http://www.perlmonks.org?node_id=223648


in reply to ??Mnemonic Passwords??

There's a couple of ways to do this. One way is to simply concatenate the pair of letters onto a scalar variable during the loop, and then "encrypt" the scalar when you're done, like:
my $password; for($i = 1; $i <= 4;$i++){ $password .= $c[int(rand(20))] . $v[int(rand(5))]); } my $encrypted_pass = encryption($password);
..and that's it. Note the "." between the two characters, replacing the comma when you were printing the values to the screen. Hope this helps. :-)

Gary Blackburn
Trained Killer

Replies are listed 'Best First'.
Re: Re: ??Mnemonic Passwords??
by djantzen (Priest) on Jan 02, 2003 at 00:40 UTC

    (Note: for some reason I'm getting logged out when trying to reply to the parent node of this thread, so this isn't really a reply to Trimbach :) What you need is to make sure you are adding your characters to a variable defined in an enclosing scope of your loop. This can be either a global/dynamic variable, or better, a lexical just like Trimbach's example. See What's a reference? What's a variable? What's scope? for an excellent recent discussion. Also, you can skip a step in your array initializations like so:

    my @c = qw/b c d f g .../; my @v = qw/a e i o u/;

    That said, I hope these passwords aren't going to be protecting anything of importance, because they are very weak. The central problem is that there is little entropy, or true randomness, involved in the password generation. Using the current time as a seed is a common technique, but if an attacker determines the clock setting on your server, all of your entropy is gone, and it's just a matter of feeding input values into various functions to find out how you are generating passwords. The fact that you've got alternating consonants and values gives an attacker an easy start.

    Secondly, the "encryption" function is virtually useless because it's a simplistic and static translation. Take a look at the builtin crypt for a good, oneway encryption function.