Python: Random Word Generator


Everyday I read the news.  Specifically I have my news tailored to provide me with a variety of cyber-security updates.  
I stumbled across an article that made total sense [1].  Essentially experts were recommending that people choose random words to be their password/phrase.  This is not new and truthfully I have been preaching similar things for years.  When I read the article I was inspired to create a python script that would do the random word generating for me.

Now I am totally aware that there are a plethora of free services out there that will do this for me, 

but where is the fun in that!?

The following are images of my script followed by some explanations of the code and why using random words is a good idea for your passphrases.




Summary of Script:

-Modules imported
-set string variable "url" to destination where I am grabbing all the random words
-res variable is the response from opening the page
-content variable is all the data being read from page
-new variable is casting content from bytes to string
-I now have one long string,  after printing out the string I saw that there was a recurring "\r\n" I don't want this so I split on this character combo like they are delimiters.
-I now have a list called "words"
-variable "val" holds integer for how many words user wants
-for loop loops through val variable and randomly chooses an integer between 0 and 58,000.  This random number is used to select a word from the list "words"

Why Bother?

Why should we bother using random words when creating passphrases?  Honestly it comes down to a bit of psychology and probability.

At this point it is fairly well known that brute forcing a single word password is quite simple.  There are password lists out there with millions of words saved.  When that single word is not complex and worse yet is personalized to the individual, guessing and brute forcing becomes very easy.

A popular past time for guessing people's passwords is creeping on their social networks for clues to who they are as a person.  If the target's dog's name is "Roofus", then that is a piece of information that can be used to narrow down the search, and so on and so on.

Passphrases are good.  When we use a phrase it is actually quite easy to remember.

Example: "mydogroofusthedogissuchagooddoggyandheknowsalotoftricks"

The above passphrase has 55 characters, good luck brute forcing that!  It is easy to remember and would be brutally hard to brute force.

Downside is that it is still has personal elements.

Enter the random words.

I ran my script again and asked for 3 words. I got: trivia-reverently-baffling

These three words together make 24 characters.  Together and separately they mean nothing to me.  There is no connection with these words to me.  That is where the glory of the random words-->randomness.

In conclusion don't use single word passwords.  Passphrases are decent as long as they are not personal and if you want something interesting to remember go ahead and try out some random words, it may surprise you how easy it is to remember them!



Reference:

Popular Posts