Back to Blog
Random password generator algorithm7/21/2023 ![]() ![]() ![]() ⁽²⁾ With 13 years of professional programming under my belt, much more in general, and a long standing interest in security, this is still a tricky minefield to me. And so far in this thread you gave exactly that impression. ⁽¹⁾ You may not be, but I can only judge what I see. ![]() Study how key generation is done in existing software, understand why specific approaches were taken, see how existing algorithms were broken, spend some time observing the computer security playground. So I urge you, please refrain from touching this topic now. I can’t even find a way to express, how large is the gap between what you want to do and what you can do, because you first must be on the other side of this gap to have the clear view on it. To approach that opponent, you must have a decent grasp of at least information theory, probabilistics, combinatorics, and knowledge of existing vulnerabilities and attacks. ![]() The problem is in what you are armed with. No, the problem is not with the particular code. Sure, you will fix that… and what next? If we can no longer notice any it’s not because your code is fine - it’s because we can spot only so many mistakes, because we are not professional cryptographers, as cryptographers we would not spend days of otherwise well paid time on listing shortcomings of an obviously wrong approach, and - most importantly - it’s not a matter of whether you or us can break it, but potential adversaries. Like a biased RNG you use⁽³⁾ or inadequate validation⁽⁴⁾. It’s not a matter of us pointing to a few specific vulnerabilities. Using an RPG analogy, you are armed with a knife and a wooden shield, but you want to jump into a monster lair where lvl 99 players have trouble surviving.⁽²⁾ If that goes to production, it’s even worse, as you are luring those monsters onto other players. But, if that is for actual password generation, from all the territories to explore as a rookie you have chosen one of the few areas, that you should absolutely not travel to at this skill level. If that is just a program to generate random stuff for no particular purpose, it’s a nice exercise. I hope you will progress and one day contribute to the community. If you are a beginner programmer⁽¹⁾ and want to play with code, it is great and everybody here appreciates that. Can you explain, what is your goal? After being given actually working solutions, you are still avoiding using them. \builtin echo "Length must be greater then 7." Local alpha='abcdefghijgklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUWXYZ' Local tmp res res1 res2 i j l num='0123456789' In your algorithm, digits have a higher probability to be picked than letters or punctuation. In bash you can use SRANDOM instead.Įdit: and you have to consider the entropy of your generated password (XKCD explains this well), and also any random bias that your algorithm introduces. Set - $(od -vAn -N$((wordnum*wordlen*4)) -t u4 < i in $(seq $wordnum -1 1)īut like mentioned there are many ways to generate passwords already.įor RANDOM you have to consider, it's pseudorandom and the number range is small (0-32767). pwgen.sh 8 1 $(cat be bi bo bu da de di do du fu ga ge gi go gu ha he hi ho ka ke ki ko ku ma me mi mo mu na ne ni no nu pa pe pi po pu ra re ri ro ru sa se si so su ta te ti to tu wa wo ya yo yu za ze zi zo zu}) ![]()
0 Comments
Read More
Leave a Reply. |