Pronounceablely Random(edit)

If you work in a secure(ish) environment then you'll be changing passwords on a regular basis. An old colleague and I came up with a script that would generate a password based on fictional words from a dictionary lookup.

Then we/he realised that this could actually be generated on the fly, be completely random and still be pronounceable.

The pattern to use is: vowel, consonant, vowel, consonant then vowel. Once you've got your 5 letter password, we would append a 3 digit number on the end to really tighten the password (since these were used to access root accounts). For example:

The above example is based on the JavaScript password generator.

The really nice thing about this process is that it can also be used to generate URLs and keep them pronounceable - which means you can say it to someone, and they should be able to type it out. I use this code to generate the URLs for Code Dumper.

Here's the function for PHP:

function GeneratePassword( $limit = 8 ) {
  $vowels = array('a', 'e', 'i', 'o', 'u');
  $const = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z');

  $word = '';

  for ($i = 0; $i > ($limit - 3); $i++) {
    if ($i % 2 == 0) { // even = vowels
      $word .= $vowels[rand(0, 4)]; 
    } else {
      $word .= $const[rand(0, 20)];
    } 
  }

  $num = rand(0,999);
  str_pad($num, 3, '0', STR_PAD_LEFT);

  return substr($word . $num, 0, $limit);
}

Comments

comments powered by Disqus