If you're a system administrator or Web developer, you probably already know that weak user passwords count as one of the biggest network security risks. Weak passwords—for example, the user's name or date of birth—are commonly "cracked" by sophisticated password sniffing tools, making it easy for unauthorized users to gain back-door entry into servers. That's why many administrators routinely check user passwords to ensure that they're secure enough to stand up to an attack. Depending on the level of security needed, some administrators go one step further: they generate and assign user passwords themselves.
However, generating passwords for users automatically is tricky—the password must be easy enough to remember, yet not so simple that it can be easily broken. There are many algorithms available on the Internet to help you generate a secure, pronounceable password; however, if you're on deadline or don't have any development experience, it may not always be possible for you to implement these solutions.
However, there is a solution at hand. CPAN contains many modules for automatic password generation, allowing you to easily add this capability to your application. These modules are sophisticated tools—you can customize the length of the password, the characters permitted in it, the "pronounceability" of the end result, and other attributes. Two of the more interesting modules in this category are discussed below.
The String::MkPasswd module
The String::MkPasswd module provides a simple API to generate random, unpronounceable passwords. To use it in Perl, follow the steps below:
1. Install the module
The simplest way to install String::MkPasswd is with the CPAN shell, as follows:shell> perl -MCPAN -e shell
cpan> install String::MkPasswd
If you use the CPAN shell, dependencies will be automatically downloaded for you.
Alternatively, download the module. Once you've extracted the files in the download archive to a temporary directory, run this sequence of commands:shell> perl Makefile.PL
shell> make install
If Perl finds missing dependencies, it will abort the process with an error; you should then install the missing files and try again. If all required files are in place, the commands above will compile and install the module to your Perl modules directory.
2. Decide password attributes
Before writing any code, you must decide some important password attributes. String::MkPasswd lets you control:
- the length of the password;
- the number of numerals;
- the number of upper- and lower-case characters;
- the number of special punctuation characters;
In most cases, you will want a password is between 8 and 15 characters long, with a judicious number of digits and special characters mixed in with traditional alphabetic characters. Remember, the more random the password is, the harder it is to break!
3. Generate the password
Once you've decided what your password should look like, generate it by calling the String::MkPasswd module's mkpasswd() function, as shown in Listing A.
# import module
# print custom password
print mkpasswd(-length => 13, -minnum => 4, -minlower => 4, -minupper => 2, -minspecial => 3);
In this case, the password generated will be 13 characters long, containing 4 numbers, 4 lower-case characters, 2 upper-case characters and 3 punctuation characters. Here's an example of the output:w)d9V;7kz64&Y
Each time you call mkpasswd(), you will get a different result. So, if you have a large number of passwords to generate, you can simply place the call to mkpasswd() in a loop and process the result of each run.
Tip: If all this seems like too much trouble, you can also call mkpasswd() without any parameters for a default 9-character password.
The Crypt::RandPasswd module
The String::MkPasswd module creates secure, but not very easy-to-remember, passwords. If you'd prefer to create passwords that are pronounceable and hence easy to remember, consider using the Crypt::RandPasswd module instead. This module is an implementation of the Automated Password Generator, and you can use it as described below:
1. Install the module
You can install Crypt::RandPasswd with the CPAN shell, as follows:shell> perl -MCPAN -e shell
cpan> install Crypt::RandPasswd
Alternatively, you can download the module, and install it using the following commands:shell> perl Makefile.PL
shell> make install
2. Generate the password
The Crypt::RandPasswd module comes with a word() function, which generates a pronounceable random password. Listing B shows an example of how to use it.
# use module
# generate password
$word = Crypt::RandPasswd->word(5, 10);
The word() function accepts two arguments: lower and upper limits for the password length. Here's an example of its output:ijantyoph
Tip: You can create a password consisting of a series of random alphabetic characters, by calling the letters() method instead of the words() method.
Using either of these two modules for your user passwords will improve the security of your networked system...so what are you waiting for?