Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr2764 :: Personal password algorithms

Is it possible to generate a unique password for every site? Klaatu tries.

<< First, < Previous, Latest >>

Hosted by klaatu on 2019-03-07 is flagged as Clean and is released under a CC-BY-SA license.
Tags: password,security,algorithm,puzzle,cipher.
Listen in ogg, spx, or mp3 format. | Comments (1)

Part of the series: Information Underground

Deepgeek, Klaatu, and Lostnbronx discuss things.

Here is a bash script to generate an org-mode word list matrix. It requires at least one file ending in .list to be used as a source of words or strings.


#!/bin/bash

if [ -z $1 ]; then
    DEST=matrix.org
else
    DEST=$1
fi

cat >> "${DEST}" <<EOF
| | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z | ? |
|-+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---|
EOF

VERT=(a b c d e f g h i j k l m n o p q r s t u v w x y z ?)

cat *list > tmp || exit

BIG=`wc -l tmp | cut -f1 -d' '`

c="0"

while [ "$c" -lt "27" ]; do
    # horizontal row across
    n="0"
    v=`echo ${VERT[$c]}`
    printf "| $v |" >> "${DEST}"
    while [ "$n" -lt "27" ]; do
	i=`echo $((1 + RANDOM % $BIG))`
	w=`awk "FNR==$i" tmp`
	#reduce chance of empty cell
	if [[ -z $w ]]; then
	    i=`echo $((1 + RANDOM % $BIG))`
	    w=`awk "FNR==$i" tmp`
	    echo "blank cell found"
	fi
	printf "$w | " >> "${DEST}"
	n=$[$n+1]
    done
    echo " " >> "${DEST}"
    c=$[$c+1]
done

/usr/bin/rm tmp

When you open the resulting file (matrix.org by default) in emacs, use the fill-paragraph (m-x fill-paragraph) function to align the cells into a pretty table.

Invent your own key, and generate some test passwords. Do this 6 or 8 times, and then try to reverse the key using the passwords and the table. If the logic to reverse the key is too simple, then try using values relying on the metadata, rather than data, of the table (for instance, the number of letters in the first word in the table starting with the same letter as the site name, or whatever).

Do you have analogue methods of generating passwords? Post ideas to either the comments or, better yet, as an HPR episode!

Here is a word list for testing:
http://hackerpublicradio.org/eps/hpr2764_wordlist.html


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2019-03-12T04:26:51Z by Steve

LessPass

There is an open source project called LessPass that is trying to solve the password management problem in much the same way that you are describing. Passwords are generated in a deterministic and algorithmic way using a master password, some known values related to the site, and some cryptography.

There are two challenges that I see with this concept. The first one, that you made reference too, is how do you write an algorithm that will generate a password that will be acceptable to the policies of any site.

The second is, how do you deal with sites that insist that you change your password from time to time? In order to do that, you about have to change your algorithm, which means that all your other passwords will be broken.

If these two problems can be solved, I'd be all for this type of password management.

<< First, < Previous, Latest >>

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the P in HPR stand for ?
Are you a spammer →
Who hosted this show →
What does HPR mean to you ?