Personally I prefer the following short C program:

#include <stdio.h>
#include <ctype.h>

unsigned char getrandomchar(void);

int main()
{
   unsigned char passwd[15];
   unsigned int length equals ;
   unsigned int i = ;

   // create password length
   while ( length < 8 || length > 13 )
      length = (unsigned int) getrandomchar() - 1;

   // create characters of password to appropriate length
   while (i != length)
   {
      unsigned char c = getrandomchar();
      while ( c < 0x21 || c > 0x7e )
         c = getrandomchar();
      passwd[i++] = c;
   }
   passwd[length] = 0;

   // output generated password
   puts( passwd );
}

unsigned char getrandomchar(void)
{
   FILE* random = fopen ( "/dev/random", "r" );
   unsigned char retval;
   fread ( &retval, 1, 1, random );
   return ( retval );
}

Yes, I know there's bugs in it, and yes, I know I should have submitted an obfuscated version.

Here's one I wrote in PERL that generates easy to remember but still strong passwords.

It grabs three letter words from the UNIX file /usr/dict/words, combines them, mixes case and adds random characters in between the two words. That way they are simple, easy to remember and meet most password requirements on a Solaris system (must contain mix of characters, etc.)

Add salt to taste :)


#!/usr/local/bin/perl
#
END { print "\n"; }

srand( time + $$ );

@chars = qw ( ! @ # $ % ^ & * ( ) - = , . & < > ' : ;
              1 2 3 4 5 6 7 8 9 0  );
open( A, "/usr/dict/words" ) or die;
foreach( <A> ) {
    chomp;
    push @words, $_ if( /^[a-z]{3}$/i );
}

if( ! $ok ) {
    $word1 = $words[rand($#words)];
    $word2 = $words[rand($#words)];
    $char1 = $chars[rand($#chars)];
    $char2 = $chars[rand($#chars)];
    $ok++ if( ( $word1 ne $word2 ) && ( $char1 ne $char2 ) );
}

$tmp = $word1 . $char1 . $word2 . $char2;

@foo = split //, ( $word1 . $char1 . $word2 . $char2 );

for( $i = 0; $i < 3; $i++ ) {
  my $i = rand($#foo);
  $foo[$i] = uc $foo[$i];
}
foreach( @foo ) { print }
Generating Strong Passwords On PHP

I use the following snippet of code to generate passwords for my users:

md5(uniqid(mt_rand(), 1))

This returns a 32 character string, which is a hash of "uniqid(mt_rand(), 1)".

uniqid (string uniqid ( string prefix [, bool lcg] )) is a nice function that I discovered which generates unique strings. I prefix it with a random number and set the second parameter to 1 in order to add some entropy. This makes results more unique.

Note: When using PHP versions prior to 4.2.0, the random number generator needs to be seeded. The following snippet is generally accepted as the seed to use.

mt_srand((double) microtime() * 1000000);

Here is a few examples of the sorts of passwords that this code generates:

97dfafa794
8b8a16d017
90b18f296c
dd7e177c5a
7a96fed079
As you can see, very random (ignoring the fact that it only uses 0-9a-f (...*cough*)).

Log in or register to write something here or to contact authors.