lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed06ba954be8f317c6c89ffd7f08eeccc83aba20
hpr-knowledge-base/hpr_transcripts/hpr2764.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

545 lines
34 KiB
Plaintext
Raw Blame History

Episode: 2764
Title: HPR2764: Personal password algorithms
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2764/hpr2764.mp3
Transcribed: 2025-10-19 16:31:58
---
This is HPR episode 2007-164 entitled Personal Password Algorithms and is part of the series
Information Underground, it is hosted by Klaatu and is about 41 minutes long and Karim
a clean flag.
The summary is, is it possible to generate a unique password for every site?
Klaatu tries.
This episode of HPR is brought to you by an Honesthost.com.
With 15% discount on all shared hosting with the offer code HPR15, that's HPR15.
Better web hosting that's Honest and Fair at An Honesthost.com.
Hey everyone, this is Klaatu, you're listening to Hacker Public Radio, want to talk about
passwords?
Passwords are funny things because we're all stuck with them, we have to have a bunch
of passwords almost no matter what, whether we like it or not, we need to have lots of
passwords.
It stabs out there at making passwords in some way a little bit more unified, so for
instance open ID, that sort of thing where you can have a centralized server that does the
authentication for you and that's great, that's really cool and there are really great
things like two-factor authentication where you can't get in unless you have some number
generator on you or some way to receive a message or something like that, so that's
really cool.
But not everyone is using that sort of thing and I don't mean like people, I mean places,
for instance, you couldn't sign up for half a dozen sites out there if you said, or I'm
only going to use things that will accept open ID or two-factor authentication or both
or whatever, it just wouldn't be a thing that you could do because not everyone is doing
that.
And frankly, probably not everyone needs to do that, there are some things out there that
are fairly trivial in terms of what kind of information they actually have on the server,
so if accounts got compromised, then maybe sure some preferences will get changed on
you or something, but there's no expectation that privacy is lost from a compromised
account.
There are low-level things like that out there that you just don't need a whole lot
of a big complex back end for.
But you still want to have some kind of password so that people can customize their experience
maybe or whatever.
I'm just coming up with examples off the top of my head.
So passwords, generally speaking, you're going to have to have a bunch of different ones
and you're going to have to keep them organized.
And we all know that there are methods out there of keeping them sort of organized.
There's things like last pass and key pass and one pass.
Most of things that end with pass, I guess, I've never used any of those things actually
because I've never felt the need to.
But those are out there.
They exist.
People use them.
People seem pretty happy with them.
I've never used them because I'm always afraid that I'm not going to have the thing that
I need when I need it.
And so I think, well, what if the computer that I'm on doesn't have access to key pass
or last pass or whatever, the thing might be.
So I've got methods of managing passwords, but I was sitting around thinking, well, wouldn't
it be neat if there were methods that we could come up with, possibly more than just me?
Like if you're listening to this and you have ideas on this, I would love to hear an
episode about it.
But methods to create systems by which you can create a unique password for any site
that you go to, but also that you can then remember, that you know how to formulate.
So in other words, a private algorithm that you use to generate what may as well be
unique passwords for every site.
And that would mean that if someone had compromised one site with your information, they have
gotten a password that is specific to that site.
Now, the problem is when you come up with these with an algorithm or you attempt to come
up with an algorithm I have found for a website or for a password schema, I guess I should
say, is that you start to realize just how easily in theory, you know, theoretically,
how easily all of these things are reverse engineered, I mean, algorithms themselves.
So for instance, let's say that you decided, I mean, just taking really a poor example here,
let's say that you've decided that you're, you've signed up for Yahoo.com and you decide,
well, I'm going to use my standardized algorithm and that algorithm is going to be that I'll
take Yahoo, the name of the site, which is Yahoo, and I will apply a rot2 to it.
That's just, so it's super easy for us to think about.
So rot2 would dictate that we move each letter over two slots.
So y, wait, u, v, w, x, y, so y, z, a, and then a, b, c, h, i, j, zero, or o, q, o, q.
So your password would be a, c, j, q, q.
Well, if someone gets that password, they compromise your password, they get that, then
because you've used this really poor algorithm for just Yahoo, then technically they've only
gotten the password for just your Yahoo account.
But if they're, if they're tracking you specifically and they're, they're actually following up
on you, they might, they might recognize a, c, j, q, as a simple rot encryption, if we
even call it, it's really a cipher, I guess, right, c's are cipher classically.
So, so they, they might recognize that and say, well, if they're using that for Yahoo,
then maybe they're also using that for their, um, I don't know, Facebook account.
Why are they on Facebook still?
I don't know.
And then they see Facebook and so they type in H, C, E, G, D, Q, Q, M, and sure enough,
that's your algorithm.
That's the thing that you've been using and so that, that, that cracks it wide open.
And you can, and you can, the weird thing about this sort of thing is that you can go
through and really attempt to come up with, with algorithms that, to you seem very random,
but the more you do it, the more you realize, oh, this is exactly, it's, it's very predictable.
And that's the tough thing about coming up with algorithms.
I mean, for instance, so let's say, if you said the Yahoo example again, right?
So you said Yahoo is, is a one, two, three, four, five, it's a five letter word, right?
So let's say we're going to say, okay, so our password is always going to be rot2, and
then a dash, and then we'll put a, we'll put the number of letters that, that is in the
website.
Yahoo.
Or we could even say, okay, it's going to be Yahoo.com, it doesn't really matter, right?
Because it's always going to be basically the same, but sometimes it would be different.
So you could say Yahoo, one, two, three, four, five, dot, six, and then C, O, M. So that's
nine.
And we could say, and then we'll put the letter position of the third letter in.
So A, C, or let's, for ease of use, let's say the second letter in.
And so we'll say A, C, so that's the third, third letter of the alphabet.
So we'll put nine, three.
So now our, our rot2 password is acjqq-9, three.
Well, great.
That's really cool.
And since most, since most, since most sites require some kind of capital letter as well,
we could say, okay, well, we'll always capitalize the second letter in the, in the, in the
website.
So Y, or A, capital C, and in lowercase jqq-9, three.
And that seems pretty, and you could put more, you know, maybe more symbols in there
if you wanted or whatever you think would, would please.
And I guess you would have to come up with a rule to buffer as well, because a lot of sites
have rules about, well, you can, they need to be at least eight, eight characters.
So you could say, okay, for any, any characters that I'm lacking at the end, I'll add a,
I don't know, an underscore or something like that.
So you can make it sort of interestingly complex and dynamic in appearance.
But then if you, if you do it a couple of times, you'll, you'll realize that it actually
is pretty predictable because, I mean, frankly, because it is predictable.
I mean, you've, it's pretty easy to, to figure out.
So are not, not super easy.
But I mean, if someone really tries, they can, they can reverse this because this is really
like grade school encryption, right?
So Facebook, again, one, two, three, four, five, six, seven, eight letters, and then
dot com.
So nine, ten, eleven, twelve, so that's one, two.
And then I think we said the letter position of the second letter.
So that is actually, again, a C. So that's a three.
And then there would be no buffer because that's eight characters or more.
So we're good.
So Facebook would simply be H, C, capital C, E, G, D, Q, Q, M, dash, one, two, three.
And while it might work because that is certainly dynamic, I mean, someone who, who then compromises
your Yahoo account and comes away with AC, J, Q, Q, dash, nine, three underscore, or I guess
that underscore wouldn't be there because we were saying that if it was only eight characters
or less, right?
Yeah.
So, okay.
So nine, three.
Then, then if they take that, if they take that pattern, and even if they figure out
the rot part, and they might, they might convert Facebook to rot to and figure that out.
But maybe they don't equate the nine with, you know, what relationship does nine have
with the word Yahoo, we're not really sure where just the three come from, we're not really
sure.
But if they were to get lucky and get probably just, just two samples, they would probably
be able to figure it out from that.
So it's one of those things that is difficult to just kind of invent an algorithm.
Such that you can reuse it frequently and successfully generate what are either truly
random or truly unpredictable, I guess, maybe.
I keep going back to unpredictable versus random, I guess, because that's in my mind a
lot of the things that are generated are just unpredictable.
And so I thought, well, how could we do that?
Well, what would be a cool way to do that?
And I looked at a couple of different systems, there are a lot of systems online to come
up with passwords, and there are some really stupid ones.
There's a comic out there that, that, that, that rather confusingly just proclaims that
if you use English words, then you are, you are increasing entropy and you are making
it more memorable.
