There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:
You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The
python docs for random say:
Warning
The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.
For security and cryptographic purposes you should always use
os.urandom, some examples of how to use it can be found here:
https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-pythonThe current version of your script most probably produces easy to predict passwords which are not secure at all.
Thank you for your time to read my post!
I'll upgrade the script following your suggestion ASAP.
You're welcome.
I think you could simply use os.urandom with hashlib.sha256 to create pretty random and secure passwords of any length, i.e.:
import sys, os, hashlib, base64
pwlen = sys.argv[1]
pw_hash = hashlib.sha256(os.urandom(128))
print base64.b64encode(pw_hash.hexdigest())[0:int(sys.argv[1])]
I am sure there are plenty of improvements for above method but it should give you and idea. Though if you are on a Linux system for example, you can do all of this in a bash one-liner.
HTH
Thank you again!
I'll definitely study your suggestion further, and I'll try to implement.
Just to say, my current version doesn't simply generate a random password from the python lib, it produce each character using the random lib than, substitute from 1 to 3 characters (randomly) into numbers, and than again substitute from 1 to 3 characters into capital letters.
I know that there is a big room for improvement.
