LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 06-09-2010, 01:25 PM   #1
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,271
Blog Entries: 3

Rep: Reputation: 86
seeking pronouncable password generator for Ubuntu


I've read {(blush) but cannot recover the webliography} that longer passwords are better, but they are harder to remember. More reading {and blushing} tells me that one might make passwords memorable if you can projounce them somehow. Consider http://webpages.math.luc.edu/~vande/jabtext.html as pronouncable nonsense.
Using words from this poem is common and not recommended. I offer this for examples of "pronouncable."
I want a password generator, using English-like sounds, that create a random set of syllables for each word and offers a short list of words that comply with the prevailing password policy for length &c. The end-user would then pick one word for their new password, or select for a replacement list.

Q1: Does anyone know about this sort of code fragment to generate "pronouncable" passwords?

Q2: Can anyone suggest how to best integrate this into the Ubuntu(gnome) or Kubutu(KDE) desktop?

Q3: Can anyone suggest how to integrate this into a web site like WordPress or Joomla! for end-user authentication?

Cheers,
~~~ 0;-Dan
 
Old 06-09-2010, 01:50 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by SaintDanBert
The end-user would then pick one word for their new password, or select for a replacement list.
Not to dodge your three questions, but choosing one word is not going to result in a strong password!

If I could humbly suggest a contrived example algorithm to consider (change to suit your tastes):
  1. Name your least favorite food.
  2. Name a film.
  3. Name a cartoon character.
  4. Pick an arbitrary number.

Now combine them, like so: <food> + <number> + <cartoon_character> + <number> + <film>

Examples:
  • coconut2minnie2totalrecall
  • radish33handy33memento

Most humans can remember a series of words that are somewhat meaningful to them.
 
Old 06-09-2010, 02:49 PM   #3
arizonagroovejet
Member
 
Registered: Jun 2005
Location: England
Distribution: SLED, openSUSE
Posts: 997

Rep: Reputation: 169Reputation: 169
If I'm understanding you correctly, you're suggesting using pronounceable but non-real words. I think that's a bad idea. Whilst people may be able to remember how to pronounce the word, they may not remember the spelling. They're more likely to remember the spelling if it's a real word. Though anomie has already covered the problem of using real words in passwords.


If you want an easy way to get real words, try looking at the words file. On my openSuSE system it's located at /usr/share/dict/words but it might be somewhere else on Ubuntu. If you can't find it look for package called words in the repos. The words package contains American English but there are also region specific versions - look for appropriately named packages. You can quickly grab a random word using shuf
Code:
me@mine:~> shuf -n1 /usr/share/dict/words 
Cymbre
me@mine:~> shuf -n1 /usr/share/dict/words 
sawyers
me@mine:~> shuf -n1 /usr/share/dict/words 
earing's
me@mine:~> shuf -n1 /usr/share/dict/words 
Co's
me@mine:~> shuf -n1 /usr/share/dict/words 
ungratefully
The words file contains words with apostrophes in, if you don't want them then you can use

Code:
me@mine:~> grep -v "'" /usr/share/dict/words | shuf -n1
tetrapods
me@mine:~> grep -v "'" /usr/share/dict/words | shuf -n1
stumblebum
me@mine:~> grep -v "'" /usr/share/dict/words | shuf -n1
hackbuteer
me@mine:~> grep -v "'" /usr/share/dict/words | shuf -n1
wasterfulness
 
Old 06-09-2010, 03:19 PM   #4
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
My favorite (memorable) password generation method (not my idea) is to take a memorable phrase and use the first letters from each word.

So "I bet NO-ONE in their right mind will guess this password" becomes "ibnoitrmwgtp". You can extend it with capitals and letter to digit/punctuation substitution , perhaps giving "!bN-O1trmwgtp".

That's just an example, but you get the idea.

Last edited by beadyallen; 06-09-2010 at 03:21 PM.
 
Old 06-09-2010, 04:45 PM   #5
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
A better way to generate passwords is tie them to a phrase...

InAvRnBw'gOt2011

I Need A Vacation Right Now But Won't Get One Till 2011

Phonetic password generators tend to give you real words on occasion which means you have a dictionary word as a password...

Honestly, you should use a password that looks like: C$Gsk.917xNCO3^OFiLA-VTW

Use Keepass to keep your passwords in so they're all unique and you don't NEED to remember them... (works on iphone, android, windows, mac, linux, there's a portable version, etc...)

Last edited by rweaver; 06-09-2010 at 04:48 PM.
 
Old 06-09-2010, 05:27 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
I've merged the duplicate into this thread. In the future, please don't double post.
 
Old 06-11-2010, 12:18 PM   #7
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,271
Blog Entries: 3

Original Poster
Rep: Reputation: 86
Quote:
Originally Posted by win32sux View Post
I've merged the duplicate into this thread. In the future, please don't double post.
I appreciate your effort to merge common content, but Are you saying that SaintDanBert in specific posted this as a duplicate or that this thread in general is a duplicate of some other thread? If you assert that a thread is a duplicate, it would be helpful if you named a thread-ID or subject line so folks could review and learn how to avoid duplication.

In response to your posting, I used Advanced Search with the keywords
"pronounce" and "password". The search did not even locate this thread.
Even if search did not stem "pronounce" to find "pronounceable", the word "password" might have found this one. When folks -- call me a newbie if you must -- search with zero results found on a subject line, is it really productive to complain about "duplicate" postings.

When I create a new thread, I always use the "check for similar" button. I {SaintDanBert} did not see any threads that I'd consider duplication. I'm trying to be a good citizen. Also, I find that one choice of subject line gets ignored while another choice addressing the same inquiry gets response. How is one supposed to re-state the original question {aka, replace the original subject line} without a second posting or similar?

Teach me. I will learn.
~~~ 0;-Dan

Last edited by SaintDanBert; 06-11-2010 at 12:25 PM.
 
