seeking pronouncable password generator for Ubuntu
 

I've read {(blush) but cannot recover the webliography} that longer passwords are better, but they are harder to remember. More reading {and blushing} tells me that one might make passwords memorable if you can projounce them somehow. Consider http://webpages.math.luc.edu/~vande/jabtext.html as pronouncable nonsense.

Using words from this poem is common and not recommended. I offer this for examples of "pronouncable."

I want a password generator, using English-like sounds, that create a random set of syllables for each word and offers a short list of words that comply with the prevailing password policy for length &c. The end-user would then pick one word for their new password, or select for a replacement list.

Q1: Does anyone know about this sort of code fragment to generate "pronouncable" passwords?

Q2: Can anyone suggest how to best integrate this into the Ubuntu(gnome) or Kubutu(KDE) desktop?

Q3: Can anyone suggest how to integrate this into a web site like WordPress or Joomla! for end-user authentication?

Cheers,
~~~ 0;-Dan

Not to dodge your three questions, but choosing one word is not going to result in a strong password!

If I could humbly suggest a contrived example algorithm to consider (change to suit your tastes):

1. Name your least favorite food.
2. Name a film.
3. Name a cartoon character.
4. Pick an arbitrary number.

Now combine them, like so: <food> + <number> + <cartoon_character> + <number> + <film>

Examples:

• coconut2minnie2totalrecall
• radish33handy33memento

Most humans can remember a series of words that are somewhat meaningful to them.

If I'm understanding you correctly, you're suggesting using pronounceable but non-real words. I think that's a bad idea. Whilst people may be able to remember how to pronounce the word, they may not remember the spelling. They're more likely to remember the spelling if it's a real word. Though anomie has already covered the problem of using real words in passwords.


If you want an easy way to get real words, try looking at the words file. On my openSuSE system it's located at /usr/share/dict/words but it might be somewhere else on Ubuntu. If you can't find it look for package called words in the repos. The words package contains American English but there are also region specific versions - look for appropriately named packages. You can quickly grab a random word using shuf
The words file contains words with apostrophes in, if you don't want them then you can use

My favorite (memorable) password generation method (not my idea) is to take a memorable phrase and use the first letters from each word.

So "I bet NO-ONE in their right mind will guess this password" becomes "ibnoitrmwgtp". You can extend it with capitals and letter to digit/punctuation substitution , perhaps giving "!bN-O1trmwgtp".

That's just an example, but you get the idea.

A better way to generate passwords is tie them to a phrase...

InAvRnBw'gOt2011

I Need A Vacation Right Now But Won't Get One Till 2011

Phonetic password generators tend to give you real words on occasion which means you have a dictionary word as a password...

Honestly, you should use a password that looks like: C$Gsk.917xNCO3^OFiLA-VTW

Use Keepass to keep your passwords in so they're all unique and you don't NEED to remember them... (works on iphone, android, windows, mac, linux, there's a portable version, etc...)

I've merged the duplicate into this thread. In the future, please don't double post.

I appreciate your effort to merge common content, but Are you saying that SaintDanBert in specific posted this as a duplicate or that this thread in general is a duplicate of some other thread? If you assert that a thread is a duplicate, it would be helpful if you named a thread-ID or subject line so folks could review and learn how to avoid duplication.

In response to your posting, I used Advanced Search with the keywords
"pronounce" and "password". The search did not even locate this thread.
Even if search did not stem "pronounce" to find "pronounceable", the word "password" might have found this one. When folks -- call me a newbie if you must -- search with zero results found on a subject line, is it really productive to complain about "duplicate" postings.

When I create a new thread, I always use the "check for similar" button. I {SaintDanBert} did not see any threads that I'd consider duplication. I'm trying to be a good citizen. Also, I find that one choice of subject line gets ignored while another choice addressing the same inquiry gets response. How is one supposed to re-state the original question {aka, replace the original subject line} without a second posting or similar?

Teach me. I will learn.
~~~ 0;-Dan

In response to response #3 http://www.linuxquestions.org/questi...8/#post3998193, any use of "real words" is discouraged because password cracking software uses dictionaries which contain (DOH) real words.

The idea of presenting several "word" options, is to offer the end-user the choice of items that will somehow catch their fancy ... tickles their tounge or something ... and thus is rememberable. The choice of pronouncable syllables is deterministic enough that the spelling foibles of routine English (American, British, Aussie, or otherwise) won't be an issue either. The generator would somehow avoid the common tripping points like 'receive' vs. 'friend'.

Please forgive in advance if you are an expert in phonetics or linquistics.

The letter 'a' may have pronounciation of 'ay' (as in 'play') or 'aa' (as in 'cat') or 'ah' (as in 'father') or 'aw' (as in 'caught'). The letter 'c' may have pronounciation like 's' or 'k'. The generator would select a random consonant and pair it with a random vowel sound to create a random syllable. For example, 'p' + 'aa' or 's' + 'ay'.
After making some number of random syllables, the generator might then select one and test against the desired or required minimum length. If it is too short, select another and concatenate. When a string is long enough, report it. Repeat when there are enough samples. Capital letters might be salted in the text with punctuation salted between the syllables

• "pay koo vee teh" ..... just the syllables
• "raa muh laa muh dee daw" ... another
• "Rah mIH doh" ......... with capitals
• "lAH+tee%Ray#mee-Soh$fah" ..... with caps and punctuation

In ancient times, the Digital(tm) VAX/VMS utilities had the command line
that did something very similar to what I describe. What I've written is almost a spec, so I could write something, but I can't stop thinking [er, hoping] that someone has already done this.

~~~ 0;-Dan

You posted the exact same thread twice in the same forum. (Maybe you hit submit, assumed a timeout, and hit submit again? I dunno.)

I reported it, and a mod was nice enough to merge them before they turned into a vicious two-headed monster.

There were two identical original posts from you in LQSEC. One was made nine minutes after the one at the top of this thread, and had received one reply IIRC. This current one had received several replies, so I merged the other thread into this one and deleted the duplicate/younger original post. This keeps the discussion in one place, which is beneficial to everyone. If you have any further questions, please contact me via email instead of using this thread.

If this posting appears more than once, I had dropped connection troubles trying to SUBMIT ... again? ... Sorry!
Thanks for the clarification. This sounds like I pressed the SUBMIT button a second time for some reason. Sorry about that. I'll be more careful in the future.

SUGGESTION:One might think that the server might catch double-tap postings in much the same way that they catch searching too close together and similar.

Not an excuse, but I'm using Firefox on Ubuntu Jaunty or Lucid. There is some known sluggish behavior of the browser which may have left me feeling that I had not yet touched SUBMIT.

Cheers,
~~~ 0;-Dan

... rolling my own ...
 

After much searching, I found this https://help.ubuntu.com/community/StrongPasswords. While it uses a different syllable
algorithm than I proposed on 11th June, it mostly does what I want.

Thanks to all,
~~~ 0;-Dan