Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Phonetically Memorable Password Generation Algorithms

Background

While at the Gym the other day, I was working with my combination lock, and realized something that would be useful to me as a programmer. To wit, my combination is three seperate sets of numbers that either sound alike, or have some other relation that makes them easy to remember. For instance, 5-15-25, 7-17-2, 6-24-5. These examples seem easy to remember.

Question

How would I implement something similar for passwords? Yes, they ought to be hard to crack, but they also should be easy for the end user to remember. Combination Locks do that with a mix of numbers that have similar sounds, and with numbers that have similar properties (7-17-23: All Prime, 17 rolls right off the tongue after 7, and 23 is another prime, and is (out of that set), the 'hard' one to remember).

Criteria

  • The Password should be easy to remember. Dog!Wolf is easy to remember, but once an attacker knows that your website gives out that combination, it makes it infinitely easier to check.
  • The words or letters should mostly follow the same sounds (for the most part).
  • At least 8 letters
  • Not use !@#$%^&*();'{}_+<>?,./ These punctuation marks, while appropriate for 'hard' passwords, do not have an 'easy to remember' sound.

Resources

This question is language-agnostic, but if there's a specific implementation for C#, I'd be glad to hear of it.

Update

A few users have said that 'this is bad password security'. Don't assume that this is for a website. This could just be for me to make an application for myself that generates passwords according to these rules. Here's an example.

The letters A-C-C-L-I-M-O-P 'flow', and they happen to be two regular words put together (Acclimate and Mop). Further, when a user says these letters, or says them as a word, it's an actual word for them. Easy to remember, but hard to crack (dictionary attack, obviously).

This question has a two-part goal:

  1. Construct Passwords from letters that sound similar (using alliteration) or
  2. Construct Passwords that mesh common words similarly to produce a third set of letters that is not in a dictionary.
like image 906
George Stocker Avatar asked Mar 08 '09 22:03

George Stocker


People also ask

Which algorithm is used for random password generator?

The main algorithm for password generation contains a FOR loop, which does the following: generates a random number between 1 and 4 to choose the character set. once the set has been randomly selected, a random index will be generated for the selected character set.


1 Answers

You might want to look at:

  • The pronouncable password generation algorithm used by apg and explained in FIPS-181
  • Koremutake
like image 189
Can Berk Güder Avatar answered Sep 23 '22 17:09

Can Berk Güder