Register
It is currently Thu Oct 02, 2014 2:23 am

A better mouse trap, revisiting a password generation script


All times are UTC - 6 hours


Post new topic Reply to topic  [ 1 post ] 
Author Message
 PostPosted: Fri Mar 18, 2011 6:23 am   

Joined: Wed May 19, 2010 9:56 am
Posts: 21
I know there are lots of examples out there for password scripts, but I haven't found a good one that generates good human readable passwords. Here is what I am up against.

1 Must use at least 14 characters,
2 Must include a mix of the four classes of characters i.e UPPER, lower, number, and special.
3 Must not allow any one class of character to appear more than 3 in a row.
4 Must not allow the password to contain any sequence of the user id.

A number 3 example: ABC is good, ABCD is not. 123 is good, 1234 is not. #$% is good, #$%^ is not. I think you get the point.

I think with number 4 I can use some sort of $USER environment variable or getent passwd

CONTROL C MOMENT: if you know of one, please read no more and send me the link. :)

To handle the human readable element I, up front, establish certain rules about character substitution. Here are a few I have come up with:

In a set of three letters, if all are lower, one will be force to upper.
The letter "A" or "a" can be "A", "a", or "@"
The letter "B" or "b" can be "B", "b", "6", or "%"
The letter "O" or "o" can be "O", "o", or "0" (that is a zero)
The letter "I" or "i" can be "I", "i", "!" "1" or "|"

Again you get the point. Establish some rules about letter substitution.

I have already did a small script and extracted every fourteen character password from /usr/share/dict/linux.words, there was 19326 of them. (My OS is RHEL 6). Perhaps I should have gotten 14 and above, but I can do that later.

My script currently uses bashes $RANDOM to pick a word from that 19326 word list.

I just ran my script and got "arthrogryoosis" Now I have to translate it and the end result I would want would be something like: Ar+hr0&rOo51s. The a is upper, the t became a +, one o became a 0 (zero), the g became a &, one o went to upper, one s became a 5, etc etc.

The key is you start with a human readable password. Then my users understand the translation rules, and then they take the given translation and easily remember it because the know they rules. After a few days of typing it, it will become mechanical for them.

You are wondering -- where is he going with this. Thank you for your patience and here is where I need the input of the gurus.

I am currently handling the translation character by character. My script contains a function that is getting rather large like this:

function convertletter {
# Handle the letter S.
#### Or try SPECIALforS='S s $ 5'
SPECIALforS='$ 5'
specialforS=($SPECIALforS)
num_specialforS=${#specialforS[*]}

I have already, earlier in the script used cut to get each character i.e C1, C2, ... C14
C1=`cut -c 1 /tmp/modnar` (The word is in a tmp file, modnar is random backwards.)
...
C14=`cut -c 14 /tmp/modnar`

Now I use an if statement to translate the character randomly.

# Just force the first letter to upper. Find a better way later. This is not a good rule.
if [[ $C1 == [a-z] ]] ; then
P1=`echo $C1 | tr '[:lower:]' ':[upper]:'`
fi

# What if the second character is an S or s?
if [[ $C2 == [Ss] ]] ; then
# Randomly choose a $, or 5
P2=`echo ${specialforS[$((RANDOM%num_specialforS))]}'
else
P2=$C2
fi

Latter on I will echo out $P1 $P2 ... $P14 for the user to see, learn, remember and then it will be deleted and gone forever.

So here is where I need ideas. As you can see scripting each character in each of 14 positions can get very long. C2 can also include any of the vowels, and a number of the consonants. And setting up all those small arrays to handle each of the possibilities for the 14 different positions might be a nightmare.

And I haven't even gotten to checking for a sequence of three.

I know this, at least to me, seems like a daunting task, but if you have any ideas, I'd love your input.

Let me know if you need more input.

Blessings to all.


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP