Python: A warning when using the XKCD password generator

If you're not familiar with the problem yet, have a look at the comic below.

Come along redacted's XKCD-password-generator which turns this into a Python-module reality for us to easily plug into our code.

pip install xkcdpass

And in your code:

from xkcdpass import xkcd_password

wordfile = xkcd_password.locate_wordfile()
mywords = xkcd_password.generate_wordlist(wordfile=wordfile)
random_password = xkcd_password.generate_xkcdpassword(mywords, n_words = 3, delim='.')

This is all fine and very easy to use. However, there is a small catch.

priest.fucking.choirboy

Believe it or not, this is a combination that is possible with the default dictionary.

By using the default password file supplied by 12Dicts in the function locate_wordfile(), you are potentially including swear words and religious references. The potential mix of these and regular words CAN be offensive, especially when you're automatically generating these for users and sending them out blindly.

Depending on how this code is used, the recent events at Charlie Hebdo's office in Paris is a good motivation to make sure watch your words.

belldem 
When random words suddenly have meaning...

Here's one I prepared earlier

I spent about 2 days scanning the file for potentially offensive words. I've taken out as many words as I could relating to the following categories:

  • religion
  • swearing
  • sex and sexual connotations
  • drugs
  • health and/or disease related words
  • violence
  • names of people or countries

Since it was a horribly mundane task, I'm sure I've missed some. If you find some, please let me know by leaving a comment below.

For those inclined to download and run, you can grab a cleansed password file from github.

Then fix the code to use your own file:

from xkcdpass import xkcd_password

wordfile = "users/passwords.txt" # Previously xkcd_password.locate_wordfile()
mywords = xkcd_password.generate_wordlist(wordfile=wordfile)
random_password = xkcd_password.generate_xkcdpassword(mywords, n_words = 3, delim='.')

I've provided a patch/diff file for the words I've removed.

Sources

 
Copyright © Twig's Tech Tips
Theme by BloggerThemes & TopWPThemes Sponsored by iBlogtoBlog