Simple Python script to generate random password

[Lehti]

From time to time I like to mess around with Python for shit and giggles and to see what happens. A few days ago I pushed to git a small script that generates a random password that shouldn't (or so I hope) be too predictable.

To be honest this is a project I had attempted to do before, but unluckily lost the script when the micro SD card on the Pi I wrote that on died.

I recall doing it differently: I used os.urandom() to select a character from a list, instead of random.choice().

At any rate, I plan on keep working on it, adding support for arguments/options and non-interactive support, creating a Windows executable with py2exe, support for i10n through PO files, and perhaps a GUI frontend.

If anyone wants to have a look at it and give suggestions, I'd appreciate.

https://github.com/Tech4Freelancers/passgen

[Enderman]

I just spam press my keyboard to generate random passwords

[Silencer]

You put "you're password will not contain numbers" under the special letters question

[Lehti]

1 minute ago, Silencer said:

You put "you're password will not contain numbers" under the special letters question

Oops. I copypasted the code for the three steps and forgot to fix the last one.

[KuJoe]

Not bad but can I make some suggestions? Mostly I would make the default password a client would get stronger than what is currently offered. If a client is using a password generator it usually means they want an extremely secure password they can't come up with on their own so my advice is go big and let the options be to make it weaker, not stronger.

 

1) Include upper and lowercase characters by default instead of optional.

2) Include numbers by default.

3) Remove the option of passwords under 8 characters, they're pointless in terms of security and anybody who needs one should just use "1234567" and realize they need a stronger password after being hacked. 

 

I was on the fence about whether special characters should be default or not but in terms of compatibility I say leave the out be default.

[Lehti]

Thank you for your insights! I will definitely consider changing the default behaviour for the next version.

I considered enforcing longer passwords, but then I remember that some services (like the web portal for my ISP) accept passwords shorter than 8 characters and most people will not want to bother with using more character than strictly necessary.

[KuJoe]

Just did a quick test of your script and right now, the default options gives me a password 15 characters long with 67.6 bits of entropy. It would take 17 years and 8 months to brute force for a home user.

 

Changing the defaults to what I recommended, it gives me a password 15 characters long with 79.1 bits of entropy. It would take 8127322 years and 3 months to brute force for a home user, the mixed case and numbers really help a lot.

 

EDIT: I just noticed it's only creating a 15 character password, change line 80 to the following:

for i in range (0,length):

[Lehti]

You have to understand me: as a teenager I did Pascal in high school and there a for loops going from 1 to length would run exactly length times. Somehow, I can't seem to give up to the thought that I'm not a teen any longer.

[KuJoe]

1 minute ago, Lehti said:

You have to understand me: as a teenager I did Pascal in high school and there a for loops going from 1 to length would run exactly length times. Somehow, I can't seem to give up to the thought that I'm not a teen any longer.

No problem, as humans it makes sense to start counting at 1. Computers unfortunately start counting at 0.

[KuJoe]

I submitted a pull request with some proposed changes (and 2 typo fixes). Hopefully I did it right as I'm not well versed in the art of Git.

[AlTech]

On ‎10‎/‎18‎/‎2016 at 5:22 AM, Lehti said:

From time to time I like to mess around with Python for shit and giggles and to see what happens. A few days ago I pushed to git a small script that generates a random password that shouldn't (or so I hope) be too predictable.

To be honest this is a project I had attempted to do before, but unluckily lost the script when the micro SD card on the Pi I wrote that on died.

I recall doing it differently: I used os.urandom() to select a character from a list, instead of random.choice().

At any rate, I plan on keep working on it, adding support for arguments/options and non-interactive support, creating a Windows executable with py2exe, support for i10n through PO files, and perhaps a GUI frontend.

If anyone wants to have a look at it and give suggestions, I'd appreciate.

https://github.com/Tech4Freelancers/passgen

If you're ok with using other things than python, I could help make a C# WinForms version........ If not then I can still contribute a bit to this in python.

[vorticalbox]

personally, I would just remove the options and give then the choice of length and special characters.

 

passwords should always contain a mix of upper, lower and numbers. You could make this program much more efficient. Once I get on a computer ill show you what I mean.

 

Edit:

 

so you already have alpha so adding alphaLower is totally pointless as is having an alphaUpper as you can use alpha.upper() to get the upper case letters. Python can access strings like an array so why you're creating a random int to 65k seems like a waste (do correct me if I am wrong) when you can just roll a number between 0 and the length of your set and pick a random one out with alpha[randomnumber].

 

Also in some of the if's you have alpha = alphaLower; alpha already contains all lower case letters so you are necessarily changing it. 

 

Here I build alpha to contain all the possibilities the user wants and then pick a random one from that string.

from random import randint

alpha = 'abcdefghijklmnopqrstuvwxyz'
numbers = '0123456789'
special = '!"£$%&*'
length = 0
password = ''

while True:
	ans = input('Would you like upper case?').lower()
	if ans == 'y':
		alpha += alpha.upper()
		break
	elif ans == 'n':
		print('Will only use lowercase')
		break
	else:
		print('y or n only')
		
while True:
	ans = input('Would you like numbers?').lower()
	if ans == 'y':
		alpha += numbers
		break
	elif ans == 'n':
		print('Will also use numbers')
		break
	else:
		print('y or n only')
		
while True:
	ans = input('Would you special?').lower()
	if ans == 'y':
		alpha += special
		break
	elif ans == 'n':
		print('Will also use special')
		break
	else:
		print('y or n only')

while True:
	ans = int(input('Please enter a length?'))
	if ans >= 8:
		length = ans
		break
	else:
		print('must be equak to or higher than 8')

for i in range(length):
	rand = randint(0,len(alpha))
	password += alpha[rand]
print('Your password is {}'.format(password))