On Mon, 29 Jan 2007 16:24:18 +0100, Laszlo Nagy wrote: > NoName írta: >> Hmmm.. >> In the Perl example password generates after user hit ENTER not >> continously like in Python you wrote... :) >> >> i want see various ways to generate passwords even if they some >> indirect like using BASE64 >> > I copied this from a recipe, I do not remember which one. I like it very > much because it creates password that are easy to type in. You can type > every odd letter with your left hand and every even letter with your > right hand.
That weakens the password significantly. For a six character alpha-numeric password with no special characters, you have (26*2+10)**6 possible passwords, or 56,800,235,584. Using your password generator, you have: >>> righthand = '23456qwertasdfgzxcvbQWERTASDFGZXCVB' >>> lefthand = '789yuiophjknmYUIPHJKLNM' >>> len(righthand) 35 >>> len(lefthand) 23 and therefore only: 35*23*35*23*35*23 = (35*23)**3 = 521,660,125 possible passwords. That's about one percent of the earlier figure, so you lose about 99% of the strength of the password. For eight character passwords the difference is even more dramatic: you reduce the strength of the password by a factor of roughly 99,999,995/100,000,000. In my opinion, if you're going to accept such a drastic reduction in password strength, better to go for a password that is easier to memorise than a hard-to-memorise-but-easy-to-type weak password. Here's one such algorithm: * think of a meaningful phrase you won't forget: e.g. "Snow White and the Seven Dwarves" * take the first letter of each word: "swatsd" * mix up the capitals and make it leet: "5Wat7D" * add some special characters if you can: "5W&t7D" * if it is not long enough, add a suffix or prefix or both: "p5W&t7D." And now you have a strong password that you can remember but is unlikely to be guessed. -- Steven D'Aprano -- http://mail.python.org/mailman/listinfo/python-list