And I don't really see how choosing a set of random English words is going to help you
remember for all the 45 different sites that you have accounts on, I don't really understand
the logic of that.
And it's an oft quoted comic, and I never really understood the, how, how that was at all
sensible.
Like, okay, these are human, these are English words, but they're still, you know, to the
user, they're, they're completely random.
There's no clue within the website itself on what to refer to.
And I also saw some stuff about dice-generated passwords, which intrigued me at first,
but once again, it's, it's really just to ensure that you are being fairly random rather
than just picking the name of your dog or your cat or whatever.
It's, it, there's no, there's no built-in way to, to sort of recover, there's no password
recovery, I guess, is what I'm complaining about.
And password recovery is difficult because if you want password recovery, if you want
to be able to go to a site and think, what would my password for Yahoo.com have been,
I don't know why I'm choosing Yahoo of all things, but let's, let's go with it.
So what would my, my password have been for Yahoo.com?
Well, I have no idea because I just, I, I randomly generated some string of words and
numbers with some dice and, and there's no way to, there's no way to remember what
that would be.
Ensure there are recovery methods built into most sites.
So in that sense, maybe, maybe that is a great way to do it.
If you don't remember the password, it's because you're not visiting the site frequently
and, and maybe that's, um, maybe there's something to that.
But I don't know, I, I feel like there's got to be a better way.
So I came, I came up with a couple of different ways and it's kind of funny because when
you're trying to come up with these things as mental exercises, I think there's a tendency
to assume that the more complex it is, the better you think, well, if I come up with a really
complex way of generating a password, then surely it will be more difficult to reverse engineer.
But I mean, we just spent, I don't know, six, seven minutes talking about the different ways we
could carve up Yahoo.com and Facebook.com into, into unique strings with, with surprise
values here and there.
And yet the more we repeated it, the more obvious the algorithm became.
That's the problem.
So I was thinking of different ways of alleviating that problem.
And one, one way that I came up with was a word matrix.
So I went out onto the internet and collected a bunch of word lists, not, not a huge word
list because I didn't, I didn't need that many.
But I, I, I gathered about 2000, 2000 words, let's say, from a wildlife, from D&D monsters
and demons and Linux distributions, dinosaurs and so on.
So it's, it's arguably not the, the simplest word list you could, you could, you could ask
for.
So I mean, in terms of word length and word complexity.
So I'm not sure how, how great of a list it is, but it, it is a word list, nevertheless.
And then I, I did, I generated, I did a quick little bash script to select pseudo randomly
from this word list, an array of 27 words across and 27 words down there by generating a,
a table of, of words.
And across the top, I listed A, B, C, D, E, F, G, H, H, A through Z and then a spare one.
And then down the side, I listed A through Z and then one spare.
And my idea here was that I'm going to open that up right now actually so I can refer
to it.
My idea here was that maybe using a big table like this would provide what to, an outside
observer would look like sort of some kind of geek project that maybe would be meaningless.
A bunch of dinosaur names and Linux distributions and D&D monsters.
Doesn't really seem that, that useful if someone comes across this table for instance on my hard drive or,
or an encrypted file on my hard drive or maybe I printed out out and put it in my, my,
my notebook or something, who knows.
Point is that it's a big word list and it doesn't necessarily mean anything.
And you wouldn't have to have the heading, the header columns as well because that does kind of,
I guess, make it a little bit more apparent as to what it might mean.
But the idea here is that the word list is completely, well, you know, pseudo,
pseudo completely randomly generated.
So the words do not align with the letters in any way.
And I thought, well, this is a, this could be a good sort of key for generating a random,
a couple of random strings.
So for instance, if we did, if we looked for Yahoo, we could say, well,
what we'll do is we'll take the first two letters in a site name.
So Y and A and that will be our first word in our password, our first string in our password.
And that is according to my chart, this, this particularly randomly generated version of this chart,
actually, because if you, if you generate one, you will have a different, a different chart.
So according to mine, it's Mog and Knight.
And then maybe we could say, okay, so we'll, that, that will be our pattern.
We'll also take, but we'll, we'll take the, the intersection of the first two letters of any site.
And then the intersection of its, of, of, of the final letter with itself.
So in Yahoo's case, it would be O and O, which on my tables is arrowhead.
