If you’re a system administrator or Web developer, you
probably already know that weak user passwords count as one of the biggest network
security risks. Weak passwords—for example, the user’s name or date of
birth—are commonly “cracked” by sophisticated password sniffing
tools, making it easy for unauthorized users to gain back-door entry into
servers. That’s why many administrators
routinely check user passwords to ensure that they’re secure enough to stand up
to an attack. Depending on the level of security needed, some administrators go
one step further: they generate and assign user passwords themselves.

However, generating passwords for users automatically is
tricky—the password must be easy enough to remember, yet not so simple that it
can be easily broken. There are many algorithms available on the Internet to
help you generate a secure, pronounceable password; however, if you’re on
deadline or don’t have any development experience, it may not always be
possible for you to implement these solutions.

However, there is a solution at hand. CPAN contains many modules for
automatic password generation, allowing you to easily add this capability to
your application. These modules are sophisticated tools—you can customize the
length of the password, the characters permitted in it, the “pronounceability
of the end result, and other attributes. Two of the more interesting modules in
this category are discussed below.

The String::MkPasswd module

The String::MkPasswd
module provides a simple API to generate random, unpronounceable passwords. To
use it in Perl, follow the steps below:

1. Install the module

The simplest way to install String::MkPasswd is with the CPAN
shell, as follows:

shell> perl -MCPAN -e shell
cpan> install String::MkPasswd

If you use the CPAN shell, dependencies will be
automatically downloaded for you.

Alternatively, download the module. Once you’ve extracted the files in the download
archive to a temporary directory, run this sequence of commands:

shell> perl Makefile.PL
shell> make
shell> make install

If Perl finds missing dependencies, it will abort the
process with an error; you should then install the missing files and try again.
If all required files are in place, the commands above will compile and install
the module to your Perl modules directory.

2. Decide password attributes

Before writing any code, you must decide some important
password attributes. String::MkPasswd
lets you control:

  • the length of the password;
  • the number of numerals;
  • the number of upper- and
    lower-case characters;
  • the number of special punctuation
    characters;

In most cases, you will want a password is between 8 and 15
characters long, with a judicious number of digits and special characters mixed
in with traditional alphabetic characters. Remember, the more random the
password is, the harder it is to break!

3. Generate the password

Once you’ve decided what your password should look like,
generate it by calling the String::MkPasswd module’s mkpasswd() function, as shown in Listing A.

Listing A

#!/bin/perl

# import module
use String::MkPasswdqw(mkpasswd);

# print custom password
print mkpasswd(-length => 13, -minnum => 4, -minlower => 4, -minupper => 2, -minspecial => 3);

In this case, the password generated will be 13 characters
long, containing 4 numbers, 4 lower-case characters, 2 upper-case characters
and 3 punctuation characters. Here’s an example of the output:

w)d9V;7kz64&Y

Each time you call mkpasswd(), you will get a different
result. So, if you have a large number of passwords to generate, you can simply
place the call to mkpasswd() in a loop and process the result
of each run.

Tip: If all this seems like too much
trouble, you can also call mkpasswd() without any parameters for a default 9-character password.

The Crypt::RandPasswd module

The String::MkPasswd
module creates secure, but not very easy-to-remember, passwords. If you’d
prefer to create passwords that are pronounceable and hence easy to remember,
consider using the Crypt::RandPasswd
module instead. This module is an implementation of the Automated Password
Generator, and you can use it as described below:

1. Install the module

You can install Crypt::RandPasswd with the CPAN shell, as follows:

shell> perl -MCPAN -e shell
cpan> install Crypt::RandPasswd

Alternatively, you can download the module, and install it using the following commands:

shell> perl Makefile.PL
shell> make
shell> make install

2. Generate the password

The Crypt::RandPasswd
module comes with a word() function, which generates a
pronounceable random password. Listing B
shows an example of how to use it.

Listing B

#!/bin/perl

# use module
use Crypt::RandPasswd;

# generate password
$word = Crypt::RandPasswd->word(5, 10);
print $word;

The word() function accepts two arguments:
lower and upper limits for the password length. Here’s an example of its
output:

ijantyoph

Tip: You can create a password consisting
of a series of random alphabetic characters, by calling the letters()
method instead of the words() method.

Using either of these two modules for your user passwords
will improve the security of your networked system…so what are you waiting
for?