xkcdpass, XKCD-inspired password generator

xkcdpass [1] is a password generator inspired by XKCD #936 "PASSWORD STRENGTH" [2] (2011-08-10). The result is human readable and memorable and it has many options to customize the generation: * `-i` for interactive generation process (0:07) * `-n` for number of words (0:13) * `-v` for valid character range, e.g. [a-f] (0:20) * `-a` for acrostic [3] generation (0:30) * `-c` for number of password generated (0:40) * `-d` for separator between words (0:44) * `-V` for verbose output (0:04) You can also choose wordfile or length of words, see `-h` (0:01) This generator was born on 2011-09-20, git-ee0559e4fdcf847f16561dc6e8dd0330f091ece9, a month after the comic was published. $$$# Options used in the recording: (0:01) none (0:04) -V (0:07) -i (0:13) -n 3 (0:20) -n 3 -v '[^aeiou]' #NOVOWELS (0:30) -a xkcd (0:33) -a xkcdpass (0:36) -a YJL (0:40) -a YJL -c 3 (0:44) -a YJL -c 3 -d - (0:46) -a YJL -c 3 -d -_- (1:00) -a XKCD -d $'\n' $$$# Frankly, I think the idea behind XKCD makes sense, but you might want to make a slight change. But first, let me tell you my thought about those password generator for strong passwords. Don't use them. My reasons are: * No way a human can remember many sets of strong passwords, which are generated randomly with letters + digits + other characters. * And I believe some people end up using an app or put down those passwords somewhere. If you need an program to store passwords, frankly, I'd say that's a great risk. Even it's protected by a master password and those passwords are encrypted. If your computer is comprised, then no matter how high grade the encryption is, that doesn't matter because your computer is comprised. To me, the only and truly safe place to store passwords is the brain, at least before remote mind probing is possible, and I am not joking. But this XKCD-inspired isn't safe if the wordfile is common. You have to use special wordfile, and preferably to misspell in a way no one else would expect, meaning no one knows how you misspell. In other words, you have to have you own system to generate passwords for different sites, and that all have to be in your own brain. That's the real "strong password" in my opinion. There is one more thing, although I have never tried any of these generated passwords, I am sure it's highly possible that you would hit characters length limit on many website. Just like those strong passwords contain characters are prohibited by some websites. You want to use strong password for sake of security, but some systems ain't designed that way for you. $$$# * Version 1.0.0 (2014-06-02) * In Python 2 and 3 * By Steven Tobin, et al. * New BSD License (3-clause) [1]: https://pypi.python.org/pypi/xkcdpass [2]: http://xkcd.com/936/ [3]: http://en.wikipedia.org/wiki/Acrostic