So there's arrowhead.
That's a common name for a butterfly, a specific kind of butterfly, I think.
Or it could be something else, I don't know.
So Mog and Knight and arrowhead are the two strings that I have.
And it would probably not be a horrible idea to come up with some numbers and some special symbols,
because generally speaking, sites want those.
And also a capitalization scheme, because sites generally want that as well.
So to be a little bit different, what I'll do is I'll say that I'll capitalize the final letter of the first string
and the first letter of the second string.
So I've got sort of two capitals sort of in the middle there for no good reason.
And I guess between the two letters, no, let's do that.
So at the end of the, because a lot of sites want passwords to start with a letter.
So that's what we'll do that.
Special characters seem to be pretty contentious between some sites.
Some sites are very particular about which special characters you are allowed to use.
Other ones very, very nicely tell you to use anything you please.
So we'll choose something very, very safe and standard for our schema here.
And we'll do an underscore.
And then to generate a number randomly, let's just say we'll take the first letter of the site
and get the intersection of the first letter with itself.
So we'll be on the Y, the Y row in the Y column is enigma-saurus.
So that's 2, 4, 6, 8, 10, 12.
And we'll just, yeah, that's 12.
So we'll say our password then is mogenite with a capital E arrow head underscore 12.
That's pretty difficult to reverse engineer if you don't have our table.
Have our exact table.
And it's pretty difficult to reverse engineer.
I would think even if you did have the table, because you need to know the selection.
And I have rather randomly declared that it's going to be the first two letters,
the intersection of the first two letters, and then the intersection of the final letter.
And then the letter count of the intersection of the first letter.
So to me, it's easy to remember.
But in terms of reverse engineering, I feel like it's pretty difficult.
So mogenite arrow head underscore 12 is the Yahoo.
Let's do a G.
Well, yeah, let's do Gmail, I guess, because that's the same number of letters as Yahoo.
So we'll see how that goes.
So the intersection of the first two letters would be g and m,
which on my randomly generated thing is mandriva.
So I'll type that in mandriva with a capital A at the end.
And then we said that the final, the intersection of the final letter with itself.
So that's LL is appendix.
That's the word appendix.
So capital A and then appendix.
And then we are going to do an underscore.
And then we also take the word count of the intersection of the first letter with itself.
So that is g, row, and column.
And that is a shinsosaurus.
Shinsosaurus.
So that's 2, 4, 6, 8, 10, 12, 14.
It's very coincidental that it is a dinosaur as well.
So that's mandriva appendix underscore 14 with capital A's there in the middle at the
place where the words are joined.
And for the final example, let's do Facebook really quick.
So again, F A, the intersection of F A in my list is Houdini with a capital I.
At the end, the intersection of K with itself is, let me get over to that column.
I'm going to have to copy and paste this one because, yeah, I don't know that one.
It's a Chang-guiraptor, Chang-guiraptor.
So capital C on that one.
And then we'll do an underscore.
And then we'll do an intersection of F and F, which is actually susosaurus.
Also dinosaurs, I guess I need to adjust some of the numbers in the word lists, I guess.
But I mean, this is also just unexpected.
I mean, sometimes random favors, you know, random, you don't like to see the patterning
randomness.
So if you do, you think it's not random.
2, 4, 6, 8, 10, 12, so that's a 12, so that's a underscore 12.
Houdini, Chang-guiraptor is a underscore 12.
So there you go, that's some fairly randomized stuff.
Weaknesses of this system, obviously, it has a table that it has a key that technically
could serve as the method by which this can be reverse engineered.
Right?
So if you have this table and you do need the table in order to reverse engineer it yourself,
so you would, you know, you have to have copies of this table around.
The advantage here is that the table is rather meaningless on its own.
It can be a word list without even, like I said, headings or pattern of letters on the
side, and it would be perfectly innocent word list.
But if you know that the 26th column and the 8th row is what you're looking for for
this site name, and then the 8th row of the 8th column is what you need for that letter
in the site name, and the 4th, or the 26th and the 26th for this one, then you're good
to go.
And that's, no one would know that, and it doesn't have to be, it doesn't obviously
have to be that pattern either, it could be some other pattern, just as easily.
You wouldn't have to use the first letter, the second letter, intersection.
Now again, let's look at what we have and try to reverse it.
So if we look at the Facebook one, if we find Houdini on this list, then we can see that
it is the intersection of F and A. So that's a pattern that we can recognize pretty quickly.
You can hang your app there if we find that.
We can see that that is the intersection of the K and the K. So that's reversible.
Under score 12, interestingly, is a lot more difficult to reverse engineer, and in fact
there's probably some good misleading, you know, you could probably find lots of reasons
why it would be 12 if you looked hard enough without any knowledge of how we arrived at
12.
Interestingly, the most difficult thing to reverse engineer in this equation, the
underscore 12, is also the one that has already been repeated in three instances, because
the Yahoo one got an underscore 12 as well, Gmail got an underscore 14, and then this one
got an underscore 12.
And that may be simply because in a word list, you're going to have lots of repetition
and lots of approximations, certainly if you're using a word list of Linux distros, for
instance, then they're all going to be sort of a two-cellible word.
If you're using a word list of dinosaurs, they're all going to be really long words and
so on.
So that might be something to capitalize on, actually.
So if we say, okay, well, this convention of taking an apparently random value in our
word list and counting up the letters in it or something like that, maybe that's a good
idea.
We could maybe add another one in and say, okay, we'll take the intersection of that first
letter again of the first two letters and we'll count the vowels in that word.
So HOU12, and I and I for Houdini, so that's for whatever they're called vowels, and we
could stick that in somewhere.
So Houdini for Changu Raptor, and Mandriva, how many vowels are in that one, two, three,
three appendix, and Manganite, one, two, three, four, four again.
So a little bit of repetition again, but pretty difficult for someone to just kind of figure
out where those numbers are coming from, I think, given, given the number, the number,
number, I think, given what is provided here.
So that's an idea for password generation.
As I say, the idea of just taking the first two letters is just completely, I just came
up with that as I was recording this, you could just as easily do the intersection of
the final two letters in a site name, or you could say that you're going to start with
the exact middle letter, and if there is no middle letter, then you'll favor either
the right or the left, depending on whatever you prefer.
You'll take that exact one, and use that as the first string, and then you'll do some
kind of calculation of letters or vowels or both, and put that in as the next value
with some special character, and then you'll get the intersection of, I don't know, some
other, you know, the first letter that you, or the first letter that you used as your
basis and the intersection with the final letter of the string, and use that as your final
string, something like that.
And certainly you don't even have to use a word list.
I just used a word list because I felt like that was going to be easy to generate, and
it was pretty much.
I just went to a bunch of Wikipedia articles, dumped it into a text file with links, and
then extracted a bunch of strings with ock, and that was it, done.
So that was pretty simple, but you could just as easily generate a bunch of randomized
strings and numbers, and dump them into columns, and then you'd have what would look to
anyone like an MD5 sum, practically.
Your password would be completely unrecognizable, but infinitely repeatable by you.
And as long as you have the key to how you are going to use the matrix of words or strings
or patterns, then it is private to you.
The trick, I think, is to make your method something that is difficult to reproduce should
the matrix be discoverable, and that would be kind of an interesting exercise.
I would love to just have maybe a fake user on the internet who uses a standardized, you
know, who does use a table, a key that is publicly available.
Like the matrix could be publicly available, but the key to that matrix would be completely
private to maybe one or two users, real life users.
And that would be kind of interesting to see how well that performs against like a brute
force attack.
I mean, because at some, that would be the table would only be worth it, would only be valuable
as a brute forceable thing.
But then you would also have to extract metadata from that table if they were, if you were
using, if you're key, if you're private key, you used special characters that maybe were
generated from some, from some, from something, you know, any word starting with a through
j gets a dash, any word starts with k through m gets an underscore, whatever, a percent
sign, a hash, whatever.
And so you'd have to, or, or, you know, the numbers that we are generating are derived
from the number of consonants in this particular strain, so on.
So there would have to be metadata that the brute force attack, even against a, a, a,
a public word list would have to, would have to also use utilize in order to, to then successfully
brute force the thing.
So that's kind of interesting.
I mean, that's what a brute force attack is, so they could just throw random numbers
and characters at, at a problem.
And I'm sure it would, it would eventually break.
Would it break all the passwords generated by the table, though, I'm not so sure.
