1Crypt::GeneratePasswordU(s3e)r Contributed Perl DocumentaCtriyopnt::GeneratePassword(3)
2
3
4
6 Crypt::GeneratePassword - generate secure random pronounceable
7 passwords
8
10 use Crypt::GeneratePassword qw(word chars);
11 $word = word($minlen,$maxlen);
12 $word = chars($minlen,$maxlen);
13 *Crypt::GeneratePassword::restrict = \&my_restriction_filter;
14 *Crypt::GeneratePassword::random_number = \&my_random_number_generator;
15
17 Crypt::GeneratePassword generates random passwords that are (more or
18 less) pronounceable. Unlike Crypt::RandPasswd, it doesn't use the
19 FIPS-181 NIST standard, which is proven to be insecure. It does use a
20 similar interface, so it should be a drop-in replacement in most cases.
21
22 If you want to use passwords from a different language than english,
23 you can use one of the packaged alternate unit tables or generate your
24 own. See below for details.
25
26 For details on why FIPS-181 is insecure and why the solution used in
27 this module is reasonably secure, see "A New Attack on Random
28 Pronounceable Password Generators" by Ravi Ganesan and Chris Davies,
29 available online in may places - use your favourite search engine.
30
31 This module improves on FIPS-181 using a true random selection with the
32 word generator as mere filter. Other improvements are better
33 pronounceability using third order approximation instead of second
34 order and multi-language support. Drawback of this method is that it
35 is usually slower. Then again, computer speed has improved a little
36 since 1977.
37
39 chars
40 $word = chars($minlen, $maxlen [, $set [, $characters, $maxcount ] ... ] );
41
42 Generates a completely random word between $minlen and $maxlen in
43 length. If $set is given, it must be an array ref of characters to
44 use. You can restrict occurrence of some characters by providing
45 ($characters, $maxcount) pairs, as many as you like. $characters must
46 be a string consisting of those characters which may appear at most
47 $maxcount times in the word.
48
49 Note that the length is determined via relative probability, not
50 uniformly.
51
52 word
53 $word = word($minlen, $maxlen [, $lang [, $numbers [, $caps [, $minfreq, $avgfreq ] ] ] );
54 $word = word3($minlen, $maxlen [, $lang [, $numbers [, $caps [, $minfreq, $avgfreq ] ] ] );
55
56 Generates a random pronounceable word. The length of the returned word
57 will be between $minlen and $maxlen. If you supply a non-zero value for
58 $numbers, up to that many numbers and special characters will occur in
59 the password. If you specify a non-zero value for $caps, up to this
60 many characters will be upper case. $lang is the language description
61 to use, loaded via load_language or built-in. Built-in languages are:
62 'en' (english) and 'de' (german). Contributions welcome. The default
63 language is 'en' but may be changed by calling load_language with a
64 true value as third parameter. Pass undef as language to select the
65 current default language. $minfreq and $minsum determine quality of the
66 password: $minfreq and $avgfreq are the minimum frequency each
67 quad/trigram must have and the average frequency that the quad/trigrams
68 must have for a word to be selected. Both are values between 0.0 and
69 1.0, specifying the percentage of the maximum frequency. Higher values
70 create less secure, better pronounceable passwords and are slower.
71 Useful $minfreq values are usually between 0.001 and 0.0001, useful
72 $avgfreq values are around 0.05 for trigrams (word3) and 0.001 for
73 quadgrams (word).
74
75 analyze
76 $ratio = analyze($count,@word_params);
77 $ratio = analyze3($count,@word_params);
78
79 Returns a statistical(!) security ratio to measure password quality.
80 $ratio is the ratio of passwords chosen among all possible ones, e.g. a
81 ratio of 0.0149 means 1.49% of the theoretical password space was
82 actually considered a pronounceable password. Since this analysis is
83 only statistical, it proves absolutely nothing if you are deeply
84 concerned about security - but in that case you should use chars(), not
85 word() anyways. In reality, it says a lot about your chosen parameters
86 if you use large values for $count.
87
88 generate_language
89 $language_description = generate_language($wordlist);
90
91 Generates a language description which can be saved in a file and/or
92 loaded with load_language. $wordlist can be a string containing
93 whitespace separated words, an array ref containing one word per
94 element or a file handle or name to read words from, one word per
95 line7. Alternatively, you may pass an array directly, not as
96 reference. A language description is about 1MB in size.
97
98 If you generate a general-purpose language description for a language
99 not yet built-in, feel free to contribute it for inclusion into this
100 package.
101
102 load_language
103 load_language($language_description, $name [, $default]);
104
105 Loads a language description which is then available in words().
106 $language_description is a string returned by generate_language, $name
107 is a name of your choice which is used to select this language as the
108 fifth parameter of words(). You should use the well-known ISO two
109 letter language codes if possible, for best interoperability.
110
111 If you specify $default with a true value, this language will be made
112 global default language. If you give undef as $language_description,
113 only the default language will be changed.
114
115 random_number
116 $number = random_number($limit);
117
118 Returns a random integer between 0 (inclusive) and $limit (exclusive).
119 Change this to a function of your choice by doing something like this:
120
121 sub my_rng ($) {
122 ...
123 }
124
125 {
126 # suppress warning about function being redefined
127 no warnings 'redefine';
128 *Crypt::GeneratePassword::random_number = \&my_rng;
129 }
130
131 The default implementation uses perl's rand(), which might not be
132 appropriate for some sites.
133
134 restrict
135 $forbidden = restrict($word,$language);
136
137 Filters undesirable words. Returns false if the $word is allowed in
138 language $lang, false otherwise. Change this to a function of your
139 choice by doing something like this:
140
141 sub my_filter ($$) {
142 ...
143 }
144
145 {
146 no warnings 'redefine';
147 *Crypt::GeneratePassword::restrict = \&my_filter;
148 }
149
150 The default implementation scans for a few letter sequences that
151 english or german people might find offending, mostly because of their
152 sexual nature. You might want to hook up a regular password checker
153 here, or a wordlist comparison.
154
156 Crypt::RandPasswd
157
159 <https://github.com/neilb/Crypt-GeneratePassword>
160
162 Copyright 2002 by Jörg Walter <jwalt@cpan.org>, inspired by ideas from
163 Tom Van Vleck and Morris Gasser/FIPS-181.
164
165 Now maintained by Neil Bowers <neilb@cpan.org>
166
168 This perl module is free software; it may be redistributed and/or
169 modified under the same terms as Perl itself.
170
171
172
173perl v5.28.0 2015-11-14 Crypt::GeneratePassword(3)