From d7dbefc8513f309c0df50cce580900e653b356de Mon Sep 17 00:00:00 2001 From: "Christoph J. Scherr" Date: Tue, 5 Sep 2023 11:16:20 +0200 Subject: [PATCH] password gen task --- Tasks.md | 30 ++++++++++++++++++++++++++++++ src/randomString.py | 12 +++++++++--- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/Tasks.md b/Tasks.md index 2c791f8..cfcc2d8 100644 --- a/Tasks.md +++ b/Tasks.md @@ -174,6 +174,12 @@ Difficulty: 2/5 1. Generate a string of 16 random alphanumeric characters. 2. When starting your script, take a number for a CLI Argument. Generate a random string of this length. +3. **Bonus** + - How many possible strings consisting of 16 alphanumeric characters can exist? + - Add the possibility for a second argument `-v` that indicates your script should be more + verbose. + - print the security bits ($log_2(L)$ where $L$ is the total number of possibilites) when the + `-v` flag is applied Example: @@ -198,4 +204,28 @@ Take a look at the provided Code Example. [Code Example](src/randomString.py) +**Bonus** + +There are 62 alphanumeric characters (A-Z), (a-z), (0-9). + +With $N$ characters, there are $62^N$ possible variants. +For $N=16$ that's $62^{16} = 47.672.401.706.823.533.450.263.330.816$ possible variants. + +Security people measure security in Bits ($2^x$). You can calculate the bits of security with the +logarithm base 2. + +$S = log_2(62^N)$. + +We can immediately see that longer passwords are *exponentially* more secure than +more complex passwords (passwords that make use of complicated characters). For each bit, the +security of the password is doubled. + +For our example of $N=16$ we can calculate the security of the password like this: + +$S=log_2(62^{16}) \approx 95.27$ + +That number of security bits is pretty good for passwords. However it does not cost you anything to +just make your passwords longer than that, and give attackers no chance to break them by brute +force. + diff --git a/src/randomString.py b/src/randomString.py index da76e67..79a9d1d 100755 --- a/src/randomString.py +++ b/src/randomString.py @@ -1,14 +1,20 @@ #!/usr/bin/env python3 import random import string +import math import sys +alphabet = string.ascii_lowercase +alphabet += string.ascii_uppercase +alphabet += "0123456789" + def get_random_string(length): # choose from all lowercase letter - alphabet = string.ascii_lowercase - alphabet += string.ascii_uppercase - alphabet += "0123456789" result_str = ''.join(random.choice(alphabet) for i in range(length)) return result_str print(get_random_string(int(sys.argv[1]))) +if len(sys.argv) >= 3 and sys.argv[2] == "-v": + security = math.log2(len(alphabet)**int(sys.argv[1])) + print(f"The alphabets size is {len(alphabet)}") + print(f"Security bits: {security}")