On Thu, 2015-02-26 at 10:50 +0100, Tomas Mraz wrote:
> And so on. I got these from Lastpass which lets me choose
'make
> pronounceable' as an advanced option, and I can pick any length. The
> argument against is that chances are the user has to write these down
> at least temporarily until memorized. *shrug* But that could be true
> for four word passphrases too.
Note that there is already pronounceable password generator in the
libpwquality library. You can test it with the pwmake command. The
generated passwords contain also some numbers and special characters so
that they can be shorter with the same entropy. The lowest entropy
passwords that are possible to generate have 56 bits which might be a
little bit too much though for cases where online attacks are
rate-limited.
For the generation of passwords to memorize I find apg convenient
because of the added spelling.
$ apg -a 0 -m 15 -t
jortedfavwievTo (jort-ed-fav-wiev-To)
PryFlydkibBojfi (Pry-Flyd-kib-Boj-fi)
)WrernyanwamNia (RIGHT_PARENTHESIS-Wrern-yan-wam-Nia)
inHinReexHookot (in-Hin-Reex-Hook-ot)
6wrowgAmFaypErm (SIX-wrowg-Am-Fayp-Erm)
HaQuisyaggUfes6 (Ha-Quis-yagg-Uf-es-SIX)