Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

A reasonable temporary password generator?

by Your Mother (Archbishop)
on May 10, 2003 at 11:02 UTC ( #257101=perlquestion: print w/replies, xml ) Need Help??

Your Mother has asked for the wisdom of the Perl Monks concerning the following question:

sub random_password { my $length = 8 + int(rand(5)); my @alpha = ( 1 .. 9, 'a' .. 'z', 'A' .. 'Z', qw( ! @ $ % & * + - . , ) ); return join('', map { $alpha[rand(@alpha)] } ( 1 .. $length )); }

Other ideas or takes? I poked around the Super Search a bit but nothing jumped out at me. This seems awfully simple to resort to importing an entire module. Or is it? In this case it would be for temporaries issued to users via email till they redo their own and it would expire in, say, 10 minutes.

Replies are listed 'Best First'.
•Re: A reasonable temporary password generator?
by merlyn (Sage) on May 10, 2003 at 11:14 UTC
    Passwords have a lot of different contexts. You don't mention how this is going to be used.

    If it's for crypt(3) (like a basicauth password), characters past the 8th don't make any difference, for example. If it's for a human, it'd be nice to be somewhat pronouncable. If it's merely to confirm that an email address is the right one via a round-trip, it can be 64 hex characters instead.

    So, tell us more about how this is to be used, and you'll get better answers.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

      Good question; sorry I didn't give more. This would just be a placeholder for a new website user account registration, or for a lost password reset, probably md5'd into a DB, no SSL or htpasswd in this case.
        In that case, since a human would have to enter it, I'd stick with 6-to-10 alphanumerics only, but run it past cracklib to make sure it's not trivially brute-forceable, and also have some mechanism to ensure that it gets changed on first use.

        -- Randal L. Schwartz, Perl hacker
        Be sure to read my standard disclaimer if this is a reply.

Re: A reasonable temporary password generator?
by valdez (Monsignor) on May 10, 2003 at 13:12 UTC

    Next time search also on CPAN :) If you search password on CPAN, you will get the following modules:

    1. Crypt::GeneratePassword: generate secure random pronounceable passwords
    2. Data::Password: Perl extension for assesing password quality

    These modules will give what you need and let you follow merlyn's suggestions. For example:

    #!/usr/bin/perl use strict; use warnings; use Crypt::GeneratePassword; use Data::Password qw(:all); my $password = Crypt::GeneratePassword::word(8, 8); $DICTIONARY = 4; $GROUPS = 1; $FOLLOWING_KEYBOARD = 1; print "password $password "; if (my $check = IsBadPassword($password)) { print "not good, because $check\n"; } else { print "is good\n"; }

    Ciao, Valerio

Re: A reasonable temporary password generator?
by iguanodon (Priest) on May 10, 2003 at 11:28 UTC
    Check out easypass.pl. It has lots of options to control how the passwords are generated, and you could call it from your code, or copy parts that you like, or at least get some ideas.

Re: A reasonable temporary password generator?
by apsyrtes (Beadle) on May 10, 2003 at 15:07 UTC
    You took the time to come up with the algorithm you have.
    You took the time to use Super Search to find a better way.
    You took the time to post and ask about a better way.
    You are taking the time to follow up on your post.

    If you had "resorted to importing an entire module" your application would be done and you'd be doing something else right now.

    Awfully Simple?

    Jason W.
      I took the time to do those things b/c that's what good citizens do.

      The application was done when I posted the question. I am always interested in other approaches b/c I love to learn. And I'm more than willing to change an approach if I get back a good reason.

      Since you seem interested in the "benchmark" of my post: algorithm: 40 seconds; super search: 2 minutes; post: 1 minute; follow up... well, I admit, I could have blown this one off safely and saved myself some time; I type 88wpm though, so not too bad after all.

      Reading through the PODs of the 1,416 results returned by a typcial CPAN search (and this one in particular) instead of just asking the good monks here... why? Are you against increased content on the site?

        Nope, just pointing out that when you say "resorting to using a module" you sound like you have something against taking advantage of tested and proven work to advance your own, and would prefer to reinvent the wheel when faced with a choice.

        Sorry if you took offense, as it seems you have. None was intended. Good analysis though, I love it when someone takes the time to show me with some solid statistics just how flippant I'm being. ;)

        Jason W.
        Your "benchmark" is missing the time it takes everyone else to read your post, and for those who care to respond to do so. Those are sometimes significant externalities, even if they are mostly invisible to you.

        Increased content is only sometimes good. We increase the utility of this site when we limit how many duplicate discussions we have (hence super search), when people are encouraged to use other resources (like CPAN) pre-emptively, and when people are encouraged to work efficiently. This encourages a minimalistic approach. We also increase the utility of the site when the discussions are sufficiently interesting that more good contributers are drawn into the mix. That suggests a more verbose approach.

        How to balance those out is a matter of sometimes difficult judgement calls. Even after the fact it can be a matter of debate as to whether someone succeeded. (FWIW, I thought your initial post was just fine and just wanted to comment on the idea of whether content per se was a good or bad thing...)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://257101]
Approved by benn
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (5)
As of 2021-12-06 17:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    R or B?



    Results (33 votes). Check out past polls.

    Notices?