Python: A warning when using the XKCD password generator

If you're not familiar with the problem yet, have a look at the comic below.

Come along redacted's XKCD-password-generator which turns this into a Python-module reality for us to easily plug into our code.

pip install xkcdpass

And in your code:

from xkcdpass import xkcd_password

wordfile = xkcd_password.locate_wordfile()
mywords = xkcd_password.generate_wordlist(wordfile=wordfile)
random_password = xkcd_password.generate_xkcdpassword(mywords, n_words = 3, delim='.')

This is all fine and very easy to use. However, there is a small catch.

priest.fucking.choirboy

Believe it or not, this is a combination that is possible with the default dictionary.

By using the default password file supplied by 12Dicts in the function locate_wordfile(), you are potentially including swear words and religious references. The potential mix of these and regular words CAN be offensive, especially when you're automatically generating these for users and sending them out blindly.

Depending on how this code is used, the recent events at Charlie Hebdo's office in Paris is a good motivation to make sure watch your words.

belldem 
When random words suddenly have meaning...

Here's one I prepared earlier

I spent about 2 days scanning the file for potentially offensive words. I've taken out as many words as I could relating to the following categories:

  • religion
  • swearing
  • sex and sexual connotations
  • drugs
  • health and/or disease related words
  • violence
  • names of people or countries

Since it was a horribly mundane task, I'm sure I've missed some. If you find some, please let me know by leaving a comment below.

For those inclined to download and run, you can grab a cleansed password file from github.

Then fix the code to use your own file:

from xkcdpass import xkcd_password

wordfile = "users/passwords.txt" # Previously xkcd_password.locate_wordfile()
mywords = xkcd_password.generate_wordlist(wordfile=wordfile)
random_password = xkcd_password.generate_xkcdpassword(mywords, n_words = 3, delim='.')

I've provided a patch/diff file for the words I've removed.

Sources

Flashing DD-WRT on your TP-Link TL-WR1043ND v2.1

Wow, what a difference this custom firmware makes on your device. I'm kicking myself for not trying this out earlier! Although it's not officially listed on the supported devices database, there's a beta build for the TL-WR1043ND v2.1 on the FTP that is pretty stable.

First of all, there are plenty of guides for the v1.x hardware router. Make sure you've got the v2.x version! It's on the box, and the router even LOOKS different. Otherwise you'd have yourself a pretty brick.

image

Downloads

At time of posting on 5th of January 2015, I got the latest build from ftp://ftp.dd-wrt.com/betas/2015/01-04-2015-r25760/

If this is the first time you're flashing DD-WRT on the router then grab "factory-to-ddwrt.bin", otherwise get "tplink_tl-wr1043nd-v2.bin".

Setup

It's advised you reset your router configuration before flashing with DD-WRT. Hold the reset button for 10 seconds so the router reboots. The guides usually recommend the 30/30/30 rule, which means hold it for 30 while it's on, hold it for 30 while it's off, and continue holding it for another 30 while you turn it on again.

  • Log into the router admin page at 192.168.0.1 (default) and then go to System Tools > Firmware Upgrade.
  • Select the custom firmware file you downloaded earlier.
  • Click upgrade
  • Wait for it to finish

image

  • The page refresh will fail, because the IP of the router will have changed to 192.168.1.1.
  • Change the address in your browser to http://192.168.1.1
  • Set up the admin username/password and you'll be on your merry way.

image

Well that was surprisingly short and simple, so here's a cute little puffer fish GIF to brighten your day.

tumblr_nc8afsOMfy1rq7z94o1_400

Sources

 
Copyright © Twig's Tech Tips
Theme by BloggerThemes & TopWPThemes Sponsored by iBlogtoBlog