# -*- coding: iso-8859-1 -*-
#Copyright (C) 2004-2007 Dario Lopez-Kästen
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of the GNU General Public License
#as published by the Free Software Foundation; either version 2
#of the License, or (at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
#
"""
This module contains utility functions for
generating and checking passwords.
Default Password Properties Policy:
- Minimum Password lenght is 8 tokens
- At least four unique tokens
- At least four character tokens
- At least one number token
- At least one special character token
NOTE: Crack check not implemented yet.
Provides access to Cracklib checking, IFF cracklib
is available as a python imported module. The
implementation of a Python Interface to Cracklib is left
as an excersise to the astute reader.
Adapted for future use of python-crack 0.5 by
# Domenico Andreoli <cavok@filibusta.crema.unimi.it>
# Web site at http://www.nongnu.org/python-crack/
# requires Cracklib 2.7
# http://www.crypticide.com/users/alecm/
Only accepts/generates US-ASCII 7-bit tokens.
"""
import exceptions
##try:
## import crack
from time import time
class PolicyNotEnforceable (exceptions.Exception):
pass
# Our valid Token Set
vc ='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
vn = '0123456789'
vsc = ' !"#$%&''()*+,-./:;<=>?@[\]^_`{|}~'
# Our Password Policy Business Logic
min_unique_tokens = 4
min_char_tokens = 4
min_num_tokens = 1
min_special_tokens = 1
min_allowed_pwd_len = 8
min_possible_pwd_len = min_char_tokens + min_num_tokens + min_special_tokens
min_unique_tokens_doable = (min_unique_tokens <= min_possible_pwd_len)
# Check at import time if the policy is enforceable
if min_allowed_pwd_len < min_possible_pwd_len:
raise PolicyNotEnforceable, """
Minimal allowed password length (%s tokens) is too small in comparison
to the minimum possible password lenght (%s tokens).
"""%(str(min_allowed_pwd_len), str(min_possible_pwd_len))
if not min_unique_tokens_doable:
raise PolicyNotEnforceable, """
Minimal amount of unique tokens (%s tokens) in password is larger than
the policys' minimum possible pwd lenght (%s tokens).
"""%(str(min_unique_tokens), str(min_possible_pwd_len))
def gen_passwd(pwd_len=min_allowed_pwd_len, strict_policy=0, seed=None):
"""
Generates Paswords of pwd_len, that optinally strictly follows
the Password Policy.
if pwd_len < min_possible_len then policy cannot be enforced - if this happens,
and strict_policy=1 it returns None.
If pwd_len = min_possible_pwd_len then generate 4 unique tokens from vc, 1 token from
vn and 1 token from vsc.
if pwd_len > min_possible_pwd_len, then do as in previous step and then randomize the rest of the tokens.
"""
# Basic and obvious input checking
if strict_policy:
if pwd_len < min_allowed_pwd_len:
return None
# Since we are generating passwords, we are nice to the poor
# sods having to read and type them in, so we remove some
# typcial character ambiguities. Yes, I know, this reduces the
# Password Variation Space. See if I care - you're not the one
# having to read the passwords or deal with complaints about that :-)
# So, we reduce special chars
rvs = vsc.replace(' ', '') # remove space
rvs = rvs.replace('|', '') # remove pipe
# reduce valid numbers
rvn = vn.replace('1', '') # remove nr 1
rvn = rvn.replace('0', '') # remove zero
# reduce valid chars
rvc = vc.replace('l', '') # remove lowercase L
rvc = rvc.replace('I', '') # remove uppercase I
rvc = rvc.replace('O', '') # remove uppercase O
from random import Random
if seed is None:
seed = time() * time()
gen = Random(seed)
if not strict_policy:
pl = gen.sample(rvc + rvn + rvs, pwd_len)
return ''.join(pl)
# We have a strict enforcement policy. Try for ten iterations, if not
# successfull then return None.
rl_len = pwd_len - (min_char_tokens + min_num_tokens + min_special_tokens)
for i in range(1,10):
pl = gen.sample(rvc, min_char_tokens) + \
gen.sample(rvn, min_num_tokens) + \
gen.sample(rvs, min_special_tokens) + \
gen.sample(rvc + rvn + rvs, rl_len)
gen.shuffle(pl)
pwd = ''.join(pl)
err = check_passwd(pwd)
if err == []:
return pwd
return None
def gen_num_passwd(pwd_len=min_allowed_pwd_len, seed=None):
" Generates a numerical password only. No policy governs this password"
from random import Random
if seed is None:
seed = time() * time()
gen = Random(seed)
pl = gen.sample(vn, pwd_len)
return ''.join(pl)
def gen_char_passwd(pwd_len=min_allowed_pwd_len, seed=None):
" Generates a password with characters only. No policy governs this password"
from random import Random
if seed is None:
seed = time() * time()
gen = Random(seed)
pl = gen.sample(vc, pwd_len)
return ''.join(pl)
def check_passwd(passwd):
err = []
pwd_len = len(passwd)
# check length, if too short abort immediately
# - no point in doing more checks
if pwd_len < min_allowed_pwd_len:
err.append('Password too short')
return err
# Check conditions, the naïve way
utokens = [] # list of unique tokens, at least 4
ctokens = [] # list of char tokens, at least 4
ntokens = [] # list of number tokens, at least 1
stokens = [] # list of special chars, at least 1
nonval = [] # list of non-valid tokens
for c in passwd:
isval = 0
if c in vc:
isval = 1
ctokens.append(c)
elif c in vn:
isval = 1
ntokens.append(c)
elif c in vsc:
isval = 1
stokens.append(c)
if not isval:
nonval.append(c)
elif c not in utokens:
utokens.append(c)
# Check for errors
if len(nonval):
err.append('Invalid %s tokens in passwd'%''.join(nonval))
if len(utokens) < min_unique_tokens:
err.append('Not at least %s unique tokens in passwd'%str(min_unique_tokens))
if len(ctokens) < min_char_tokens:
err.append('Not at least %s character tokens in passwd'%str(min_char_tokens))
if len(ntokens) < min_num_tokens:
err.append('Not at least %s number token in passwd'%str(min_num_tokens))
if len(stokens) < min_special_tokens:
err.append('Not at least %s special tokens in passwd'%str(min_special_tokens))
if err:
# We have errors - no point in doing more checks
return err
## Check with cracklib
#crk = crack()
#try:
# crk.FascistCheck(passwd)
#except ValueError, reason:
# err.append(reason)
# Finally return err, whatever it is
return err
def _create_generators(num, delta, firstseed=None):
"""Return list of num distinct generators.
Each generator has its own unique segment of delta elements
from Random.random()'s full period.
Seed the first generator with optional arg firstseed (default
is None, to seed from current time).
"""
from random import Random
g = Random(firstseed)
result = [g]
for i in range(num - 1):
laststate = g.getstate()
g = Random()
g.setstate(laststate)
g.jumpahead(delta)
result.append(g)
return result
