UbuntuHelp:GeneratingRememberablePasswords
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
目录
Introduction
Passwords will be inevitable for some time to come so choosing a safe password is essential. However - most of us have numerous passwords and truely random passwords are difficult to remember so we either write them down or reuse the same password over and over. Some time ago a study was done that determined a pattern for creating fairly good passwords that are easy to remember. This has been tested with users of all ages and backgrounds and it really works.
A pattern to remember
The key is a structured pattern - patterns are easier for us to remember. This particular pattern contains the following pieces:
- a pronounceable piece
- some number of numbers and symbols
- a pronounceable piece
in detail we are going to use the following pattern
- an upper or lower case consonant
- a lower case vowel
- a lower case consonant
- sometimes another lower case vowel or consonant
- between 1 and 4 groupings of
- a number
- the shift of that number
- an upper or lower case consonant (if the first letter of the password is not a capital letter force this letter to be a capital)
- a lower case vowel
- a lower case consonant
- sometimes another lower case vowel or consonant
An example in PERL
The following PERL script implements this pattern.
#!/usr/bin/perl
# generate fairly good rememberable passwords
srand(time() ^ ($$ + $$ << 21));
$howMany = 20;
$sym = "~`!@#$%^&*()-_+=,.<>";
$numb = "123567890";
$symcornum = "!@#%^&*()";
$numbsym = "1234567890~`!@#$%^&*()-_+=,.<>";
$lnumb = length($numb);
$lsym = length($sym);
$lnumbsym = length($numbsym);
$lsymcornum = length($symcornum);
$bothcons = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxz";
$upcons = "BCDFGHJKLMNPQRSTVWXYZ";
$lowcons = "bcdfghjklmnpqrstvwxz";
$lowvowel = "aeiou";
$convow = "bcdfghjklmnpqrstvwxyzaeiou";
$lbothcons = length($bothcons);
$llowcons = length($lowcons);
$llowvowel = length($lowvowel);
$lupcons = length($upcons);
$lconvow = length($convow);
for ($j=0; $j<=$howMany; $j++) {
$pass = "";
# generate the first pronounceable part
$pass .= substr($bothcons,int(rand($lbothcons)),1);
$pass .= substr($lowvowel,int(rand($llowvowel)),1);
$pass .= substr($lowcons,int(rand($llowcons)),1);
if (rand > 0.5) {
$pass .= substr($convow,int(rand($lconvow)),1);
}
# generate some number symbol sets
$numind = int(rand($lnumb));
$pass .= substr($numb,$numind,1);
$pass .= substr($symcornum,$numind,1);
if (rand > 0.5) {
$numind = int(rand($lnumb));
$pass .= substr($numb,$numind,1);
$pass .= substr($symcornum,$numind,1);
}
if (rand > 0.5) {
$numind = int(rand($lnumb));
$pass .= substr($numb,$numind,1);
$pass .= substr($symcornum,$numind,1);
}
if (rand > 0.5) {
$numind = int(rand($lnumb));
$pass .= substr($numb,$numind,1);
$pass .= substr($symcornum,$numind,1);
}
# generate the end pronounceable part
if ($pass =~ /[A-Z]/) {
$pass .= substr($bothcons,int(rand($lbothcons)),1);
}
else {
$pass .= substr($upcons,int(rand($lupcons)),1);
}
$pass .= substr($lowvowel,int(rand($llowvowel)),1);
$pass .= substr($lowcons,int(rand($llowcons)),1);
if (rand > 0.5) {
$pass .= substr($convow,int(rand($lconvow)),1);
}
print "$pass";
print "\n";
}
# Be sure to end the last line with an end of line.
print "\n";
An example of the output
Voz3#9(Xuk Lor8*1!susj Sif8*9(8*2@Bux Suzn2@0)zif wohm0)2@2@Juk fan1!7&Kuma sub9(8*2@1!Cur zeky5%1!Modx Cogc9(0)Pir Gixt2@1!kop vewk8*0)Job gehc3#Cak Dizx5%8*6^Xebg Reby3#6^Nez Gilf1!8*tovc Yoj6^9(liz xos5%6^1!Vowp sup5%2@Xol reni5%8*Tejw foj7&0)5%Tug Piw7&5%8*moc
Another example in PERL
This version of the PERL script prints each part out separately.
