Announcing CtrlO::Crypt::XkcdPassword

I just uploaded CtrlO::Crypt::XkcdPassword to CPAN, which is my first CPAN module I was paid to develop (as opposed to various other modules that were extracted from some private codebases). So, thanks to CtrlO for supporting open source!

But back to the module: CtrlO::Crypt::XkcdPassword generates passwords based on this famous xkcd

Example use

Some code examples say more than 1000 words:

   my $generator = CtrlO::Crypt::XkcdPassword->new;

   say $generator->xkcd;
   ReplyParalyticParitySupreme

   say $generator->xkcd( words => 3, digits = 3);
   SurelyBasinFutility905

You can also use the included script pwgen-xkcd.pl

   ~$ pwgen-xkcd.pl
   VacationPotholeIntentPalpable

   ~$ pwgen-xkcd.pl --words 3 --digits 3
   EscortElectorSlighter726

Of course you can also load some custom word lists:

   my $generator = CtrlO::Crypt::XkcdPassword->new(
       wordlist => '/etc/passwd' ) # don't!
   );

Or use some of the wordlists available on CPAN:

  my $generator = CtrlO::Crypt::XkcdPassword->new(
       wordlist => 'WordList::ZH::HSK' )
   );

Another "inspiration"

CPAN being CPAN, there are already several modules inspired by this xkcd, so CtrlO::Crypt::XkcdPassword is also inspired by

Why another one?

  • Good entropy
    Most of the password generating modules just use rand(), which "is not cryptographically secure" (according to perldoc). CtrlO::Crypt::XkcdPassword uses Crypt::URandom via Data::Entropy, which provides good entropy while still being portable.
  • Good word list
    While Crypt::Diceware has good entropy, we did not like its word lists. Of course we could have just provided a word list better suited to our needs, but we wanted it to be very easy to generate xkcd-Style passwords
  • Easy API
    my $pwd = CtrlO::Crypt::XkcdPassword->new->xkcd returns 4 words starting with an uppercase letter as a string, which is our main use case. But the API also allows for more or less words, or even some digits.
  • Fork save
    You can init a password generator, fork of some children, and each child will have a distinct source of entropy. (more on that the next post)

Give it a try!

  ~$ cpanm CtrlO::Crypt::XkcdPassword
  ...
  ~$ pwgen-xkcd.pl
  TragicSedanTemptFission

and as always: Patches welcome!...