[Zope] Random Password Generator

Tino Wildenhain tino@wildenhain.de
Mon, 17 Feb 2003 17:33:01 +0100


Hi,

On Mon, 17 Feb 2003 15:41:17 +0100
Dario Lopez-K=E4sten <dario@ita.chalmers.se> wrote:

> From: "Asad Habib" <ahabib1357@yahoo.com>
> > Hello. Does anyone know if there are any built-in
> > Python methods which allow you to generate passwords
> > randomly? Any help would be greatly appreciated.
> > Thanks.
> >
> > -Asad
>=20
> ----------
> def generatePassword(self, pwdLen=3D8):
>     # Returns a random password.
>     import random
>     random.seed()
>     passwd=3D ''
>     # Since I, 1 ~=3D l and 0 =3D~ O, don't generate passwords with them.
>     # This will just confuse people using ugly fonts.
>     charset =3D 'abcdefghijkmnopqrstuxyzABCDEFGHJKLMNPQRSTUXYZ0123456789'
>     for i in range(pwdLen):
>         passwd =3D passwd + random.choice(charset)
>     return passwd
> --------

Thats OK for most cases, but its not really random because it=20
uses a sequence of the pseudo random number generators values.
Improvements would be seeding with more then one source (seed() uses
time.time() by default) after generating some values
and generating variable lenght passwords.

##=20
import random

chars=3D[x for x in 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ12345=
6789+-#!$?']


random.seed() # first seeding from time

skip=3Dint(random.random()*8)+1 # random values to skip

random.seed(context.REQUEST.channel.creation_time) # another seeding from c=
hannel time - hard to guess

lengh=3Dint(random.random()*3)+7  # variable lenght of generated password f=
rom 7 to 10 chars

random.shuffle(chars)
random.seed(context.REQUEST.HTTP_USER_AGENT+context.REQUEST.HTTP_ACCEPT_CHA=
RSET+str(DateTime()))
random.shuffle(chars)

random.seed() # get a fresh seed now

return ''.join([random.choice([random.choice(chars) for i in range(skip)]) =
for o in range(lenght)])

# the above consists of two loops - the inner selects random chars from shu=
ffled big string, "skip"
times, the outer selects one char from each loop cycle randomly.
# even knowing the channel time, the time, the random number generator inte=
rnals would it
make a challenge to break this password. Ok its not impossible, of course...
# the goal was to introduce as much entrophy as possible

HTH
Tino Wildenhain