|
Title: Random password generator Post by: digital_mine on September 21, 2018, 11:01:35 AM Good morning folks.
Since have different STRONG password for each website we are using that accepts BITCOIN is a necessity in the cryptosphere, I want to share here a very simple program I've written in python to create very strong random passwords. here the link: https://github.com/digital-mine/password_generator Hope some of you will find it useful, of course is free to use Title: Re: Random password generator Post by: psycodad on September 21, 2018, 02:45:25 PM There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:
You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random (https://docs.python.org/2/library/random.html) say: Quote Warning The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator. For security and cryptographic purposes you should always use os.urandom (https://docs.python.org/2/library/os.html?highlight=os%20urandom#os.urandom), some examples of how to use it can be found here: https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python The current version of your script most probably produces easy to predict passwords which are not secure at all. Title: Re: Random password generator Post by: digital_mine on September 21, 2018, 03:10:07 PM There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it: You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random (https://docs.python.org/2/library/random.html) say: Quote Warning The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator. For security and cryptographic purposes you should always use os.urandom (https://docs.python.org/2/library/os.html?highlight=os%20urandom#os.urandom), some examples of how to use it can be found here: https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python The current version of your script most probably produces easy to predict passwords which are not secure at all. Thank you for your time to read my post! I'll upgrade the script following your suggestion ASAP. Title: Re: Random password generator Post by: psycodad on September 21, 2018, 04:29:19 PM There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it: You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random (https://docs.python.org/2/library/random.html) say: Quote Warning The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator. For security and cryptographic purposes you should always use os.urandom (https://docs.python.org/2/library/os.html?highlight=os%20urandom#os.urandom), some examples of how to use it can be found here: https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python The current version of your script most probably produces easy to predict passwords which are not secure at all. Thank you for your time to read my post! I'll upgrade the script following your suggestion ASAP. You're welcome. I think you could simply use os.urandom with hashlib.sha256 to create pretty random and secure passwords of any length, i.e.: Code: import sys, os, hashlib, base64 I am sure there are plenty of improvements for above method but it should give you and idea. Though if you are on a Linux system for example, you can do all of this in a bash one-liner. HTH Title: Re: Random password generator Post by: digital_mine on September 21, 2018, 05:03:51 PM There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it: You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random (https://docs.python.org/2/library/random.html) say: Quote Warning The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator. For security and cryptographic purposes you should always use os.urandom (https://docs.python.org/2/library/os.html?highlight=os%20urandom#os.urandom), some examples of how to use it can be found here: https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python The current version of your script most probably produces easy to predict passwords which are not secure at all. Thank you for your time to read my post! I'll upgrade the script following your suggestion ASAP. You're welcome. I think you could simply use os.urandom with hashlib.sha256 to create pretty random and secure passwords of any length, i.e.: Code: import sys, os, hashlib, base64 I am sure there are plenty of improvements for above method but it should give you and idea. Though if you are on a Linux system for example, you can do all of this in a bash one-liner. HTH Thank you again! I'll definitely study your suggestion further, and I'll try to implement. Just to say, my current version doesn't simply generate a random password from the python lib, it produce each character using the random lib than, substitute from 1 to 3 characters (randomly) into numbers, and than again substitute from 1 to 3 characters into capital letters. I know that there is a big room for improvement. Title: Re: Random password generator Post by: nastyagav on September 21, 2018, 05:55:52 PM I just downloaded it and used it on my system. I like it. Thank you very much :)
Title: Re: Random password generator Post by: digital_mine on September 21, 2018, 08:00:05 PM I just downloaded it and used it on my system. I like it. Thank you very much :) You are welcome but be aware of what @psycodad said! Maybe add some extra character by your own to increase the safety |