Crypt::GeneratePassword(3pm)

1Crypt::GeneratePasswordU(s3e)r Contributed Perl DocumentaCtriyopnt::GeneratePassword(3)
2
3
4

NAME

6       Crypt::GeneratePassword - generate secure random pronounceable
7       passwords
8

SYNOPSIS

10         use Crypt::GeneratePassword qw(word chars);
11         $word = word($minlen,$maxlen);
12         $word = chars($minlen,$maxlen);
13         *Crypt::GeneratePassword::restrict = \&my_restriction_filter;
14         *Crypt::GeneratePassword::random_number = \&my_random_number_generator;
15

DESCRIPTION

17       Crypt::GeneratePassword generates random passwords that are (more or
18       less) pronounceable. Unlike Crypt::RandPasswd, it doesn't use the
19       FIPS-181 NIST standard, which is proven to be insecure. It does use a
20       similar interface, so it should be a drop-in replacement in most cases.
21
22       If you want to use passwords from a different language than english,
23       you can use one of the packaged alternate unit tables or generate your
24       own. See below for details.
25
26       For details on why FIPS-181 is insecure and why the solution used in
27       this module is reasonably secure, see "A New Attack on Random
28       Pronounceable Password Generators" by Ravi Ganesan and Chris Davies,
29       available online in may places - use your favourite search engine.
30
31       This module improves on FIPS-181 using a true random selection with the
32       word generator as mere filter. Other improvements are better
33       pronounceability using third order approximation instead of second
34       order and multi-language support.  Drawback of this method is that it
35       is usually slower. Then again, computer speed has improved a little
36       since 1977.
37

Functions

39   chars
40         $word = chars($minlen, $maxlen [, $set [, $characters, $maxcount ] ... ] );
41
42       Generatess a completely random word between $minlen and $maxlen in
43       length.  If $set is given, it must be an array ref of characters to
44       use. You can restrict occurrence of some characters by providing
45       ($characters, $maxcount) pairs, as many as you like. $characters must
46       be a string consisting of those characters which may appear at most
47       $maxcount times in the word.
48
49       Note that the length is determined via relative probability, not
50       uniformly.
51
52   word
53         $word = word($minlen, $maxlen [, $lang [, $signs [, $caps [, $minfreq, $avgfreq ] ] ] );
54         $word = word3($minlen, $maxlen [, $lang [, $signs [, $caps [, $minfreq, $avgfreq ] ] ] );
55
56       Generates a random pronounceable word. The length of the returned word
57       will be between $minlen and $maxlen. If you supply a non-zero value for
58       $numbers, up to that many numbers and special characters will occur in
59       the password. If you specify a non-zero value for $caps, up to this
60       many characters will be upper case. $lang is the language description
61       to use, loaded via load_language or built-in. Built-in languages are:
62       'en' (english) and 'de' (german). Contributions welcome. The default
63       language is 'en' but may be changed by calling load_language with a
64       true value as third parameter. Pass undef as language to select the
65       current default language. $minfreq and $minsum determine quality of the
66       password: $minfreq and $avgfreq are the minimum frequency each
67       quad/trigram must have and the average frequency that the quad/trigrams
68       must have for a word to be selected. Both are values between 0.0 and
69       1.0, specifying the percentage of the maximum frequency. Higher values
70       create less secure, better pronounceable passwords and are slower.
71       Useful $minfreq values are usually between 0.001 and 0.0001, useful
72       $avgfreq values are around 0.05 for trigrams (word3) and 0.001 for
73       quadgrams (word).
74
75   analyze
76         $ratio = analyze($count,@word_params);
77         $ratio = analyze3($count,@word_params);
78
79       Returns a statistical(!) security ratio to measure password quality.
80       $ratio is the ratio of passwords chosen among all possible ones, e.g. a
81       ratio of 0.0149 means 1.49% of the theoretical password space was
82       actually considered a pronounceable password. Since this analysis is
83       only statistical, it proves absolutely nothing if you are deeply
84       concerned about security - but in that case you should use chars(), not
85       word() anyways. In reality, it says a lot about your chosen parameters
86       if you use large values for $count.
87
88   generate_language
89         $language_description = generate_language($wordlist);
90
91       Generates a language description which can be saved in a file and/or
92       loaded with load_language. $wordlist can be a string containing
93       whitespace separated words, an array ref containing one word per
94       element or a file handle or name to read words from, one word per
95       line7.  Alternatively, you may pass an array directly, not as
96       reference.  A language description is about 1MB in size.
97
98       If you generate a general-purpose language description for a language
99       not yet built-in, feel free to contribute it for inclusion into this
100       package.
101
102   load_language
103         load_language($language_description, $name [, $default]);
104
105       Loads a language description which is then available in words().
106       $language_desription is a string returned by generate_language, $name
107       is a name of your choice which is used to select this language as the
108       fifth parameter of words(). You should use the well-known ISO two
109       letter language codes if possible, for best interoperability.
110
111       If you specify $default with a true value, this language will be made
112       global default language. If you give undef as $language_description,
113       only the default language will be changed.
114
115   random_number
116         $number = random_number($limit);
117
118       Returns a random integer between 0 (inclusive) and $limit (exclusive).
119       Change this to a function of your choice by doing something like this:
120
121           {
122             local $^W; # squelch sub redef warning.
123             *Crypt::GeneratePassword::random_number = \&my_rng;
124           }
125
126       The default implementation uses perl's rand(), which might not be
127       appropriate for some sites.
128
129   restrict
130         $forbidden = restrict($word,$language);
131
132       Filters undesirable words. Returns false if the $word is allowed in
133       language $lang, false otherwise. Change this to a function of your
134       choice by doing something like this:
135
136           {
137             local $^W; # squelch sub redef warning.
138             *Crypt::GeneratePassword::restrict = \&my_filter;
139           }
140
141       The default implementation scans for a few letter sequences that
142       english or german people might find offending, mostly because of their
143       sexual nature. You might want to hook up a regular password checker
144       here, or a wordlist comparison.
145

VERSION

147       This document describes version 0.03
148

AUTHOR

150       Copyright 2002 by Joerg Walter <jwalt@cpan.org>, inspired by ideas from
151       Tom Van Vleck and Morris Gasser/FIPS-181.
152

COPYRIGHT

154       This perl module is free software; it may be redistributed and/or
155       modified under the same terms as Perl itself.
156