The Author – Bart Busschots
Creative Commons
Unless otherwise stated, the content on this site is licensed under Creative Commons Attribution, Noncommercial, No Derivative Works 3.0 License
May
12
XKPasswd 2.0 – Want to Watch the Sausage get Made?
Filed Under Computers & Tech, Software Development, My Projects on May 12, 2014 at 11:07 pm
I’m betting most people won’t be interested in this, but if anyone’s curious how this programmer goes about building up a perl module from scratch, you can watch along on as I build XKPasswd 2.0 over on GITHub: github.com/bbusschots/xkpasswd.pm.
I’m re-implementing XKPasswd from scratch. The resulting functionality will be mostly the same, but with some additions. The reason for starting over is two-fold. Firstly, the first implementation of XKPasswd was very much a prototype, and as with any prototype, I learned some valuable lessons, and there are lots of things I’d do differently if I was doing it again. Secondly, the first version of XKPasswd is almost three years old now, and since then, my Perl skills have increased a lot. Probably the single biggest difference between the me of 2014 and the me of 2011 is that I read Perl Best Practices, and started to run all my Perl code through Perl Critic. Another big difference is that, thanks to JQuery, I’ve fallen in love with Code References in all the languages I use that support them, including Perl.
Since this is a re-write, I’m really focusing on building a solid foundation, so I’m starting with the utility functions that will let me build up functionality gradually, and I’m writing the user documentation in parallel with the code. Before every commit to GITHub, everything that’s done so far is getting documented with POD, and, the code has to pass Perl Critic with no warnings.
Awesome! I can’t wait!
I’ve been doing a bit of hacking on xkpasswd myself, mostly around the dictionary word list and setting the defaults to more closely match the usage from the comic. So, it’ll be great to see what changes you make and why.
Thanks again!
Hi Brad,
If you send me on your settings I’ll include a preset for XKCD-like passwords if you like.
Bart.
Hi Bart,
do you also run http://www.xkpasswd.net? I’m using that page as password generator for a long time now, and since most of my users are Spanish-speaking, I would love to have the chance to select a spanish language dictionary. Do you know if it’s possibly to add it to xkpasswd.net, or should I create a new website for it?
thanks in advance.
Feature requests: 1) Cookies for defaults. I use XKPasswd almost solely for creating fake security question answers, and I want them to be words only with spaces between them. I can set that, but it’s a pain to make the changes to the padding, etc. every time.
2) XKPasswd.net does not actually verify as “Secure” in my browser (Safari) because it contains both secure and insecure elements. This makes me a bit antsy about using it to generate passwords.
Sorry if this is the wrong place for this.
Hmm. Now that I think about it, I’m not sure that I ever responded on this subject.
Anyway, here’s the settings I’m currently using to generate passwords that I think are very xkcd-like:
my $config = {
dictionary_file => ‘sample_dict.txt’,
min_word_length => 4,
max_word_length => 8,
};
$config->{num_words} = 4;
$config->{case_transform} = ‘NONE’;
$config->{custom_separator} = ‘-‘;
$config->{prepend_numbers} = 0;
$config->{append_numbers} = 0;
$config->{pad_char} = ‘-‘;
$config->{pre_pad} = 0;
$config->{post_pad} = 0;
$config->{random_source} = ‘PERL’;
True xckd-like passwords would use the space character as a separator, so that you can get “correct battery horse staple” instead of “correct-battery-horse-staple”, but for my purposes I think that the dash character works better as a word separator.
I’ve also taken words from the diceware password generator and a few other sources to help improve the size and quality of my dictionary, but only because I wanted to make sure that I could get to 10k words.