Thursday, November 25, 2010

Threat level: yellow


I'm sure you have a lot of usernames and passwords---I know I do. My security model has four threat levels: green, yellow, orange and red.

  • green: the same password for all
  • yellow: a different strong password for each one; written in an encrypted text file and transferred on a thumb drive
  • orange: a strong password that I remember
  • red: a password on paper, in a file cabinet that I control; orange passwords also stored here

  • Level red is for banking; orange for my laptop that requires a logon at boot. I allow the Keychain to store passwords for level yellow.

    The problem is how to generate a lot of strong passwords. Python is great for this:

    import sys, random, string
    cL = string.letters + string.digits
    cL += '@#$%&*'

    def go(N):
    L = [random.choice(cL) for i in range(N)]
    return ''.join(L)

    N = int(sys.argv[1])
    except IndexError, ValueError:
    N = 24
    print go(N)

    $ python 50