All the Perl that's Practical to Extract and Report

Pronounceable passwords

acme on 2008-04-30T14:00:44

Let's ignore the security aspects and have a fight. In one corner, clkao's Text::Password::Pronounceable. In the other corner, my String::Koremutake: 

#!perl
use strict;
use warnings;
use Perl6::Say;
use Text::Password::Pronounceable;
use String::Koremutake;

say "Text::Password::Pronounceable";
foreach ( 1 .. 10 ) {
    my $password = Text::Password::Pronounceable->generate( 6, 10 );
    say "  $password";
}

say "String::Koremutake";
my $k = String::Koremutake->new;
foreach ( 1 .. 10 ) {
    my $s = $k->integer_to_koremutake( int( rand(2_000_000) ) );
    say "  $s";
}

Laaadies and gentlement: the fight begins: 

Text::Password::Pronounceable
  dtwlysoto
  bileoire
  metstari
  hisiner
  icaharwet
  thitilos
  hilerith
  ilyome
  weyhow
  ttovihith
String::Koremutake
  kigelu
  hestemi
  jimygy
  teliku
  jynegra
  prydryji
  sitimy
  bronesi
  vonipro
  litisi

And the winner is... I'm not sure. Who won?

I _think_

jesse on 2008-04-30T15:01:17

(but have not tried to prove) that using Koremutake is going to lead to it being easier to brute force a password list down the line.

Re:I _think_

Ron Savage on 2008-05-01T00:56:59

Text::Password::Pronounceable wins, simply because I can find it on CPAN by searching for Password via module name. I normally don't do a Search All.

koremutake :)

jrockway on 2008-04-30T15:13:01

And incidentally, "koremutake" is easier to pronounce than "pronounceable".

Re:koremutake :)

hex on 2008-05-02T03:40:05

Core-mu-take? Or Co-ray-mu-ta-ki? I don't have to think about "pronounceable". :)

Jynegra!

petdance on 2008-04-30T16:09:14

Jynegra sounds like a multinational corporation that does something you're not quite sure about. "Jynegra: At the forefront of progress."

Re:Jynegra!

rjw1 on 2008-04-30T18:33:23

they leverage the synergy of gin and viagra.

the only way....

rjw1 on 2008-04-30T18:34:08

to win is to not play.

Koremutake (just)

jacket on 2008-04-30T20:08:02

10 out of 10 are pronouncable with String::Koremutake

8 out of 10 are pronouncable with Text::Password::Pronounceable

The winner: apg

pjf on 2008-05-01T03:06:24

The winner is the unix apg (auto password generate) command, simply because it tells you how to pronounce your passwords:

pjf@teddybear:~$ apg -n10 -m6 -x10 -t
dyknip (dy-knip)
FereOw (Fe-re-Ow)
otAlfig^ (ot-Alf-ig-CIRCUMFLEX)
tasEms (tas-Ems)
AtIfRith9 (At-If-Rith-NINE)
ucGuj+ (uc-Guj-PLUS_SIGN)
igsyehod0 (igs-ye-hod-ZERO)
cogwig_ (cog-wig-UNDERSCORE)
seajaf (seaj-af)
shoHiujca (sho-Hi-uj-ca)

If any of the modules provides pronunciation tips (as does apg), then it wins. Otherwise, T::P::Pronounceable wins because I'd find it on a CPAN search; I'd never think to search for S::K.

A note about "say"

bart on 2008-05-01T10:01:23

In scripts like these it really jumps at me what a silly keyword "say" is. In a script that states that a word is pronounceable, I expect that the script is going to try to say it out loud. And that that is what "say" is doing.

It's not.

Re:A note about "say"

Aristotle on 2008-05-01T11:53:30

And every time I see print, I think screeching needles hammering paper.

Maybe it should be called display.

Re:A note about "say"

hex on 2008-05-02T04:04:36

output!

Module naming

hex on 2008-05-02T04:03:33

I notice you've used String:: while clkao used Text::. For a vaguely similar module I used Encode:: (and if you go further along the words-and-numbers spectrum you end up, predictably, at Number::).

I have a pipe dream that one day there will be CPAN author round table meetings where similar modules in disparate namespaces will be agreed into consistent groupings. Ah well...

Ruby implementation done :-)

gwolf on 2008-05-02T22:46:24

I liked your module. And although I'm more a Perl than a Ruby guy, I felt I needed something like this. So... Well, for the love of $DEITY, I cannot find the way to upload the project page to RubyForge (and I've done it, for my other projects there!)... But if you are curious and want to look at how I reimplemented what I saw from you, just clone the Git repository:
git clone git://rubyforge.org/koremutake.git
Thanks for a neat idea!

Ok, done

gwolf on 2008-05-02T23:06:42

Seems I only needed to publicly ridicule myself to find a way to upload a project page. Anyway, Ruby koremutake implementation. So there.