Then, to generate a password, you pick a random 'starting' tuple from the set, weighted by its frequency, and output the first letter. For generating natural language words or sentences that at least mostly follow rules of grammar or composition, a 3rd degree markov chain is usually sufficient. In order to create a useful markov chain for your purposes, you would feed in a large corpus of english language data - there are many available, including, for example, Project Gutenburg - to generate a set of records as outlined above. Optionally, you can also include 'virtual' start-word and end-word tokens. For example, "aardvark", with a 2nd-degree markov chain, would generate the tuples (a, a, 1), (a, r, 2), (r, d, 1), (d, v, 1), (v, a, 1), (r, k, 1). An n-degree markov chain is basically a large set of n-tuples that appear in your input corpus, along with their frequency. One way to generate passwords that 'sound like' words would be to use a markov chain. the 2nd and 3rd letter, or take the second letter of the third word. (At 1 million combinations a second it takes 30 years to test all 10^15 combinations.)Īs an extra (in case Eve knows you're a Police fan), you could swap e.g. 10 letters, even only lowercase gives you 10^15 combinations, which is a lot, especially since there's no shortcut for cracking it. "But I should have known this right from the start"īecomes "bishktrfts". Song lyrics are an inexhaustible source of pass-phrases. OTOH, if she sees you type about 8 characters, among which 's' twice, and then 'o' and 'r' she may guess it correctly the first time.įorcing the use of at least one digit doesn't really help you simply know that it will be "pa55word" or "passw0rd". The advantage of just using the starting letters of a pass-phrase is that it looks random, which makes it damn hard to remember if you don't know the phrase behind it, in case Eve looks over your shoulder as you type the password. Using a database system you could use the SOUNDEX algorithm, or some such. Using a better programming language than Bash with text files and using a database could get this to work instantaneously. Generating a single password the first time and every time - something you need for the Web - will take both a better data source and more sophistication. Also, I've shown you probably want a database of good simple words to choose from, and not all words, to better satisfy your memorable-password requirement. The prototype shows it can probably be done, but the intelligence you require about alliteration or syllable information requires a better data source than just words. Some of the results in there are winners. Statisticrhythm (statistical crazy rhythm) Then I used these 500 or so very simple words from this page to generate the following passwords with the shell script - the script parenthetically shows the words that make up a password. It takes 4, 5 and 6 letter words (roughly 50,000) from the Unix dictionary file on your computer, and concatenate those words on the first character. Here's part 2 of your idea prototyped in a shell script. Construct Passwords that mesh common words similarly to produce a third set of letters that is not in a dictionary.Construct Passwords from letters that sound similar (using alliteration) or.Here's an example.Ī- C- C- L- I- M- O- P 'flow', and they happen to be two This could just be for me to make an application for myself that generates passwords according to these rules. UpdateĪ few users have said that 'this is bad password security'. This question is language-agnostic, but if there's a specific implementation for C#, I'd be glad to hear of it. Not use These punctuation marks, while appropriate for 'hard' passwords, do not have an 'easy to remember' sound.The words or letters should mostly follow the same sounds (for the most part).Dog!Wolf is easy to remember, but once an attacker knows that your website gives out that combination, it makes it infinitely easier to check. The Password should be easy to remember.Combination Locks do that with a mix of numbers that have similar sounds, and with numbers that have similar properties (7-17-23: All Prime, 17 rolls right off the tongue after 7, and 23 is another prime, and is (out of that set), the 'hard' one to remember). How would I implement something similar for passwords? Yes, they ought to be hard to crack, but they also should be easy for the end user to remember. To wit, my combination is three seperate sets of numbers that either sound alike, or have some other relation that makes them easy to remember. While at the Gym the other day, I was working with my combination lock, and realized something that would be useful to me as a programmer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |