Know-How für Ihr Projekt

Crypt::GeneratePassword / Password-Generator

Crypt::GeneratePassword is a Perl module that lets you create random passwords in a variety of ways. Most importantly, it allows you to create passwords that can be pronounced like regular words, which makes them much easier to memorize.

The US government published a standard (FIPS-181) on how to do that, unfortunately it has been shown that this method makes the resulting passwords weaker than they could be (see Ganesan, Davies: A New Attack on Random Pronounceable Password Generators).

This module implements the modified algorithm proposed in that paper. It creates pure random passwords and checks each one against a modified Markov model. If the probability of a given random word is higher than a pre-determined threshold, the word is returned, otherwise a new random word is generated and the process repeated. That way, every password in the resulting key space has the same probability, fixing the shortcomings of FIPS-181. Of course, this process is a lot slower, but given that this is probably only used once per end-user of your application, performance should be of little concern.

Crypt::GeneratePassword can be internationalized. It is able to generate statistical data from word lists for your language. Currently, data for German and English is included.

The Perl implementation offers a few additional utilites, see the Crypt::GeneratePassword manual for details.



You can download Crypt::GeneratePassword via CPAN (recommended):

perl -MCPAN -e "install Crypt::GeneratePassword"

Alternatively, check my CPAN directory for tarballs.

C# (.net)

Nick Wallis ported this module to C# (.net) as nick3216.Library.Crypt.Password. It doesn't contain the more esoteric function calls, but concentrates on the core functionality. It works the same way as described above and includes documentation in CHM format: Password-Generator-1.0.0.tar.gz


This code is distributed under the terms of the GNU General Public License (GPL) Version 2 or later. The Perl implementation can optionally be used under the same terms as Perl itself.