- DEFINING CUSTOM WORD LISTS
- WRAPPER SCRIPT
- RUNNING FROM GIT
- SEE ALSO
- COPYRIGHT AND LICENSE
CtrlO::Crypt::XkcdPassword - Yet another xkcd style password generator
use CtrlO::Crypt::XkcdPassword; my $password_generator = CtrlO::Crypt::XkcdPassword->new; say $password_generator->xkcd; # LimousineAllegeClergymanEconomic say $password_generator->xkcd( words => 3 ); # ObservantFiresideMacho say $password_generator->xkcd( words => 3, digits => 3 ); # PowerfulSpreadScarf645 # Use custom word list CtrlO::Crypt::XkcdPassword->new( wordlist => '/path/to/wordlist' ); CtrlO::Crypt::XkcdPassword->new( wordlist => 'Some::Wordlist::From::CPAN' ); # Use another source of randomness (aka entropy) CtrlO::Crypt::XkcdPassword->new( entropy => Data::Entropy::Source->new( ... ); );
CtrlO::Crypt::XkcdPassword generates a random password using the algorithm suggested in https://xkcd.com/936/: It selects 4 words from a curated list of words and combines them into a hopefully easy to remember password (actually a passphrase, but we're all trying to get things done, so who cares..).
See this explaination for detailed information on the security of passwords generated from a known word list.
But https://xkcd.com/927/ also applies to this module, as there are already a lot of modules on CPAN implementing https://xkcd.com/936/. We still wrote a new one, mainly because we wanted to use a strong source of entropy and a fine-tuned word list.
my $pw_generator = CtrlO::Crypt::XkcdPassword->new;
Initialize a new object. Uses
CtrlO::Crypt::XkcdPassword::Wordlist::en_gb as a word list per default. The default entropy is based on
/dev/urandom and should be random enough (at least more random than plain old
If you want / need to supply another source of entropy, you can do so by setting up an instance of
Data::Entropy::Source and passing it to
my $pw_generator = CtrlO::Crypt::XkcdPassword->new( entropy => Data::Entropy::Source->new( ... ) );
To use one of the included language-specific word lists, do:
my $pw_generator = CtrlO::Crypt::XkcdPassword->new( language => 'en-GB', );
Available languages are:
You can also provide your own custom word list, either in a file:
my $pw_generator = CtrlO::Crypt::XkcdPassword->new( wordlist => '/path/to/file' );
Or in a module:
my $pw_generator = CtrlO::Crypt::XkcdPassword->new( wordlist => 'My::Wordlist' );
See "DEFINING CUSTOM WORD LISTS" for more info.
my $pw = $pw_generator->xkcd; my $pw = $pw_generator->xkcd( words => 3 ); my $pw = $pw_generator->xkcd( digits => 2 );
Generate a random, xkcd-style password.
Per default will return 4 randomly chosen words from the word list, each word's first letter turned to upper case, and concatenated together into one string:
$pw_generator->xkcd; # CorrectHorseBatteryStaple
You can get a different number of words by passing in
words. But remember that anything smaller than 3 will probably make for rather poor passwords, and anything bigger than 7 will be hard to remember.
You can also pass in
digits to append a random number consisting of
digits digits to the password:
$pw_generator->xkcd( words => 3, digits => 2 ); # StapleBatteryCorrect75
Please note that
language is only supported for the word lists included in this distribution.
Put your word list into a plain file, one line per word. Install this file somewhere on your system. You can now use your word list like this:
CtrlO::Crypt::XkcdPassword->new( wordlist => '/path/to/wordlist' );
CtrlO::Crypt::XkcdPassword->new( wordlist => 'Your::Cool::Wordlist' );
You can check out CtrlO::Crypt::XkcdPassword::Wordlist::en_gb (included in this distribution) for an example. But it's really quite simple: Just subclass
Wordlist and put your list of words into the
__DATA__ section of the module, one line per word.
CtrlO::Crypt::XkcdPassword->new( wordlist => 'Crypt::Diceware::Wordlist::Common' );
(yes, this looks just like when using
Wordlist. We inspect the wordlist module and try to figure out what kind of API you're using)
To create a module using the Crypt::Diceware wordlist API, just create a package containing a public array
@Words containing your word list.
This distributions includes a simple wrapper script, pwgen-xkcd.pl.
This is not the recommended way to install / use this module. But it's handy if you want to submit a patch or play around with the code prior to a proper installation.
git clone email@example.com:domm/CtrlO-Crypt-XkcdPassword.git carton install carton exec perl -Ilib -MCtrlO::Crypt::XkcdPassword -E 'say CtrlO::Crypt::XkcdPassword->new->xkcd'
git clone firstname.lastname@example.org:domm/CtrlO-Crypt-XkcdPassword.git cpanm -L local --installdeps . perl -Mlocal::lib=local -Ilib -MCtrlO::Crypt::XkcdPassword -E 'say CtrlO::Crypt::XkcdPassword->new->xkcd'
There are a lot of similar modules on CPAN, so we just point you to Neil Bower's comparison of CPAN modules for generating passwords.
Most of the password generating modules just use
rand(), which "is not cryptographically secure" (according to perldoc).
CtrlO::Crypt::XkcdPassworduses Crypt::URandom via Data::Entropy, which provides good entropy while still being portable.
Good word list
While Crypt::Diceware has good entropy, we did not like its word lists. Of course we could have just provided a word list better suited to our needs, but we wanted it to be very easy to generate xkcd-style passwords.
my $pwd = CtrlO::Crypt::XkcdPassword->new->xkcdreturns 4 words starting with an uppercase letter as a string, which is our main use case. Nevertheless, the API also allows for more or fewer words, or even some digits.
Thanks to Ctrl O for funding the development of this module.
We learned the usage of
Data::Entropyfrom https://metacpan.org/pod/Crypt::Diceware, which also implements an algorithm to generate a random passphrase.
Thomas Klausner <email@example.com>
This software is copyright (c) 2018 - 2021 by Thomas Klausner.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.