Generating an XKCD Password

Our next iteration for developing a password generating program draws inspiration from my favorite online comic.

Without going into the math, just yet, the idea is that rather than a random string of characters, make a password out of four random words. Its easier to remember, and, in the end, even more secure. If you want to understand the idea of entropy in a password see this article.

Now, the first thing we are going to need for this project is some words. There are a number of sources you can use to get words. If you are using a Mac (or Linux), you have a big file of words, over 120,000 of them, on your computer in /usr/share/dict/words There are also some Python modules such as the natural language processing toolkit. For this post I’m going to use a list of 5000 popular words I obtained from Its hidden away in the source of this page, but we will make use of it as though we were reading from a file on our own computer.

The first step we want to take is to take the file of words and create a list.

The program above does nothing more than open the ‘file’ of wards for reading, and use the readlines method to turn the entire file into a list. The readlines method already makes a list of strings where each string represents a line of the file. In our case the words in words.dat area stored one word on each line. Here’s a little snippet from the file:


Now, generating a password is pretty simple, we will just choose four words at random from the list and put them together to form our password:

Now, when you run the program you’ll notice that we have a little problem. Each word has a peculiar \\n at the end of it. The \\n character is the newline character (See Typewriter). We will need to use the slice operator to remove those characters before we join them together into a single string.

While we are at it, lets generate 5 password strings. With the simple method we are using here some strings may be too long, and some may be too short, and some may just have odd words that we do not want to have in our password.

Now, even though these passwords are longer and therefore more secure than a short password generated from random letters, numbers, and symbols, many systems will still want to enforce their silly rules about having at least one number in the password. Here are two problems for you to work on.

For our final installment on passwords we are going to improve on this simple generator by picking ‘good’ words. Because the passwords are long it is important to me to be able to type them quickly. Nothing speeds typing by having the letters in a word alternate between my left hand and my right hand. So, to get a jump start on the next post:

Next Section - An efficient XKCD Password