Skip to main content

A simple password generator based on https://xkcd.com/936/

Project description

A password generator inspired by https://xkcd.com/936/

Usage

Simply install the package with pip install makepass, then run the make_pass command:

$ make_pass
CorrectHorseBatteryStaple7

The password is written to stdout, from which it can be captured via your pipelined capture mechanism of choice.

Process & Constraints

Makepass generates a memorable, readable password by combining N unique, random common english words, which are sourced from the Google Common English Words repository. By default, the list of 20,000 english words is used. The set of words is constrained to words between m and n characters long, inclusive, to promote memorability and prevent common words. A random numeral is appended, to satisfy the common requirement that passwords contain a letter and a number. The final password will be between L and M characters long; up to S passwords are generated internally until a password of appropriate length is found.

All of the above can be configured; run make_pass -h for a list of the flags that modify its behavior, as well as options for display of entropy information

Defaults

All of the following parameters can be changed:

  • N = 4
  • m = 4
  • n = 8
  • L = 24
  • M = ∞
  • S = 10,000
  • Random numeral is appended
  • Random specical character is not appended
  • Word set: 20k. Can be repaced with the 10k set.
  • Special character set: -_()/.,?!;:. Should be accepted by most password filters.

These default parameters produce passwords with an entropy of approximately 57.561 bits.

Security Disclaimer

While I am confident in its basic soundness, makepass has not undergone any kind of security review or audit, and I am not an expert in the field of password security. Use at your own risk.

makepass is built around use of random.SystemRandom, which in turn is based on os.urandom. os.urandom is described by the Python documentation as “suitable for cryptographic use.” For more information about the use of os.urandom and /dev/urandom in secure contexts, see this article.

The most obvious security hole I’m currently aware of in makepass is that it writes to your terminal, which may be logged or cached to disk. Make sure to pipe it into a secure destintion when creating a password you actually intend to use; I’m personally partial to the say command on OSX, which speaks the password out loud through your speakers.

Project details


Release history Release notifications

This version
History Node

0.11.0

History Node

0.10.2

History Node

0.9.8

History Node

0.9.7

History Node

0.9.6

History Node

0.9.5

History Node

0.9.4

History Node

0.9.3

History Node

0.9.2

History Node

0.9.1

History Node

0.9.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
makepass-0.11.0-py3-none-any.whl (85.6 kB) Copy SHA256 hash SHA256 Wheel py3 Dec 13, 2017
makepass-0.11.0.tar.gz (82.8 kB) Copy SHA256 hash SHA256 Source None Dec 13, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page