 8 character passwords.
The NIST document linked to above was updated to include the
Removal of pre-registered knowledge tokens (authenticators), with the recognition that they are special cases of (often very weak) passwords.
Since passwords are still very much in use, I am raising this issue so that we can consider moving the default length of the passwords generated by pwgen to 12
instead of 8
.
It would be great if the user could request passphrases to be generates based on the Diceware and the EFF wordlist.
I noticed the option -c (--capitalize) is not always honored in the output.
Here is as sample output:
pwgen -B --capitalize -y -n 10 20
Et&eeL3iet juPh+ie9Fu xoo%Piepi3 zo7vey*u7M bee"thah4o Nie7oothe^ peeb]i7fah
kaew7Jizu Uw+ee9naix Aito#Yie4a uphu;sa4La va4Cae:the hob~ai9Thu wiePae9Hu: ohm;oh9dee Egae\F4iet Phee
th3oe cie4wieJe( ueg7Pic-oh um4ciodi:e
in this run, 4 results do not have a capital letter.
This is frequently seen, almost every time.
My setup is: Debian Linux 10 (buster)
pwgen version: 2.08-1
Backslashes are historically hard to handle, and if you have several layers that de-escape, you might need to express them with powers-of-two amounts of backslashes.
See the example below
$ pwgen -n 2 1
Rh
$ brew info pwgen|head -n 1
pwgen: stable 2.08 (bottled)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.