mkpwd - a password generator
----------------------------
Version 0.3
mkpwd is a password generating program. It is designed to satisfy
a scalable range of security demands. It's standard behavior is
to generate one password consisting of any of all printable ASCII
characters (32-128) with a length between 6 and 10.
You can modify the way passwords are generated via command-line
switches. You can specify a length range, the characters used and
even let mkpwd generate passwords which are kind of readable and
therefore easier to remember (and easier to crack either, see
below).
mkpwd was tested under Solaris, FreeBSD and Linux.
INSTALLATION
------------
Just change your current working directory to the mkpwd source
directory and type (as root) "make install". That's all.
ALGORITHM
---------
The algorithm is based on the systems rand()-function (see man 3 rand)
and therefore depends heavily on it's implementation. I did some
testing on the output of mkpwd which is represented in the table below.
I let mkpwd generate 100000 passwords with the parameters listed below.
The `*' run was performed using a script-file which started mkpwd 10
times at once (i.e. nearly, started in background) and evaluated the
output of all 10 instances. The numbers in the table are the numbers
printed by 'uniq -d'.
Table:
run Std t1 t2 t3 t4 t5 t6 t7 t8 t9
1 0 0 0 1 8 29 505 1730 354 1
2 0 0 0 2 9 30 519 1630 315 1
3 0 0 0 2 10 26 501 1634 322 0
4 0 0 1 1 3 31 541 1595 316 0
5 0 0 1 4 12 18 521 1607 350 0
6 0 0 0 2 5 24 530 1587 357 1
7 0 0 0 1 10 33 518 1610 357 1
8 0 0 2 1 7 40 529 1652 364 0
9 0 0 0 0 8 38 546 1650 341 0
0 0 0 1 1 11 26 529 1611 345 0
* 0 0 43 171 968 2332 46558 130869 29687 41
t1: -n 10 -m 10 -t 3 -l (fixed length 10, alpha)
t2: -t 5 (alphanum-readable)
t3: -t 6 (alpha-readable)
t4: -n 6 -m 6 -t 5 (fixed length 6, aplhanum-readable)
t5: -n 6 -m 6 -t 6 (fixed length 6, alpha-readable)
t6: -n 6 -m 6 -t 5 -l (same as t4, lowercase only)
t7: -n 6 -m 6 -t 6 -l (same as t5, lowercase only)
t8: -t 4 (numeric-only)
t9: -n 10 -m 10 -t 4 (fixed length 10, numeric-only)
As you can see one gets a lot of doubles if the password length is
fixed, especialy if you use a short length.
SECURITY
--------
Generally it is advisable to use only passwords which are generated
by mkpwd in it's default mode. If you use options to get rememberable
ones, you also make it easier for password cracking programms to guess
them. Read 'man 1 passwd' to learn more about passwords and security.
If someone would try to crack passwords (e.g. with john) which were
generated with mkpwd with different options I would be appriciated
to see the results.
November 2000
Oliver Schroeder