https://github.com/rpdelaney/dumbpw

A bad password generator for bad websites with bad password policies
https://github.com/rpdelaney/dumbpw

Last synced: 15 days ago
JSON representation

A bad password generator for bad websites with bad password policies

• Host: GitHub
• URL: https://github.com/rpdelaney/dumbpw
• Owner: rpdelaney
• License: other
• Created: 2021-11-15T23:14:19.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-10-04T17:21:38.000Z (about 1 month ago)
• Last Synced: 2024-10-13T02:10:15.918Z (about 1 month ago)
• Language: Python
• Homepage: https://pypi.org/project/dumbpw/
• Size: 367 KB
• Stars: 5
• Watchers: 3
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE

Awesome Lists containing this project

README

        
dumbpw

======================

|LANGUAGE| |VERSION| |BUILD| |MAINTAINED| |MAINTAINABILITY|

|LICENSE| |STYLE|

.. |BUILD| image:: https://github.com/rpdelaney/dumbpw/actions/workflows/integration.yaml/badge.svg

   :target: https://github.com/rpdelaney/dumbpw/actions/workflows/integration.yaml

   :alt: build status

.. |LICENSE| image:: https://img.shields.io/badge/license-Apache%202.0-informational

   :target: https://www.apache.org/licenses/LICENSE-2.0.txt

.. |MAINTAINED| image:: https://img.shields.io/maintenance/yes/2024?logoColor=informational

.. |VERSION| image:: https://img.shields.io/pypi/v/dumbpw

   :target: https://pypi.org/project/dumbpw

.. |STYLE| image:: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json

   :target: https://github.com/astral-sh/ruff

.. |LANGUAGE| image:: https://img.shields.io/pypi/pyversions/dumbpw

.. |MAINTAINABILITY| image:: https://img.shields.io/codeclimate/maintainability-percentage/rpdelaney/dumbpw

   :target: https://codeclimate.com/github/rpdelaney/dumbpw

To create and remember passwords for online services, the best practice for

most folks online is to use a password management tool such as `Bitwarden

`_ to generate long, cryptographically random

passwords. Then, a very strong passphrase is used to lock the password manager.

Unfortunately, in a misguided attempt to encourage users to choose better

passwords, many websites and apps enforce `restrictive password policies `_.

These policies inhibit users from using cryptographically random

password generators: a long, high-entropy password is more likely to

violate such rules, which means a security-savvy user may have to attempt

several "random" passwords before one is accepted. This punishes users

who are trying to follow best practices.

Enter dumbpw. dumbpw allows you to configure a set of rules, and then it will

generate a cryptographically secure password that conforms to those dumb rules.

If all you need is a password generator, **you should not use this**.

Installation

------------

.. code-block :: console

    pip3 install dumbpw

Usage

-----

.. code-block :: console

    $ dumbpw --help

    Usage: dumbpw [OPTIONS] LENGTH

    Options:

    --version                       Show the version and exit.

    --min-uppercase INTEGER         The minimum number of uppercase characters.

    --min-lowercase INTEGER         The minimum number of lowercase characters.

    --min-digits INTEGER            The minimum number of digit characters.

    --min-specials INTEGER          The minimum number of special characters.

    --blocklist TEXT                Characters that may not be in the password.

                                    [default: '";]

    --allow-repeating / --reject-repeating

                                    Allow or reject repeating characters in the

                                    password.  [default: reject-repeating]

    --specials TEXT                 Non-alphanumeric characters that may be in

                                    the password. Pass '-' to read from standard

                                    input.

    --help                          Show this message and exit.

Known issues

------------

* dumbpw uses `secrets `_

  to generate passwords. If the generated string doesn't meet the given

  requirements, dumbpw discards it and generates another, until one passes.

  Therefore, if you ask dumbpw to generate a long password with high minimums,

  it will run for a very long time before terminating.

* Likewise, if your minimums require characters that are banned in the

  blocklist option, dumbpw will run forever.

* The author is neither a cryptographer, nor a security expert. There has

  been no formal, independent, external security review of this software. As

  explained in the LICENSE, the author assumes no responsibility or liability

  for your use of this software.

Related tools

-------------

* Apple's `Password Rules Validation Tool `_

============

Development

============

To install development dependencies, you will need `poetry `_

and `pre-commit `_.

.. code-block :: console

    pre-commit install --install-hooks

    poetry install && poetry shell

`direnv `_ is optional, but recommended for convenience.