#!/usr/bin/perl
# generate fairly good rememberable passwords
srand(time() ^ ($$ + $$ << 21));
$howMany = 10;
$sym = "~`!@#$%^&*()-_+=,.<>";
$numb = "123567890";
$symcornum = "!@#%^&*()";
$numbsym = "1234567890~`!@#$%^&*()-_+=,.<>";
$lnumb = length($numb);
$lsym = length($sym);
$lnumbsym = length($numbsym);
$lsymcornum = length($symcornum);
$bothcons = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxz";
$upcons = "BCDFGHJKLMNPQRSTVWXYZ";
$lowcons = "bcdfghjklmnpqrstvwxz";
$lowvowel = "aeiou";
$convow = "bcdfghjklmnpqrstvwxyzaeiou";
$lbothcons = length($bothcons);
$llowcons = length($lowcons);
$llowvowel = length($lowvowel);
$lupcons = length($upcons);
$lconvow = length($convow);
print "\n";
print "Pick a first part...\n";
print "\n";
for ($j=0; $j<=$howMany; $j++) {
$firstpart = "";
# generate the first pronounceable part
$firstpart .= substr($bothcons,int(rand($lbothcons)),1);
$firstpart .= substr($lowvowel,int(rand($llowvowel)),1);
$firstpart .= substr($lowcons,int(rand($llowcons)),1);
if (rand > 0.5) {
$firstpart .= substr($convow,int(rand($lconvow)),1);
}
print "$firstpart";
print "\n";
}
print "\n";
print "Pick a middle part...\n";
print "\n";
for ($j=0; $j<=$howMany; $j++) {
$middlepart = "";
$middlepartnosym = "";
# generate some number symbol sets
$numind = int(rand($lnumb));
$middlepart .= substr($numb,$numind,1);
$middlepartnosym .= substr($numb,$numind,1);
$middlepart .= substr($symcornum,$numind,1);
if (rand > 0.5) {
$numind = int(rand($lnumb));
$middlepart .= substr($numb,$numind,1);
$middlepartnosym .= substr($numb,$numind,1);
$middlepart .= substr($symcornum,$numind,1);
}
if (rand > 0.5) {
$numind = int(rand($lnumb));
$middlepart .= substr($numb,$numind,1);
$middlepartnosym .= substr($numb,$numind,1);
$middlepart .= substr($symcornum,$numind,1);
}
if (rand > 0.5) {
$numind = int(rand($lnumb));
$middlepart .= substr($numb,$numind,1);
$middlepartnosym .= substr($numb,$numind,1);
$middlepart .= substr($symcornum,$numind,1);
}
print "$middlepart ($middlepartnosym)";
print "\n";
}
print "\n";
print "Pick an end part...\n";
print "\n";
for ($j=0; $j<=$howMany; $j++) {
$endpart = "";
# generate the end pronounceable part
if ($firstpart =~ /[A-Z]/) {
$endpart .= substr($bothcons,int(rand($lbothcons)),1);
}
else {
$endpart .= substr($upcons,int(rand($lupcons)),1);
}
$endpart .= substr($lowvowel,int(rand($llowvowel)),1);
$endpart .= substr($lowcons,int(rand($llowcons)),1);
if (rand > 0.5) {
$endpart .= substr($convow,int(rand($lconvow)),1);
}
print "$endpart";
print "\n";
}
print "\n";
print "For example: $firstpart$middlepart$endpart";
print "\n";
# Be sure to end the last line with an end of line.
print "\n";
An example of the output is
Pick a first part... Feq Lazg xand Sev Lan Sajm Yeq ticp Jupv Wodz Guhd Pick a middle part... 8*2@1! (821) 0)5%0) (050) 0)6^1! (061) 3#5% (35) 6^0) (60) 5%9( (59) 6^2@ (62) 0)0) (00) 8*9(1! (891) 0)7&8* (078) 7&3#2@ (732) Pick an end part... Qufe baz Mane qek sin Hebc cedk Dawq Juqt bid pej For example: Guhd7&3#2@pej
The same scripts but in PHP
The following are versions of the above scripts but implemented in PHP and suitable for use on a web site. Coming soon...
Variations
The passwords created using this pattern are still fairly random - but are much easier to remember - and a fairly good password that is easy to remember, even if you have several, is better than a truly random password that is inevitably written down. You can also vary the pattern - for example - instead of a number and the shift of that number - use a number and the shift of the number to the left or right for each pair - just so long as you are consistent and the user knows what the pattern is... for example: 1!2@3# or 2!3@4# or 2#3$4% The scripts above are easily tweaked to implement these variations.
Security
The strength of these generated passwords and resistance to cracking comes from two factors - the pseudo random nature of the letter combinations and the variable length of the password.
