1Crypt::GeneratePasswordU(s3e)r Contributed Perl DocumentaCtriyopnt::GeneratePassword(3)
2
3
4

NAME

6       Crypt::GeneratePassword - generate secure random pronounceable
7       passwords
8

SYNOPSIS

10         use Crypt::GeneratePassword qw(word chars);
11         $word = word($minlen,$maxlen);
12         $word = chars($minlen,$maxlen);
13         *Crypt::GeneratePassword::restrict = \&my_restriction_filter;
14         *Crypt::GeneratePassword::random_number = \&my_random_number_generator;
15

DESCRIPTION

17       Crypt::GeneratePassword generates random passwords that are (more or
18       less) pronounceable. Unlike Crypt::RandPasswd, it doesn't use the
19       FIPS-181 NIST standard, which is proven to be insecure. It does use a
20       similar interface, so it should be a drop-in replacement in most cases.
21
22       If you want to use passwords from a different language than english,
23       you can use one of the packaged alternate unit tables or generate your
24       own. See below for details.
25
26       For details on why FIPS-181 is insecure and why the solution used in
27       this module is reasonably secure, see "A New Attack on Random
28       Pronounceable Password Generators" by Ravi Ganesan and Chris Davies,
29       available online in may places - use your favourite search engine.
30
31       This module improves on FIPS-181 using a true random selection with the
32       word generator as mere filter. Other improvements are better
33       pronounceability using third order approximation instead of second
34       order and multi-language support.  Drawback of this method is that it
35       is usually slower. Then again, computer speed has improved a little
36       since 1977.
37

Functions

39   chars
40         $word = chars($minlen, $maxlen [, $set [, $characters, $maxcount ] ... ] );
41
42       Generates a completely random word between $minlen and $maxlen in
43       length.  If $set is given, it must be an array ref of characters to
44       use. You can restrict occurrence of some characters by providing
45       ($characters, $maxcount) pairs, as many as you like. $characters must
46       be a string consisting of those characters which may appear at most
47       $maxcount times in the word.
48
49       Note that the length is determined via relative probability, not
50       uniformly.
51
52   word
53         $word = word($minlen, $maxlen [, $lang [, $numbers [, $caps [, $minfreq, $avgfreq ] ] ] );
54         $word = word3($minlen, $maxlen [, $lang [, $numbers [, $caps [, $minfreq, $avgfreq ] ] ] );
55
56       Generates a random pronounceable word. The length of the returned word
57       will be between $minlen and $maxlen. If you supply a non-zero value for
58       $numbers, up to that many numbers and special characters will occur in
59       the password. If you specify a non-zero value for $caps, up to this
60       many characters will be upper case. $lang is the language description
61       to use, loaded via load_language or built-in. Built-in languages are:
62       'en' (english) and 'de' (german). Contributions welcome. The default
63       language is 'en' but may be changed by calling load_language with a
64       true value as third parameter. Pass undef as language to select the
65       current default language. $minfreq and $minsum determine quality of the
66       password: $minfreq and $avgfreq are the minimum frequency each
67       quad/trigram must have and the average frequency that the quad/trigrams
68       must have for a word to be selected. Both are values between 0.0 and
69       1.0, specifying the percentage of the maximum frequency. Higher values
70       create less secure, better pronounceable passwords and are slower.
71       Useful $minfreq values are usually between 0.001 and 0.0001, useful
72       $avgfreq values are around 0.05 for trigrams (word3) and 0.001 for
73       quadgrams (word).
74
75   analyze
76         $ratio = analyze($count,@word_params);
77         $ratio = analyze3($count,@word_params);
78
79       Returns a statistical(!) security ratio to measure password quality.
80       $ratio is the ratio of passwords chosen among all possible ones, e.g. a
81       ratio of 0.0149 means 1.49% of the theoretical password space was
82       actually considered a pronounceable password. Since this analysis is
83       only statistical, it proves absolutely nothing if you are deeply
84       concerned about security - but in that case you should use chars(), not
85       word() anyways. In reality, it says a lot about your chosen parameters
86       if you use large values for $count.
87
88   generate_language
89         $language_description = generate_language($wordlist);
90
91       Generates a language description which can be saved in a file and/or
92       loaded with load_language. $wordlist can be a string containing
93       whitespace separated words, an array ref containing one word per
94       element or a file handle or name to read words from, one word per
95       line7.  Alternatively, you may pass an array directly, not as
96       reference.  A language description is about 1MB in size.
97
98       If you generate a general-purpose language description for a language
99       not yet built-in, feel free to contribute it for inclusion into this
100       package.
101
102   load_language
103         load_language($language_description, $name [, $default]);
104
105       Loads a language description which is then available in words().
106       $language_description is a string returned by generate_language, $name
107       is a name of your choice which is used to select this language as the
108       fifth parameter of words(). You should use the well-known ISO two
109       letter language codes if possible, for best interoperability.
110
111       If you specify $default with a true value, this language will be made
112       global default language. If you give undef as $language_description,
113       only the default language will be changed.
114
115   random_number
116         $number = random_number($limit);
117
118       Returns a random integer between 0 (inclusive) and $limit (exclusive).
119       Change this to a function of your choice by doing something like this:
120
121           sub my_rng ($) {
122               ...
123           }
124
125           {
126             # suppress warning about function being redefined
127             no warnings 'redefine';
128             *Crypt::GeneratePassword::random_number = \&my_rng;
129           }
130
131       The default implementation uses perl's rand(), which might not be
132       appropriate for some sites.
133
134   restrict
135         $forbidden = restrict($word,$language);
136
137       Filters undesirable words. Returns false if the $word is allowed in
138       language $lang, false otherwise. Change this to a function of your
139       choice by doing something like this:
140
141           sub my_filter ($$) {
142               ...
143           }
144
145           {
146             no warnings 'redefine';
147             *Crypt::GeneratePassword::restrict = \&my_filter;
148           }
149
150       The default implementation scans for a few letter sequences that
151       english or german people might find offending, mostly because of their
152       sexual nature. You might want to hook up a regular password checker
153       here, or a wordlist comparison.
154

SEE ALSO

156       Crypt::RandPasswd
157

REPOSITORY

159       <https://github.com/neilb/Crypt-GeneratePassword>
160

AUTHOR

162       Copyright 2002 by Jörg Walter <jwalt@cpan.org>, inspired by ideas from
163       Tom Van Vleck and Morris Gasser/FIPS-181.
164
165       Now maintained by Neil Bowers <neilb@cpan.org>
166
168       This perl module is free software; it may be redistributed and/or
169       modified under the same terms as Perl itself.
170
171
172
173perl v5.38.0                      2023-07-20        Crypt::GeneratePassword(3)
Impressum