[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password generator



suffocator@gmx.de writes:
> does anyone know how to automatically generate a password for 
> every user in a database?

# This is Larry Wall's password program, somewhat rewritten.  I couldn't
# find it on the net, and our version is rather Norwegian, but there
# is a 'goodenough' routine you can probably use.
# in http://ftp.se.kde.org/pub/security/tools/password/yppapasswd/.
require "passwd.pl";

my @passwd_chars =
    ('a'..'z', 'A'..'Z', 0..9, '-', '+', '?', '=', '*', '(', ')',
     '/', '&', '%', "\#", '"', '_', '!', ',', ';', '.', ':');
my (@passwd_salt) = ('.', '/', '0'..'9', 'a'..'z', 'A'..'Z');

sub make_passwd {
    my $pass;
    do {
	$pass = "";
	$pass .= $passwd_salt[rand(scalar(@passwd_salt))]
	    while length($pass) < 8;
    } while (! &passwd::goodenough($pass));
    return ($pass, crypt($pass,   $passwd_salt[rand(scalar(@passwd_salt))]
				. $passwd_salt[rand(scalar(@passwd_salt))]);
}

> another problem is that i need every password in plain text to send
> this initial password via email to every user...

You shouldn't.  E-mail is insecure, snoopers can pick up passwords you
send that way.  Besides, how will the users read their e-mail if they
need the new passwords - which they don't know yet - to log in?

-- 
Hallvard