This is a perl script implementation of the password generation algorithm used in my MS Windows genpass program. The rational for the script is the same, using a constant passphrase with the URL for the web site to generate passwords so I don't have to remember them or record them somewhere. See the genpass program page for more details. The reaon for the perl script is so that I have a platform independant version of the program.
The script takes 2 arguments, the first is the passphase the second the length. The passphrase is the constant string + URL, or whatever you want. The length is the final length of the password. The length must be between 1 and 16. A length outside of the valid range or a non-numeric string for the length or no length results in a 16 character password.
The genpass windows program allowed for alphabetic only, alphanumeric, or alphanumeric + symbols passwords. However I discovered that most sites do not allow alphanumeric + symbols so this script is limited to just alphanumeric passwords. You can obviously change it if you want to.
I have tested the script using Active Perl on MS windows, and the Stratus VOS and Linux versions of Perl.
Some examples from Windows XP:
H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.amazon.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.amazon.com 16 Password is O32q1N6m5399g7eP H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.wellsfargo.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.wellsfargo.com 16 Password is i9XFu5SR11KoNMlJ H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.mit.edu genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mit.edu 16 Password is m64YH87e1531L0on H:\projects\Perl Projects\genpass>perl genpass2.pl constantwww.mybank.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mybank.com 16 Password is o33aP76m6499W6e0 H:\projects\Perl Projects\genpass> |
Some examples from Stratus VOS (release 15.2):
perl genpass2.pl constantwww.amazon.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.amazon.com 16 Password is O32q1N6m5399g7eP ready 18:58:50 perl genpass2.pl constantwww.wellsfargo.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.wellsfargo.com 16 Password is i9XFu5SR11KoNMlJ ready 18:59:17 perl genpass2.pl constantwww.mit.edu genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mit.edu 16 Password is m64YH87e1531L0on ready 18:59:43 perl genpass2.pl constantwww.mybank.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mybank.com 16 Password is o33aP76m6499W6e0 ready 19:00:18 |
Some examples from Linux:
root@torvald 19:05:08 tmp> perl genpass2.pl constantwww.amazon.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.amazon.com 16 Password is O32q1N6m5399g7eP root@torvald 19:05:40 tmp> perl genpass2.pl constantwww.wellsfargo.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.wellsfargo.com 16 Password is i9XFu5SR11KoNMlJ root@torvald 19:06:07 tmp> perl genpass2.pl constantwww.mit.edu genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mit.edu 16 Password is m64YH87e1531L0on root@torvald 19:06:32 tmp> perl genpass2.pl constantwww.mybank.com genpass 2.0 -- No password length given - defaulting to 16 genpass 2.0 -- constantwww.mybank.com 16 Password is o33aP76m6499W6e0 root@torvald 19:06:52 tmp> |
The algorithm used to generate the password is not cryptographically secure and I'm sure that with enough examples someone will be able to figure out the constant part of the passphrase. However, since the passwords are never written down the only way to get the passwords is to hack into the individual web sites or systems. I am not worried about it.
# genpass2.pl begins here # # Version 1.00 07-11-04 # Version 1.10 10-11-26 Added disclaimer # ndav1@cox.net # # See http://noahdavids.org/self_published/genpass.html for documentation # # This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY # SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES # OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer # applies, despite any verbal representations of any kind provided by the # author or anyone else. # use strict; use warnings; my ($sPassPhrase, $iPasswordLength, $iLen); my ($sTemp); my ($iOffset, $i, $c, @cLowerNibble, @cUpperNibble); my ($c2, $sPassword); $sPassPhrase = $ARGV [0]; if (!(defined $ARGV [1])) { print "genpass 2.0 -- No password length given - defaulting to 16\n"; $iPasswordLength = 16; } else {$iPasswordLength = $ARGV [1]} if (!($iPasswordLength =~ /^-?\d/)) { print "genpass 2.0 -- password length was not numeric (" . $iPasswordLength . ") - defaulting to 16\n"; $iPasswordLength = 16; } elsif ($iPasswordLength < 1) { print "genpass 2.0 -- password length was less than 1 (" . $iPasswordLength . ") - defaulting to 16\n"; $iPasswordLength = 16; } elsif ($iPasswordLength > 16) { print "genpass 2.0 -- password length was greater than 16 (" . $iPasswordLength . ") - defaulting to 16\n"; $iPasswordLength = 16; } printf ("genpass 2.0 -- %s %d\n", $sPassPhrase, $iPasswordLength); $iLen = length ($sPassPhrase); while ($iLen < 100) { $sTemp = $sPassPhrase; $sPassPhrase = $sPassPhrase . $sTemp; $iLen = length($sPassPhrase); } $iLen = 100; $iOffset = 0; for ($i = 0; $i < $iLen; $i++) { $c = substr ($sPassPhrase, $i, 1); $cLowerNibble [$i] = (ord ($c) & 0x0F) << 4; $cUpperNibble [$i] = (ord ($c) & 0xF0) >> 4; $iOffset = $iOffset + ord ($c); } $sPassword = ""; for ($i = 0; $i < $iPasswordLength; $i++) { $c2 = $cLowerNibble [$i] | $cUpperNibble [$iLen - 1 - $i]; $c2 = $c2 + $iOffset - $i; $c2 = $c2 & 0x7F; if ($c2 < 0x21) {$c2 = $c2 | 0x21} if ($c2 < ord ('0')) {$c2 = $c2 | 0x30}; if (($c2 > ord ('9')) && ($c2 < ord ('A'))) {$c2 = $c2 - 0x07} if (($c2 > ord ('Z')) && ($c2 < ord ('a'))) {$c2 = $c2 - 0x10} if ($c2 > ord ('z')) {$c2 = $c2 - 0x10} $c2 = chr ($c2); if ($i % 2 == 0) { if ($c2 eq uc $c2) {$c2 = lc $c2} elsif ($c2 eq lc $c2) {$c2 = uc $c2} } substr ($sPassword, $i, 1) = $c2; } print "\nPassword is " . $sPassword . "\n"; # # genpass2.pl ends here |