Password Generation Perl Script

Blue Bar separator

This is a perl script implementation of the password generation algorithm used in my MS Windows genpass program. The rational for the script is the same, using a constant passphrase with the URL for the web site to generate passwords so I don't have to remember them or record them somewhere. See the genpass program page for more details. The reaon for the perl script is so that I have a platform independant version of the program.

The script takes 2 arguments, the first is the passphase the second the length. The passphrase is the constant string + URL, or whatever you want. The length is the final length of the password. The length must be between 1 and 16. A length outside of the valid range or a non-numeric string for the length or no length results in a 16 character password.

The genpass windows program allowed for alphabetic only, alphanumeric, or alphanumeric + symbols passwords. However I discovered that most sites do not allow alphanumeric + symbols so this script is limited to just alphanumeric passwords. You can obviously change it if you want to.

I have tested the script using Active Perl on MS windows, and the Stratus VOS and Linux versions of Perl.

Some examples from Windows XP: 

                                                                  
H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.amazon.com      
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.amazon.com 16

Password is O32q1N6m5399g7eP

H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.wellsfargo.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.wellsfargo.com 16

Password is i9XFu5SR11KoNMlJ

H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.mit.edu
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mit.edu 16

Password is m64YH87e1531L0on

H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.mybank.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mybank.com 16

Password is o33aP76m6499W6e0

H:\projects\Perl Projects\genpass>

Some examples from Stratus VOS (release 15.2): 

                                                                  
perl genpass2.pl constantwww.amazon.com                                        
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.amazon.com 16

Password is O32q1N6m5399g7eP
ready  18:58:50
perl genpass2.pl constantwww.wellsfargo.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.wellsfargo.com 16

Password is i9XFu5SR11KoNMlJ
ready  18:59:17
perl genpass2.pl constantwww.mit.edu
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mit.edu 16

Password is m64YH87e1531L0on
ready  18:59:43
perl genpass2.pl constantwww.mybank.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mybank.com 16

Password is o33aP76m6499W6e0
ready  19:00:18

Some examples from Linux: 

                                                                  
root@torvald 19:05:08 tmp> perl genpass2.pl constantwww.amazon.com             
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.amazon.com 16

Password is O32q1N6m5399g7eP
root@torvald 19:05:40 tmp> perl genpass2.pl constantwww.wellsfargo.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.wellsfargo.com 16

Password is i9XFu5SR11KoNMlJ
root@torvald 19:06:07 tmp> perl genpass2.pl constantwww.mit.edu
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mit.edu 16

Password is m64YH87e1531L0on
root@torvald 19:06:32 tmp> perl genpass2.pl constantwww.mybank.com
genpass 2.0 -- No password length given - defaulting to 16
genpass 2.0 -- constantwww.mybank.com 16

Password is o33aP76m6499W6e0
root@torvald 19:06:52 tmp>

The algorithm used to generate the password is not cryptographically secure and I'm sure that with enough examples someone will be able to figure out the constant part of the passphrase. However, since the passwords are never written down the only way to get the passwords is to hack into the individual web sites or systems. I am not worried about it.

genpass.pl

                                                                  
# genpass2.pl begins here
#
# Version 1.00 07-11-04
# Version 1.10 10-11-26 Added disclaimer
# ndav1@cox.net
#
# See http://noahdavids.org/self_published/genpass.html for documentation
#
# This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
# SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
# OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.  This disclaimer
# applies, despite any verbal representations of any kind provided by the
# author or anyone else.
#
use strict;
use warnings;

my ($sPassPhrase, $iPasswordLength, $iLen);
my ($sTemp);
my ($iOffset, $i, $c, @cLowerNibble, @cUpperNibble);
my ($c2, $sPassword);

$sPassPhrase = $ARGV [0];
if (!(defined $ARGV [1]))
{
	print "genpass 2.0 -- No password length given - defaulting to 16\n";
	$iPasswordLength = 16;
}
else {$iPasswordLength = $ARGV [1]}

if (!($iPasswordLength =~ /^-?\d/))
{
	print "genpass 2.0 -- password length was not numeric (" . $iPasswordLength . ") - defaulting to 16\n";
	$iPasswordLength = 16;
}
elsif ($iPasswordLength < 1)
{
	print "genpass 2.0 -- password length was less than 1 (" . $iPasswordLength . ") - defaulting to 16\n";
	$iPasswordLength = 16;
}
elsif ($iPasswordLength > 16)
{
	print "genpass 2.0 -- password length was greater than 16 (" . $iPasswordLength . ") - defaulting to 16\n";
	$iPasswordLength = 16;
}

printf ("genpass 2.0 -- %s %d\n", $sPassPhrase, $iPasswordLength);

$iLen = length ($sPassPhrase);

while ($iLen < 100)
{
	$sTemp = $sPassPhrase;
	$sPassPhrase = $sPassPhrase . $sTemp;
	$iLen = length($sPassPhrase);
}

$iLen = 100;
$iOffset = 0;
for ($i = 0; $i < $iLen; $i++)
{
	$c = substr ($sPassPhrase, $i, 1);
	$cLowerNibble [$i] = (ord ($c) & 0x0F) << 4;
	$cUpperNibble [$i] = (ord ($c) & 0xF0) >> 4;
	$iOffset = $iOffset +  ord ($c);
}

$sPassword = "";
for ($i = 0; $i < $iPasswordLength; $i++)
{
	$c2 = $cLowerNibble [$i] | $cUpperNibble [$iLen - 1 - $i];
	$c2 = $c2 + $iOffset - $i;
	$c2 = $c2 & 0x7F;
	if ($c2 < 0x21) {$c2 = $c2 | 0x21}
		
	if ($c2 < ord ('0')) {$c2 = $c2 | 0x30};
	if (($c2 > ord ('9')) && ($c2 < ord ('A'))) {$c2 = $c2 - 0x07}
	if (($c2 > ord ('Z')) && ($c2 < ord ('a'))) {$c2 = $c2 - 0x10}
	if ($c2 > ord ('z')) {$c2 = $c2 - 0x10}
		
	$c2 = chr ($c2);
	if ($i % 2 == 0)
	{
		if ($c2 eq uc $c2) {$c2 = lc $c2}
		elsif ($c2 eq lc $c2) {$c2 = uc $c2}
	}
	substr ($sPassword, $i, 1) = $c2;
}

print "\nPassword is " . $sPassword . "\n";

#
# genpass2.pl ends here


Blue Bar separator
This page was last modified on 10-11-26
mailbox Send comments and suggestions
to ndav1@cox.net