Welcome, guest | Sign In | My Account | Store | Cart

Yet another password generator module. This module contains utility functions for both generating and checking passwords in accordance to a (policy).

Default Password Properties Policy:

  • Minimum Password lenght is 8 tokens
  • At least four unique tokens
  • At least four character tokens
  • At least one number token
  • At least one special character token
Python, 237 lines
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# -*- coding: iso-8859-1 -*-

#Copyright (C) 2004-2007 Dario Lopez-Kästen
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of the GNU General Public License
#as published by the Free Software Foundation; either version 2
#of the License, or (at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
#

"""
This module contains utility functions for
generating and checking passwords.

Default Password Properties Policy:
  - Minimum Password lenght is 8 tokens
  - At least four unique tokens
  - At least four character tokens
  - At least one number token
  - At least one special character token

NOTE: Crack check not implemented yet.

Provides access to Cracklib checking, IFF cracklib
is available as a python imported module. The
implementation of a Python Interface to Cracklib is left
as an excersise to the astute reader.

Adapted for future use of python-crack 0.5 by
#  Domenico Andreoli <cavok@filibusta.crema.unimi.it>
#  Web site at http://www.nongnu.org/python-crack/
# requires Cracklib 2.7
#  http://www.crypticide.com/users/alecm/

Only accepts/generates US-ASCII 7-bit tokens.
"""
import exceptions

##try:
##    import crack
from time import time

class PolicyNotEnforceable (exceptions.Exception):
    pass

# Our valid Token Set
vc  ='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
vn  = '0123456789'
vsc = ' !"#$%&''()*+,-./:;<=>?@[\]^_`{|}~'

# Our Password Policy Business Logic
min_unique_tokens    = 4
min_char_tokens      = 4
min_num_tokens       = 1
min_special_tokens   = 1
min_allowed_pwd_len  = 8

min_possible_pwd_len = min_char_tokens + min_num_tokens + min_special_tokens
min_unique_tokens_doable = (min_unique_tokens <= min_possible_pwd_len)

# Check at import time if the policy is enforceable

if min_allowed_pwd_len < min_possible_pwd_len:
    raise PolicyNotEnforceable, """
Minimal allowed password length (%s tokens) is too small in comparison
to the minimum possible password lenght (%s tokens).
"""%(str(min_allowed_pwd_len), str(min_possible_pwd_len))

if not min_unique_tokens_doable:
    raise PolicyNotEnforceable, """
Minimal amount of unique tokens (%s tokens) in password is larger than
the policys' minimum possible pwd lenght (%s tokens).
"""%(str(min_unique_tokens), str(min_possible_pwd_len))

def gen_passwd(pwd_len=min_allowed_pwd_len, strict_policy=0, seed=None):
    """
    Generates Paswords of pwd_len, that optinally strictly follows
    the Password Policy.

    if pwd_len < min_possible_len then policy cannot be enforced - if this happens,
    and strict_policy=1 it returns None.

    If pwd_len = min_possible_pwd_len then generate 4 unique tokens from vc, 1 token from
    vn and 1 token from vsc.

    if pwd_len > min_possible_pwd_len, then do as in previous step and then randomize the rest of the tokens.
    """

    # Basic and obvious input checking
    if strict_policy:
        if pwd_len < min_allowed_pwd_len:
            return None

    # Since we are generating passwords, we are nice to the poor
    # sods having to read and type them in, so we remove some
    # typcial character ambiguities. Yes, I know, this reduces the
    # Password Variation Space. See if I care - you're not the one
    # having to read the passwords or deal with complaints about that :-)
    # So, we reduce special chars
    rvs = vsc.replace(' ', '') # remove space
    rvs = rvs.replace('|', '') # remove pipe
    # reduce valid numbers
    rvn =  vn.replace('1', '') # remove nr 1
    rvn = rvn.replace('0', '') # remove zero
    # reduce valid chars
    rvc =  vc.replace('l', '') # remove lowercase L
    rvc = rvc.replace('I', '') # remove uppercase I
    rvc = rvc.replace('O', '') # remove uppercase O

