flak rss random

easy mobile passwords

Matthew Green asked for a password generator that’s easy to enter on a phone.

Here’s one solution that works for the iPhone keyboard. To make it easy to type with your thumbs, it alternates sides of the keyboard for each letter. Sometimes it throws in a shift. Sometimes it throws in a symbol, but only one from the right side since it requires before and after left taps to get there. In practice, it appears to generate passwords that I can or could at least learn to type fairly quickly.

local ffi = require "ffi"
ffi.cdef[[uint32_t arc4random_uniform(uint32_t);]]
local function rand(max) 
        local r = ffi.C.arc4random_uniform(max) + 1
        return r
end

local leftletters =  [[qwertyasdfgzxcv]]
local rightletters = [[tyuiopghjklvbnm]]
local symbols =      [[567890()$&@"?!']]

local bitsperletter = 4 -- for small values of 4

local desiredentropy = 64

local entropy = 0
local leftside = rand(2) == 1
local password = ""
while entropy < desiredentropy do
        local shift = rand(8) == 1
        leftside = not leftside
        local letters = leftside and leftletters or rightletters
        if leftside and rand(8) == 1 then
                letters = symbols
        end
        local idx = rand(letters:len())
        local let = letters:sub(idx, idx)
        if shift then
                let = let:upper()
        end
        password = password .. let
        entropy = entropy + bitsperletter
end

print(password)

Results:

haygk)pavGb6japw

dbvirgqlryvodmgn

aoqm)igjcteufnxn

ayxudtryqmgjdt8k

yapfvfiytdbzidie

I could probably memorize one of those. I was worried I’d have to complicate things by weighting English digraphs, but some natural structure emerges randomly. How could you not remember the yap bzidie?

Another version that produces lower case English (Finnish?) looking words.

local letters = {
        "c", "k", "t", "tr", "rt", "p", "pr", "d",
        "v", "n", "l", "nd", "z", "g", "th", "s" }
local vowels = { "a", "e", "i", "o", "u", "y", "oo", "ee" }

local letterbits = 4
local vowelbits = 3

local wantedbits = 64

local bits = 0

local ffi = require "ffi"
ffi.cdef[[uint32_t arc4random_uniform(uint32_t);]]
local function rand(max)
        return ffi.C.arc4random_uniform(max) + 1
end

local atoms = { }
while bits < wantedbits do
        table.insert(atoms, letters[rand(16)])
        table.insert(atoms, vowels[rand(8)])
        bits = bits + letterbits + vowelbits
end
print(table.concat(atoms))

treetykaveprethicooputhedu
soonataviceenoopatecoge
gootrozapiceelytrithunula
preezypeendothanundipeesooka

Longer but perhaps more memorable if you say it out loud a few times.

“preezy peendot han undi peesooka”

If people can memorize “Where is the bathroom?” in Klingon, I think they can handle that.

Posted 01 Sep 2014 23:00 by tedu Updated: 30 Nov 2014 22:18
Tagged: gadget lua programming security web