Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!jgreely From: jgreely@cis.ohio-state.edu (J Greely) Newsgroups: comp.unix.wizards Subject: random passwords (was Re: Worm...) Message-ID: <28399@tut.cis.ohio-state.edu> Date: 26 Nov 88 20:22:01 GMT Sender: jgreely@tut.cis.ohio-state.edu Lines: 41 In article <274@aber-cs.UUCP> pcg@cs.aber.ac.uk writes: >In article <13169@ncoast.UUCP> allbery@ncoast.UUCP writes: > A possible enhancement is to use phonemes instead of letters, thus > increasing the chances of a pronounceable password. It could be combined > with a phoneme-to-letter table which could randomly (or maybe not so > randomly, depends on how much time I want to put in it) choose between > alternative representations (f/ph, etc.) of a phoneme. The posted version of this (pwgen, in comp.sources.misc, natch) doesn't quite work. I sent the minor changes to Brandon. The generated words sound nothing like English, but they *are* pronouncable (mostly). >As has been discussed at length and conclusively, generating by algorithm >menmonic passwords is a very bad idea, because: >[1] It restricts unconscionably the key space (usually to a few thousand >or at best dozen thousand entries). Well, after fixing the minor bugs in pwgen, I'm not terribly worried about the key space: % pwgen 9 500000 | sort | uniq | wc -l 482718 The percentage of unique passwords seems to drop at a fairly constant rate as you raise the number generated, but at 500000 it's still over 96%. It would require more testing to see just how many unique strings it's capable of generating, but that's for another day. >[2] If the algorithm used to generate the passwords get known, it can be >used to obtain a complete list of all possibly passwords. Naaah. The patch I sent to him suggested adding a switch to randomly upcase letters, as well as replace letters with numbers ('l' -> '1', 'o' -> '0', etc). If 8-character passwords are chosen, modified by these transformations, the key space is more than sufficient. -- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely) Unseen, in the background, Fate was quietly slipping the lead into the boxing glove.