6.12. 🤔 Generating a Password XKCD Style

Nobody likes to change their password, and its always hard trying to come up with a new password. In this lab we’ll solve that problem using a solution posed by the popular XKCD comic.

XKCD Password

Lets start by creating a traditional random password composed of numbers, letters, and a few special characters.

Next you follow the XKCD model of selecting four random words and concatenating them together to for our password.

Of course that does not make the IT department of most colleges and businesses happy. They still want you to have at least one capital letter and a number in your password. We’ll learn more about this in a couple of chapters but it is easy to replace parts of a string with a different string using the replace method. For example "pool".replace('o', 'e') gives us peel Once you have your final password you can replace some letters with number substitutions. For example its common to replace the letter l with the number 1 or the letter e with the number 3 or the o with a 0. You can get creative. You can also easily capitalize a word using "myword".capitalize() Once you feel confident that you understand the code below you can use this activecode to make your password comply with standard procedures to include special characters.


This last part goes beyond what you have covered in the book so far, but I’ll give you the extra code you need. You will probably be able to figure out what it does and this is kind of a fun preview of things to come.

Lets suppose you DO have a 4 character password composed only of lower case letters. How many guesses would it take you to guess the password? You can actually write a program to create a four character string and compare it to the known password. If we put this process inside a loop we can keep track and see how many guesses it takes us to find the matching password.

You will see that the number of guesses can vary pretty widely. from less than 10,000 to over 500,000! What happens if you increase the length to 5 characters? Or what happens if you allow your four character password to include numbers or upper case letters? all of these changes definitely increase the complexity of the password and therefore the number of tries. Each of these changes increases the number of possible passwords. Can you calculate the number of possible four letter passwords using just the 26 letters of the alphabet and 4 letters in the password? How does that change if you allow 26 letters plus 10 digits? Now what if you have an 8 character password?

My MacBook Pro averages around 16,300 guesses per second. If you assume that you will on average have to try about 1/2 of the possible combinations, how long will it take to crack an 8 letter password with upper case letters, lower case letters, and 10 possible digits?

Post Project Questions

Next Section - 7. Iteration