Old 06-11-2010, 01:02 PM   #8
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,271
Blog Entries: 3

Original Poster
Rep: Reputation: 86
In response to response #3 http://www.linuxquestions.org/questi...8/#post3998193, any use of "real words" is discouraged because password cracking software uses dictionaries which contain (DOH) real words.

The idea of presenting several "word" options, is to offer the end-user the choice of items that will somehow catch their fancy ... tickles their tounge or something ... and thus is rememberable. The choice of pronouncable syllables is deterministic enough that the spelling foibles of routine English (American, British, Aussie, or otherwise) won't be an issue either. The generator would somehow avoid the common tripping points like 'receive' vs. 'friend'.
Please forgive in advance if you are an expert in phonetics or linquistics.
The letter 'a' may have pronounciation of 'ay' (as in 'play') or 'aa' (as in 'cat') or 'ah' (as in 'father') or 'aw' (as in 'caught'). The letter 'c' may have pronounciation like 's' or 'k'. The generator would select a random consonant and pair it with a random vowel sound to create a random syllable. For example, 'p' + 'aa' or 's' + 'ay'.
After making some number of random syllables, the generator might then select one and test against the desired or required minimum length. If it is too short, select another and concatenate. When a string is long enough, report it. Repeat when there are enough samples. Capital letters might be salted in the text with punctuation salted between the syllables
  • "pay koo vee teh" ..... just the syllables
  • "raa muh laa muh dee daw" ... another
  • "Rah mIH doh" ......... with capitals
  • "lAH+tee%Ray#mee-Soh$fah" ..... with caps and punctuation
In ancient times, the Digital(tm) VAX/VMS utilities had the command line
Code:
prompt$ # used slash for command-line options
prompt$ set password/generated /minlength=K /maxlength=J 
  Pick one from the following:
    1. "blah blah blah"
    2. "blah blah blah"
    ...
    5. "blah blah blah"
  Enter selection number or ENTER for more options:
that did something very similar to what I describe. What I've written is almost a spec, so I could write something, but I can't stop thinking [er, hoping] that someone has already done this.

~~~ 0;-Dan
 
Old 06-11-2010, 03:02 PM   #9
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by SaintDanBert
Are you saying that SaintDanBert in specific posted this as a duplicate or that this thread in general is a duplicate of some other thread?
You posted the exact same thread twice in the same forum. (Maybe you hit submit, assumed a timeout, and hit submit again? I dunno.)

I reported it, and a mod was nice enough to merge them before they turned into a vicious two-headed monster.
 
Old 06-11-2010, 11:29 PM   #10
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by SaintDanBert View Post
I appreciate your effort to merge common content, but Are you saying that SaintDanBert in specific posted this as a duplicate or that this thread in general is a duplicate of some other thread? If you assert that a thread is a duplicate, it would be helpful if you named a thread-ID or subject line so folks could review and learn how to avoid duplication.

In response to your posting, I used Advanced Search with the keywords
"pronounce" and "password". The search did not even locate this thread.
Even if search did not stem "pronounce" to find "pronounceable", the word "password" might have found this one. When folks -- call me a newbie if you must -- search with zero results found on a subject line, is it really productive to complain about "duplicate" postings.

When I create a new thread, I always use the "check for similar" button. I {SaintDanBert} did not see any threads that I'd consider duplication. I'm trying to be a good citizen. Also, I find that one choice of subject line gets ignored while another choice addressing the same inquiry gets response. How is one supposed to re-state the original question {aka, replace the original subject line} without a second posting or similar?

Teach me. I will learn.
~~~ 0;-Dan
There were two identical original posts from you in LQSEC. One was made nine minutes after the one at the top of this thread, and had received one reply IIRC. This current one had received several replies, so I merged the other thread into this one and deleted the duplicate/younger original post. This keeps the discussion in one place, which is beneficial to everyone. If you have any further questions, please contact me via email instead of using this thread.
 
Old 06-12-2010, 12:50 PM   #11
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,271
Blog Entries: 3

Original Poster
Rep: Reputation: 86
If this posting appears more than once, I had dropped connection troubles trying to SUBMIT ... again? ... Sorry!
Quote:
Originally Posted by win32sux View Post
There were two identical original posts from you in LQSEC. One was made nine minutes after the one at the top of this thread, and had received one reply IIRC.
...
Thanks for the clarification. This sounds like I pressed the SUBMIT button a second time for some reason. Sorry about that. I'll be more careful in the future.

SUGGESTION:One might think that the server might catch double-tap postings in much the same way that they catch searching too close together and similar.
Not an excuse, but I'm using Firefox on Ubuntu Jaunty or Lucid. There is some known sluggish behavior of the browser which may have left me feeling that I had not yet touched SUBMIT.

Cheers,
~~~ 0;-Dan
 
Old 09-20-2010, 12:55 PM   #12
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,271
Blog Entries: 3

Original Poster
Rep: Reputation: 86
... rolling my own ...

After much searching, I found this https://help.ubuntu.com/community/StrongPasswords. While it uses a different syllable
algorithm than I proposed on 11th June, it mostly does what I want.

Thanks to all,
~~~ 0;-Dan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BASH Password Generator jojothedogboy Linux - Software 11 02-12-2010 09:43 AM
help with password generator in C darkangel29 Programming 6 02-10-2009 12:08 PM
Seeking a Password manager/generator program Bobrm2 Linux - Newbie 7 01-30-2008 07:54 PM
Want an easy password generator? Try this :) taskara Linux - General 4 07-24-2005 11:02 PM
written a password generator in C, get it here lepricaun General 1 08-09-2004 07:12 AM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration