Alastair’s Place

Software development, Cocoa, Objective-C, life. Stuff like that.

Pwserverd

Password generation/testing server

pwserverd is a Python server that allows efficient use of the pwtools package from environments such as PHP scripts.

Why not just write it in PHP, you might ask? The reason is that loading the dictionary file every time a page is fetched would be unnecessarily expensive. Further, on some platforms, random number generation works well within a process, but numbers generated by separate processes may exhibit problems.

Usage

Start the server by running pwserverd, which will look for its configuration in /etc/pwserverd.cfg, and failing that will adopt the following default configuration:

1
2
3
4
5
6
7
8
[main]
listeners = tcp
debug = false

[tcp]
type = tcp
port = 8099
interface = localhost

The server communicates using an HTTP-like protocol; for instance, to generate a password, you might send:

1
2
GENERATE<cr><lf>
<cr><lf>

to which the reply might be

1
2
3
200 OK<cr><lf>
Password: Rocky$Noble_Semi<cr><lf>
<cr><lf>

You can add header-like arguments; the GENERATE command, for instance, accepts the arguments RandomBits and MaxLength. To generate a password with 96 bits of randomness, you might send

1
2
3
GENERATE<cr><lf>
RandomBits: 96<cr><lf>
<cr><lf>

The other command accepted by the server is the CHECK command, which you use like this:

1
2
CHECK password<cr><lf>
<cr><lf>

The response from the server is either of the form

1
2
3
200 OK<cr><lf>
Status: Secure<cr><lf>
<cr><lf>

or (more likely in this case, since “password” is most certainly a poor choice)

1
2
3
4
200 OK<cr><lf>
Status: Insecure<cr><lf>
Reason: Password is too simple (not enough different kinds of character)<cr><lf>
<cr><lf>

You should check the Status code, and if it is Insecure, present the Reason to the user.

Like GENERATE, CHECK can take header-style arguments. You can specify the OldPassword argument if you want to check that the password is not too similar to an older password. You can also specify a Username argument that the password is compared with. If you specify additional header arguments, these are also checked against the password.

Download

You can grab the sources from the mercurial repository. There is also a Python egg.