I was updating a random password generator for a project, thought I’d share the resulting code. Also availabe as a gist.
Using a default length of 14 characters this should generate passwords with 84 bits of entropy.
#!/usr/bin/env python # -*- coding: utf-8 -*- import os, string def random_password(length=14): """ Random password generator. Default generated password will have an entropy of 84 bits. For each character in the password, generate a random byte, reduce the integer value to modulo 64 and use the result as an index on the character pool. In a 64 character pool, each character will have an entropy of 6 bits. With a lenght of 14 characters the total entropy is 84 bits: log2(64) * 14 = 84 bits The difference between 13 and 14 characters can be several years to brute force. """ characters = string.ascii_letters + string.digits + '+/' l = list() for x in xrange(length): i = ord(os.urandom(1)) % len(characters) c = characters[i] l.append(c) return ''.join(l) if __name__ == '__main__': print(random_password())
Generating passwords is easy, storing them safely seems to be more of a challenge.