pwgen-secure

Release 0.9.0

Generate cryptographically secure random passwords with specified character sets, patterns, or lengths.

Homepage PyPI Python

License
MIT
Install
pip install pwgen-secure==0.9.0

Documentation

pwgen_secure - Secure Python random password generator

Generate cryptographically secure random passwords with specified character sets, patterns, or lengths.

Quickstart: How do I make passwords?

Installation

pwgen_secure requires Python 3.6 above because it uses the secrets module for cryptographically secure random numbers. ("cryptographically secure" is a relative term. Read the Security section below).

If you do not have Python 3.6, you can download and install it from python.org.

Installation script

For your copy / paste pleasure.

sudo su
cd /usr/src/
git clone https://github.com/mjmunger/pwgen_secure
cd pwgen_secure
chmod +x ./install.sh
./install.sh
exit

Usage

You have two tools: spwgen and fpwgen.

  1. spwgen generates a random password at the command line.
  2. fpwgen reads a file, and replaces instances of #RND# with a securely generated password.

But why?

Secure by default

By default, pwgen creates passwords easy for a human to memorize. You have to use the -s option to get secure passwords. pwgen_secure generates secure passwords by default ... because users rarely rtfm, and usually use default settings.

Flexible

pwgen is not flexible. Want to generate random mac addresses? Can't. Need some other pattern? Can't. pwgen_secure can.

Uses the secrets module

The secrets module automatically uses the best source of randomness available on your system, which gives us the best chance and making secure passwords. (See "Cryptographically secure" below).

Usage:

spwgen [character set options | magic class] [length | pattern]

and

fpwgen /path/to/file [character set options | magic class] [length | pattern]

Examples

Here are examples for you, Captain Impatient...

Random password for a website, and show the timing

spwgen slut 16

Random MAC address:

spwgen p 'h{2}:h{2}:h{2}:h{2}:h{2}:h{2}'

...or using a magic class

spwgen mac

Create passwords in a file where the #RND# placeholder is

Use the strong magic class

sfpwgen /path/to/file strong

Do it the hard way:

sfpwgen /path/to/file ul 21

Make crappy passwords in the file:

sfpwgen /path/to/file d{4}

Make your users sorry they were ever born:

sfpwgen /path/to/file painful

Random three word pass phrase:

spwgen w 3

Create a google-style password:

spwgen google

Create one that's strong and easy to do on a phone

spwgen iphone

or

spwgen android

Escape the h so it starts with h

spwgen p '\hu{12}'

Character set options:

u    Include upper case characters: A-Z
l    Include lower case characters: a-z
s    Include symbol characters: !@#$%^&*
d    Include digits: 0-9
b    Include bracket characters: {}[]()<>
m    Include the minus character: -
n    Include the underscore character: _

Extended options:

w    Generate a password based on words
p    Generate the password based on the given pattern (requires the pattern argument)
e    Exclude look-alike characters (homoglyphs): 1iIO0

Fun stuff:

t    Show how long it took to generate the passwords.
g    Show debugging information

For all character sets (except pattern generation, "p"), you must specify the password length as the second argument. For all options except w and p, the length specification will specify the string character length. For w (word based password), the length argument will specify the number of words in the resulting password.

When p is specified, the second argument must be a pattern, not a length. (See "Pattern" below).

Patterns:

The pattern defines the layout of the resulting password. Each character in the pattern dictates a character class that will be substituted at that position in the pattern. Characters that do not represent a given character class will be substituted as-is.

For example:

uull-dddd will result in:

  • Two upper case characters for the first two characters of the pattern, followed by:
  • Two lower case characters for the next two characters, followed by:
  • "-" followed by:
  • Four digits

Use the following place holders to define your pattern:

Base class place holders:

u  Upper case characters: A-Z 
l  Lower case characters: a-z
s  Symbols: !@#$%^&*
d  Digits: 0-9
b  Bracket characters: {}[]()<>
m  The minus character: -
n  The underscore character: _
p  Punctuation: ,.;:

Combination and sub-class place holders:

a  lower-case alphanumeric: a-z and 0-9
A  Upper-case alphanumeric: A-Z and 0-9
M  Mixed-case alphanumeric: a-z, A-Z, and 0-9
N  Mixed-case alphanumeric + symbols: a-z, A-Z, 0-9 + !@#$%^&*
h  Lower case hex character: 0-9 and a-f
H  Upper case hex character: 0-9 and A-F
v  Lower case vowel: aeiou
V  Upper case vowel: AEIOU
Z  Mixed case vowel: AEIOU and aeiou
c  Lower case consonant: bcdfghjklmnpqrstvwxyz
C  Upper case consonant: BCDFGHJKLMNPQRSTVWXYZ
z  Mixed case consonant: bcdfghjklmnpqrstvwxyz and BCDFGHJKLMNPQRSTVWXYZ

Special placeholders

\    Escapes the proceeding character, and tells the generator to print it "as-is".
{n}  Print the previous character n times.

Magic classes

The following magic classes are short hand expressions that will create random passwords according to a specific recipe.

otp         Generate a base32 compliant secret for TOPT 2FA authentication
google      Generate Google-style app passwords e.g, ofgl ruwd ngzs iphh
iphone      Generate passwords that are easy to enter on the default iPhone keyboard
android     Generate passwords that are easy to enter on the default Android keyboard
pin4        Generate a random 4-digit pin
pin6        Generate a random 6-digit pin
mac         Generate a random mac address
strong      Generate a strong password
ridiculous  Generate a ridiculous password
ludicrous   Generate a ludicrously strong password
painful     Really? Wow.

Support and Issues

For support, problems, and issues, file an issue on github: https://github.com/mjmunger/pwgen_secure

Security

"Cryptographically secure" is a somewhat relative term. The secrets module actually "...provides access to the most secure source of randomness that your operating system provides". Thus, if you do not have a good source of randomness on your computer, you will not get good secure numbers. This is entirely dependent on your chipset.

Debian specific installation of Python 3.6.

Debian stretch does not yet have Python 3.6 in an repository package, therefore, you can compile from scratch:

Prep your system:

apt build-dep python
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

Download Python 3.6 for Linux, and extract to /usr/src/, then:

./configure
make
make install

Secrets is part of the core library as of v3.6, so there is nothing else to install.

References

Sources and contributions

Acknowledgements

Thank you to Theodore Ts'o for his various contributions to the Linux project, including pwgen, e2fsprogs, and ext4 file system, which are things we all use every day. Theodore Ts'o is imminently qualified to write the original pwgen, and this project hopes to follow in it's footsteps.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
1
Forks
0
Watchers
1
Contributors
0
Repository size
1.39 MB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.9.0

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-19 20:36:39 UTC

Login to resync this project