    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)

    if not strict_policy:
        pl = gen.sample(rvc + rvn + rvs, pwd_len)
        return ''.join(pl)

    # We have a strict enforcement policy. Try for ten iterations, if not 
    # successfull then return None.
    rl_len = pwd_len - (min_char_tokens + min_num_tokens + min_special_tokens)
    for i in range(1,10):
        pl = gen.sample(rvc, min_char_tokens)    + \
             gen.sample(rvn, min_num_tokens)     + \
             gen.sample(rvs, min_special_tokens) + \
             gen.sample(rvc + rvn + rvs, rl_len)
        gen.shuffle(pl)
        pwd = ''.join(pl)
        err = check_passwd(pwd)
        if err == []:
            return pwd
    return None

def gen_num_passwd(pwd_len=min_allowed_pwd_len, seed=None):
    " Generates a numerical password only. No policy governs this password"
    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)
    pl = gen.sample(vn, pwd_len)
    return ''.join(pl)

def gen_char_passwd(pwd_len=min_allowed_pwd_len, seed=None):
    " Generates a password with characters only. No policy governs this password"
    from random import Random
    if seed is None:
        seed = time() * time()
    gen = Random(seed)
    pl = gen.sample(vc, pwd_len)
    return ''.join(pl)

def check_passwd(passwd):
    err = []
    pwd_len = len(passwd)
    # check length, if too short abort immediately
    # - no point in doing more checks
    if pwd_len < min_allowed_pwd_len:
        err.append('Password too short')
        return err

    # Check conditions, the naïve way
    utokens = [] # list of unique tokens, at least 4
    ctokens = [] # list of char tokens, at least 4
    ntokens = [] # list of number tokens, at least 1
    stokens = [] # list of special chars, at least 1
    nonval  = [] # list of non-valid tokens

    for c in passwd:
        isval = 0
        if c in vc:
            isval = 1
            ctokens.append(c)
        elif c in vn:
            isval = 1
            ntokens.append(c)
        elif c in vsc:
            isval = 1
            stokens.append(c)

        if not isval:
            nonval.append(c)
        elif c not in utokens:
            utokens.append(c)

    # Check for errors
    if len(nonval):
        err.append('Invalid %s tokens in passwd'%''.join(nonval))
    if len(utokens) < min_unique_tokens:
        err.append('Not at least %s unique tokens in passwd'%str(min_unique_tokens))
    if len(ctokens) < min_char_tokens:
        err.append('Not at least %s character tokens in passwd'%str(min_char_tokens))
    if len(ntokens) < min_num_tokens:
        err.append('Not at least %s number token in passwd'%str(min_num_tokens))
    if len(stokens) < min_special_tokens:
        err.append('Not at least %s special tokens in passwd'%str(min_special_tokens))

    if err:
        # We have errors - no point in doing more checks
        return err

    ## Check with cracklib
    #crk = crack()
    #try:
    #    crk.FascistCheck(passwd)
    #except ValueError, reason:
    #    err.append(reason)
    
    # Finally return err, whatever it is
    return err

def _create_generators(num, delta, firstseed=None):
    """Return list of num distinct generators.
    Each generator has its own unique segment of delta elements
    from Random.random()'s full period.
    Seed the first generator with optional arg firstseed (default
    is None, to seed from current time).
    """

    from random import Random
    g = Random(firstseed)
    result = [g]
    for i in range(num - 1):
        laststate = g.getstate()
        g = Random()
        g.setstate(laststate)
        g.jumpahead(delta)
        result.append(g)
    return result

Passwords can be generated as adhering to the policy or not and it is possible to generate numbers-only passwords and char-only passwords.

Passwords adhering to the policy are checked before they are released.

At most 10 attempts to generate a password is done, before failing.

There is a hook for implementing a check against crack, if such a module is compiled. The comments contain a link to a python crack module that may be used.

Created by Dario Lopez-Kästen on Mon, 10 Nov 2008 (MIT)
Python recipes (4591)
Dario Lopez-Kästen's recipes (1)

Required Modules

  • (none specified)

Other Information and Tasks