Configurable password generator/checker (Python recipe) by Dario Lopez-Kästen

ActiveState Code (http://code.activestate.com/recipes/576561/)

# -*- coding: iso-8859-1 -*-

#Copyright (C) 2004-2007 Dario Lopez-Kästen
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of the GNU General Public License
#as published by the Free Software Foundation; either version 2
#of the License, or (at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
#

"""
This module contains utility functions for
generating and checking passwords.

Default Password Properties Policy:
  - Minimum Password lenght is 8 tokens
  - At least four unique tokens
  - At least four character tokens
  - At least one number token
  - At least one special character token

NOTE: Crack check not implemented yet.

Provides access to Cracklib checking, IFF cracklib
is available as a python imported module. The
implementation of a Python Interface to Cracklib is left
as an excersise to the astute reader.

Adapted for future use of python-crack 0.5 by
#  Domenico Andreoli <cavok@filibusta.crema.unimi.it>
#  Web site at http://www.nongnu.org/python-crack/
# requires Cracklib 2.7
#  http://www.crypticide.com/users/alecm/

Only accepts/generates US-ASCII 7-bit tokens.
"""
import exceptions

##try:
##    import crack
from time import time

class PolicyNotEnforceable (exceptions.Exception):
    pass

# Our valid Token Set
vc  ='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
vn  = '0123456789'
vsc = ' !"#$%&''()*+,-./:;<=>?@[\]^_`{|}~'

# Our Password Policy Business Logic
min_unique_tokens    = 4
min_char_tokens      = 4
min_num_tokens       = 1
min_special_tokens   = 1
min_allowed_pwd_len  = 8

min_possible_pwd_len = min_char_tokens + min_num_tokens + min_special_tokens
min_unique_tokens_doable = (min_unique_tokens <= min_possible_pwd_len)

# Check at import time if the policy is enforceable

if min_allowed_pwd_len < min_possible_pwd_len:
    raise PolicyNotEnforceable, """
Minimal allowed password length (%s tokens) is too small in comparison
to the minimum possible password lenght (%s tokens).
"""%(str(min_allowed_pwd_len), str(min_possible_pwd_len))

if not min_unique_tokens_doable:
    raise PolicyNotEnforceable, """
Minimal amount of unique tokens (%s tokens) in password is larger than
the policys' minimum possible pwd lenght (%s tokens).
"""%(str(min_unique_tokens), str(min_possible_pwd_len))

def gen_passwd(pwd_len=min_allowed_pwd_len, strict_policy=0, seed=None):
    """
    Generates Paswords of pwd_len, that optinally strictly follows
    the Password Policy.

    if pwd_len < min_possible_len then policy cannot be enforced - if this happens,
    and strict_policy=1 it returns None.

    If pwd_len = min_possible_pwd_len then generate 4 unique tokens from vc, 1 token from
    vn and 1 token from vsc.

    if pwd_len > min_possible_pwd_len, then do as in previous step and then randomize the rest of the tokens.
    """

    # Basic and obvious input checking
    if strict_policy:
        if pwd_len < min_allowed_pwd_len:
            return None

    # Since we are generating passwords, we are nice to the poor
    # sods having to read and type them in, so we remove some
    # typcial character ambiguities. Yes, I know, this reduces the
    # Password Variation Space. See if I care - you're not the one
    # having to read the passwords or deal with complaints about that :-)
    # So, we reduce special chars
    rvs = vsc.replace(' ', '') # remove space
    rvs = rvs.replace('|', '') # remove pipe
    # reduce valid numbers
    rvn =  vn.replace('1', '') # remove nr 1
    rvn = rvn.replace('0', '') # remove zero
    # reduce valid chars
    rvc =  vc.replace('l', '') # remove lowercase L
    rvc = rvc.replace('I', '') # remove uppercase I
    rvc = rvc.replace('O', '') # remove uppercase O

    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)

    if not strict_policy:
        pl = gen.sample(rvc + rvn + rvs, pwd_len)
        return ''.join(pl)

    # We have a strict enforcement policy. Try for ten iterations, if not 
    # successfull then return None.
    rl_len = pwd_len - (min_char_tokens + min_num_tokens + min_special_tokens)
    for i in range(1,10):
        pl = gen.sample(rvc, min_char_tokens)    + \
             gen.sample(rvn, min_num_tokens)     + \
             gen.sample(rvs, min_special_tokens) + \
             gen.sample(rvc + rvn + rvs, rl_len)
        gen.shuffle(pl)
        pwd = ''.join(pl)
        err = check_passwd(pwd)
        if err == []:
            return pwd
    return None

def gen_num_passwd(pwd_len=min_allowed_pwd_len, seed=None):
    " Generates a numerical password only. No policy governs this password"
    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)
    pl = gen.sample(vn, pwd_len)
    return ''.join(pl)

def gen_char_passwd(pwd_len=min_allowed_pwd_len, seed=None):
    " Generates a password with characters only. No policy governs this password"
    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)
    pl = gen.sample(vc, pwd_len)
    return ''.join(pl)

def check_passwd(passwd):
    err = []
    pwd_len = len(passwd)
    # check length, if too short abort immediately
    # - no point in doing more checks
    if pwd_len < min_allowed_pwd_len:
        err.append('Password too short')
        return err

    # Check conditions, the naïve way
    utokens = [] # list of unique tokens, at least 4
    ctokens = [] # list of char tokens, at least 4
    ntokens = [] # list of number tokens, at least 1
    stokens = [] # list of special chars, at least 1
    nonval  = [] # list of non-valid tokens

    for c in passwd:
        isval = 0
        if c in vc:
            isval = 1
            ctokens.append(c)
        elif c in vn:
            isval = 1
            ntokens.append(c)
        elif c in vsc:
            isval = 1
            stokens.append(c)

        if not isval:
            nonval.append(c)
        elif c not in utokens:
            utokens.append(c)

    # Check for errors
    if len(nonval):
        err.append('Invalid %s tokens in passwd'%''.join(nonval))
    if len(utokens) < min_unique_tokens:
        err.append('Not at least %s unique tokens in passwd'%str(min_unique_tokens))
    if len(ctokens) < min_char_tokens:
        err.append('Not at least %s character tokens in passwd'%str(min_char_tokens))
    if len(ntokens) < min_num_tokens:
        err.append('Not at least %s number token in passwd'%str(min_num_tokens))
    if len(stokens) < min_special_tokens:
        err.append('Not at least %s special tokens in passwd'%str(min_special_tokens))

    if err:
        # We have errors - no point in doing more checks
        return err

    ## Check with cracklib
    #crk = crack()
    #try:
    #    crk.FascistCheck(passwd)
    #except ValueError, reason:
    #    err.append(reason)
    
    # Finally return err, whatever it is
    return err

def _create_generators(num, delta, firstseed=None):
    """Return list of num distinct generators.
    Each generator has its own unique segment of delta elements
    from Random.random()'s full period.
    Seed the first generator with optional arg firstseed (default
    is None, to seed from current time).
    """

    from random import Random
    g = Random(firstseed)
    result = [g]
    for i in range(num - 1):
        laststate = g.getstate()
        g = Random()
        g.setstate(laststate)
        g.jumpahead(delta)
        result.append(g)
    return result