Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

acme (189)

acme
  (email not shown publicly)
http://www.astray.com/

Leon Brocard (aka acme) is an orange-loving Perl eurohacker with many varied contributions to the Perl community, including the GraphViz module on the CPAN. YAPC::Europe was all his fault. He is still looking for a Perl Monger group he can start which begins with the letter 'D'.

Journal of acme (189)

Wednesday April 30, 2008
09:00 AM

Pronounceable passwords

[ #36289 ]

Let's ignore the security aspects and have a fight. In one corner, clkao's Text::Password::Pronounceable. In the other corner, my String::Koremutake:

#!perl
use strict;
use warnings;
use Perl6::Say;
use Text::Password::Pronounceable;
use String::Koremutake;

say "Text::Password::Pronounceable";
foreach ( 1 .. 10 ) {
    my $password = Text::Password::Pronounceable->generate( 6, 10 );
    say "  $password";
}

say "String::Koremutake";
my $k = String::Koremutake->new;
foreach ( 1 .. 10 ) {
    my $s = $k->integer_to_koremutake( int( rand(2_000_000) ) );
    say "  $s";
}

Laaadies and gentlement: the fight begins:

Text::Password::Pronounceable
  dtwlysoto
  bileoire
  metstari
  hisiner
  icaharwet
  thitilos
  hilerith
  ilyome
  weyhow
  ttovihith
String::Koremutake
  kigelu
  hestemi
  jimygy
  teliku
  jynegra
  prydryji
  sitimy
  bronesi
  vonipro
  litisi

And the winner is... I'm not sure. Who won?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • (but have not tried to prove) that using Koremutake is going to lead to it being easier to brute force a password list down the line.
    • Text::Password::Pronounceable wins, simply because I can find it on CPAN by searching for Password via module name. I normally don't do a Search All.
  • And incidentally, "koremutake" is easier to pronounce than "pronounceable".
    • Core-mu-take? Or Co-ray-mu-ta-ki? I don't have to think about "pronounceable". :)
  • Jynegra sounds like a multinational corporation that does something you're not quite sure about. "Jynegra: At the forefront of progress."
    --

    --
    xoa

  • to win is to not play.
  • 10 out of 10 are pronouncable with String::Koremutake 8 out of 10 are pronouncable with Text::Password::Pronounceable
  • The winner is the unix apg (auto password generate) command, simply because it tells you how to pronounce your passwords:

    pjf@teddybear:~$ apg -n10 -m6 -x10 -t
    dyknip (dy-knip)
    FereOw (Fe-re-Ow)
    otAlfig^ (ot-Alf-ig-CIRCUMFLEX)
    tasEms (tas-Ems)
    AtIfRith9 (At-If-Rith-NINE)
    ucGuj+ (uc-Guj-PLUS_SIGN)
    igsyehod0 (igs-ye-hod-ZERO)
    cogwig_ (cog-wig-UNDERSCORE)
    seajaf (seaj-af)
    shoHiujca (sho-Hi-uj-ca)

    If any of the modules provides pronunciation tips (as does apg), then it wins. Otherwise, T::P::Pronounceable

  • In scripts like these it really jumps at me what a silly keyword "say" is. In a script that states that a word is pronounceable, I expect that the script is going to try to say it out loud. And that that is what "say" is doing.

    It's not.
  • I notice you've used String:: while clkao used Text::. For a vaguely similar module I used Encode:: [cpan.org] (and if you go further along the words-and-numbers spectrum you end up, predictably, at Number:: [cpan.org]).

    I have a pipe dream that one day there will be CPAN author round table meetings where similar modules in disparate namespaces will be agreed into consistent groupings. Ah well...

  • I liked your module. And although I'm more a Perl than a Ruby guy, I felt I needed something like this. So... Well, for the love of $DEITY, I cannot find the way to upload the project page [rubyforge.org] to RubyForge (and I've done it, for my other projects there!)... But if you are curious and want to look at how I reimplemented what I saw from you, just clone the Git repository:
    git clone git://rubyforge.org/koremutake.git
    Thanks for a neat idea!