Over at Mark Kolich’s blog, he wrote several months ago about using a source of randomness (/dev/urandom) to generate passwords. The idea is simple enough: take the random data, strip out only the printable characters, and then print the desired length of characters for a password.
Shortly thereafter, he described how to use a simple shell script to generate many passwords – such as for setting up many different accounts.
Working with HP-UX and OpenVMS as I do, I immediately thought: how could I do this in Perl, making the idea portable and making a program that will work on both UNIX and OpenVMS? It was easy – and easy to make it flexible as well. Here is the program that I came up with:
#!/usr/bin/perl
# code released by David Douthitt into the public domain
use Getopt::Long;
Getopt::Long::Configure('bundling');
GetOptions( 'l=i' => \$opt_l,
'p=s' => \$opt_p,
'm=i' => \$opt_m );
$pat{"ext"} = "[[:alnum:][:punct:]]";
$pat{"alnum"} = "[[:alnum:]]";
$pat{"alpha"} = "[[:alpha:]]";
$pat{"simple"} = "[a-km-z2-9]";
$pat{"normal"} = "[a-km-z2-9A-HJ-NPR-Z]";
if (defined($opt_p)) {
if (defined($pat{$opt_p})) {
$pat = $pat{$opt_p};
} else {
print "undefined pattern!\n";
exit(1);
}
} else {
$pat = $pat{"normal"};
}
$max = (defined($opt_m) ? $opt_m : 1000);
$len = (defined($opt_l) ? $opt_l : 6);
$x = $len;
for $i (0..$max) {
$c = chr(int(rand(255)));
if ($c =~ /$pat/o) {
$s .= $c;
if (--$x == 0) {
print "$s\n";
$x = $len;
$s = "";
}
}
}
Note that since OpenVMS does not use the “#!” notation, that this line will be ignored as a comment and the program needs to be invoked via direct invocation of perl itself.
As an aside, Mark says how he prefers random passwords. Me, I prefer “pronouncable” passwords – still random, but using phoenemes which makes the generation process just that more complicated – and complicates internationalization. Apple’s MacOS X comes with a password generator that can generate random and pronouncable passwords.
However, with the proper password storage system a fully randomized password is good – or is it? A completely random password of eight characters could be zzzzzzzz as much as anything else. Perhaps a password with a random distribution of characters (rather than a random selection of characters) would be better. I’m not aware of any password generators that guarantee a random distribution instead of a random collection.
Powered by ScribeFire.
UNIX Administratosphere 
Thank you for the useful post!
Maybe I’m not a security guy, but I just generate passwords by common tools (system integrated or third-party)
For osx/iphone I’d suggest to use 1Password http://agilewebsolutions.com/products/1Password
For win paltform – SoftFuse Password Generator http://www.password-generator.com/
For linux/ubuntu there is a great apg
Seems pretty secure for me.
Actually, for MacOS X you can utilize the built-in password generator tool. There’s at least one free software package that makes this capability available at a click.
David, I’m glad you enjoyed my blog post on using /dev/urandom to generate random passwords. It’s always nice to see someone out there found my blog useful. Would you mind if I added a link to this blog post on kolich.com?
BTW, I see that you’re the author of “GNU Screen: A Comprehensive Manual”. I cannot live without “screen”; it’s an absolute must have for any developer or system administrator.
-Mark Kolich
I would be honored to be linked to. Thanks so much for the kind words.
No problem. I added a link to this blog post at http://mark.kolich.com/2008/10/howto-generating-good-random-passwords-with-devurandom.html
Stay in touch.
-Mark Kolich