genpasswd

By Hal Canary, 2007-04-05 14:05:04 (link)
#computers-code

#!/bin/sh
# genpasswd.sh
#   Generate a random password with almost
#   144 bits of randomness, making use of
#   /dev/random.
# Note:
#   Most online services have somewhat
#   arbitrary rules about what characters
#   can be included in a password. So we
#   limit ourselves to A-Za-z0-9.
# Copyright 2007 Hal Canary
# Dedicated to the Public Domain.
echo "Grabbing bits from /dev/random..." 1>&2
head -c 18 /dev/random | base64 | \
        sed 's/\//Z/g;s/+/z/g;'
# If you lack base64 on your system, try:
# head -c 18 /dev/random  | uuenview -b '' | \
#       sed 's/\//Z/g;s/+/z/g;'

Exactly how much entropy do we get?

Each character can be a z or a Z with a probability of 2/64 for each. The other 60 characters have a probability of 1/64 each. Apply the formula:

information entropy = \displaystyle{\sum_{i=1}^np(x_i)\log_2 \left(1/p(x_i)\right)}
= \displaystyle{\sum_{i=1}^{2}\frac{2}{64} \log_2 \left({\frac{64}{2}}\right)} + \displaystyle{\sum_{i=1}^{60}\frac{1}{64} \log_2 \left({\frac{64}{1}}\right)}
= 2 \left({\frac{2}{64}}\right) \log_2 \left({\frac{64}{2}}\right) + 60 \frac{1}{64} \log_2 \left({\frac{64}{1}}\right)
= 2 \left({\frac{2}{64}}\right) \left({5}\right) + 60 \frac{1}{64} \left({6}\right) = \frac{20}{64} + \frac{360}{64} = \frac{380}{64} = 5.9375

Mulitply by 24 for 24 characters, and get 142.5 bits of entropy.


(back)