Last active
January 2, 2022 19:58
-
-
Save alexmojaki/65f2db74871355d84dc599a2cd333dca to your computer and use it in GitHub Desktop.
Mini xkcd password generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import random | |
| from urllib.request import urlopen | |
| lines = urlopen( | |
| "https://raw.githubusercontent.com/first20hours/google-10000-english/master/google-10000-english-no-swears.txt" | |
| ) | |
| words = list({ | |
| line.decode("utf8").strip() | |
| for line in lines | |
| if len(line) > 6 | |
| }) | |
| print("Unique words:", len(words)) | |
| print("Possible passwords ~", len(words) ** 4) | |
| for i in range(20): | |
| print("".join(random.sample(words, 4))) |
How random is "random.sample"?
It's not 'cryptographically secure' random, but I'm assuming (perhaps wrongly) that it doesn't matter since this is for a local script, not a web application or something, so there should be no way for an attacker to get information about the state of the random number generator. Or if they do, you probably have bigger things to worry about.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The idea here is to generate passwords securely offline with so little code that it's easy to read and trust.