I just uploaded CtrlO::Crypt::XkcdPassword to CPAN, which is my first CPAN module I was paid to develop (as opposed to various other modules that were extracted from some private codebases). So, thanks to CtrlO for supporting open source!
But back to the module:
CtrlO::Crypt::XkcdPassword generates passwords based on this famous xkcd
Some code examples say more than 1000 words:
my $generator = CtrlO::Crypt::XkcdPassword->new; say $generator->xkcd; ReplyParalyticParitySupreme say $generator->xkcd( words => 3, digits = 3); SurelyBasinFutility905
You can also use the included script
~$ pwgen-xkcd.pl VacationPotholeIntentPalpable ~$ pwgen-xkcd.pl --words 3 --digits 3 EscortElectorSlighter726
Of course you can also load some custom word lists:
my $generator = CtrlO::Crypt::XkcdPassword->new( wordlist => '/etc/passwd' ) # don't! );
Or use some of the wordlists available on CPAN:
my $generator = CtrlO::Crypt::XkcdPassword->new( wordlist => 'WordList::ZH::HSK' ) );
Why another one?
- Good entropy
Most of the password generating modules just use
rand(), which "is not cryptographically secure" (according to perldoc).
CtrlO::Crypt::XkcdPassworduses Crypt::URandom via Data::Entropy, which provides good entropy while still being portable.
- Good word list
While Crypt::Diceware has good entropy, we did not like its word lists. Of course we could have just provided a word list better suited to our needs, but we wanted it to be very easy to generate xkcd-Style passwords
- Easy API
my $pwd = CtrlO::Crypt::XkcdPassword->new->xkcdreturns 4 words starting with an uppercase letter as a string, which is our main use case. But the API also allows for more or less words, or even some digits.
- Fork save
You can init a password generator, fork of some children, and each child will have a distinct source of entropy. (more on that the next post)
Give it a try!
~$ cpanm CtrlO::Crypt::XkcdPassword ... ~$ pwgen-xkcd.pl TragicSedanTemptFission
and as always: Patches welcome!...