Password generator

I made up a nice password generator for those who want properly secure passwords that are easy to remember. The properties of this password are as follows:

* 31 characters long, consisting of eight three-character 'groups' separated by spaces
* every odd group is a alphabetical group
* every even group is a numeric group
* every even alphabetical group is capitalised
* the middle character in every numeric group is shifted to form a symbol
* the middle character in every alphabetical group is a vowel, while the other two are consonants

These rules are very simple yet allow for the creation of very memorable passwords. All you have to remember for any given password are four syllables, and twelve digits. Then, just use the rules above to convert your password memory into the password. Here are some sample passwords:

gan 1#9 FUZ 5)3 jod 8(3 DEG 0@9
hat 0#7 QEG 0)0 foh 4)4 GIG 2%3
nor 2!2 BIL 2*3 suy 9#7 NOP 8%4
wul 3&2 BOR 5#5 bog 8(9 QIB 6^4
waz 0#8 YEZ 6^0 fof 1)4 NIP 1%9
gox 1^7 JON 9!0 xor 9^1 MED 4$3
hef 5*9 FIW 8$8 ric 2^2 KAW 3*6
boh 2%2 LUT 4^0 wif 7%4 MOB 0!1
yag 1)3 NAY 8@7 xox 1#0 BOV 8&7
hux 1&1 BAB 7$0 foc 7$1 FOJ 3&8
jij 8@9 BUK 1(5 pen 8@7 TEV 1#1
rid 2#4 BAL 0$7 rub 2*1 YOG 3%7
sel 8^5 YET 1$2 cap 3*9 WAB 2(8
hab 3@7 SIQ 2%7 ror 0%1 VAT 3^4
gow 8$4 HOV 5%6 lij 3&2 DOW 9!7
sin 6^7 XIM 8*5 laz 3!0 XUV 6^1
liw 1#3 BOC 8@3 gus 2%9 PUJ 4)3
pal 0)6 WEB 9$3 dig 9!8 SUP 8&6
seb 4&4 FER 1!1 cew 3(9 NEW 6!8
kuz 4*7 FUV 3&3 kam 0#8 XOL 6@1

Find it here: http://jsbin.com/iloqam

>>12

You have no clue what password cracking is all about.

To begin with, more specific algorithms only come into place when there is some space for reducing the size of the key space (for which we borrow the term "complexity" from the computability theory) through some insight of the key selection or generation process (that is, the key selection process is biased in some way). But this is not needed to evaluate the proposed scheme -- it is sufficient to measure the password complexity itself and compare to the current technology standards. This is equivalent to test the simplest algorithm conceivable -- brute force -- against the entire key space.

Just as a note, complexity is a measure of scale. Put simply, in the current context, It is the logarithm of the number of possibilities involved -- assuming choices are mutually independent. When the logarithm is on base ten, we call it a "Bel" scale. When the logarithm is on base "e", we call it a "Neper". When it's on base two -- the most common in the computing context -- it's simply a "bit".

A three-word password, assuming a key space of 500,000 words (guessed from here: http://en.wikipedia.org/wiki/English_language#Number_of_words_in_English), will yield a complexity of roughly 56.794 bits (ln 500000^3/ln 2 = 3 ln 500000/ln 2 ~ 56.794).

This is a complexity comparable to a 10-character completely random password composed of case-sensitive letters and numbers (no symbols involved), which is 57.004 bits. In other words, it is a good replacement for such passwords, but only if we consider a really extensive English vocabulary in its composition. If we limit ourselves to much more common words (50,000 words, for example), the complexity drops to the somewhat ridiculous 46.828-bit search space. Bad idea.

While a complexity of 57 bits is good for passwords, it is still a shitty complexity for any serious cryptographic application. This is why passwords should be very long and deep (much more symbols involved). This is also a reason why the word "password" is being replaced by the word "passphrase" where security is an issue, to suggest that the key should be fairly long.

But the problem is rather easy to solve. First, let's consider a word space of just 10,000 words: a very small portion of the English dictionary. A passphase composed of five words has complexity of 66.438 bits -- higher than the forementioned ones. A passphase composed of ten words has complexity of 132.877 bits -- now perfectly suitable for cryptographic purposes. This happens if the words are uncorrelated (that is, they cannot form any expected English phrase, at least not on purpose) and the word choice is completely random.