So I don't know if, if you have, um, thoughts about password generation and private algorithms
for websites, please post or rather record a show because this is a, this is a, a puzzle
that I'm quite interested in lately, just, just a sort of an analog way to, to, to provide
yourself with the tools for a unique password for every site that you sign up for, or at
least for every site that doesn't offer something like to factor authentication or centralized
authentication.
So maybe you would just be using it for the outliers that you can't sign in with, with
your, your, um, your open ID account or with, with your two factor things.
So that would, you know, it could be just a subset of the sites that you go to, but it
would be something that you could have, you could refer to, maybe you would even have
to refer to because, I mean, except, unless you went there all the time, you might have
to refer to this site or this, uh, table rather, this matrix that you've got and then keep
that internal code of how to generate it based on that data.
Other ideas are certainly, certainly welcome though.
I'm, I'm, I'm, I'm eager to hear if anyone has thoughts on this sort of thing and how
you would come up with your, with, with a unique password that you could generate as needed,
but that would be difficult for others to figure out how to generate the same thing.
And with the, the same data, uh, provided you.
So thanks for listening.
Um, I will include all the, the, the word lists and the generator scripts on, in the show
notes so that you can, uh, possibly emulate the same thing that I've done, uh, just, just
for kicks and maybe you can modify it for yourself, maybe you can actually use it in some way.
Who knows?
Heck, maybe I'll start to use it.
So really quickly, um, I'll, I'll talk about, actually, I was going to end the episode,
now I realized that I should probably at least really quickly kind of go over the, the
logic of the generator script, which it's not super hard, but it dumps everything into
an org mode, into, um, into an org mode document.
So it's for Emax and it's kind of a nice way to use pure, uh, pure text tables.
It just has some nice little, little features that help you, help you use tables in plain
text. It, it's a lot better than, um, well, it's, it's certainly more useful to me than
a spreadsheet, uh, and it's, it's, yeah, kind of nice.
So the first thing that it does, the bash script is that it, it checks to see if you've
given it an argument and if not, then it assigns the default destination to a file called
matrix.org.
Otherwise it dumps it into a file of your naming.
So if you execute this generate dot s h script or whatever you call it and you give it,
you know, food dot org, then it will write all of the data into food dot org.
If you give it nothing, then it will generate, it'll dump all the data into matrix.org.
It opens up your destination file by dumping an array of letters into, uh, letters and
pipe symbols into, into a file.
And that's the header.
That's the, the, um, column headers.
The first one is empty and then ABC through Z and then a question mark at the very end.
The question mark I figured would be necessary for sites that have weird characters in them
or, or that just have exceptions that you need some kind of, uh, I didn't account for that
in my original plan.
So I'll have to do something.
Okay.
And then it creates an array called vert and that is a through Z with a question mark at
the end.
And then it cats all, um, files that end with list, the word list in the current directory
into a temp file.
And that's simply because I had a bunch of word lists in the current directory that
I wanted to become one big word list.
And it creates a variable, uh, yeah, it creates a variable called big that is the number
of the line count of this temporary file.
So you've just created a big file with a bunch of words in it.
And now we're counting up the number of words, uh, of lines in the file, assuming one,
one word per line.
And now we've got our, our maximum level of, of selection.
So then we established a variable called C for count equals zero and we do a while loop.
And this while loop is going to take care of all the horizontal rows, meaning that it
will do, it will be the lines, you know, lines across the text file.
So within that, we, we create a new variable called in set that to zero.
And then we create, uh, we, we grab a value from our array as V. So the V value is used
as the first column, the zeroeth column, I might say.
So we, we echo, or I actually print F that first, that zeroeth column into our, into
our file, into our destination file, whatever it's called.
And then we start writing our random words into onto the line after this, after this initial
zeroeth column.
And the way that we do that is yet another embedded while loop.
So while, while in now that which we set to zero is less than 27, because we need 27
across or 20, yeah, 27 across, 27 more across, uh, do we, we grab a value of I using a built
in bash function called random, we are setting that from one plus random divided by, or the
modulo of whatever the number of big was.
And then we grab with ock the line number that we just grabbed the, of the number that
we just generated with our random function.
So now we have a word.
And if we don't have a word, because I had a blank cell once, so I'm through in a quick
hack to take, to, if the word is, is empty, then we grab another word, just in case.
It hasn't happened since, so I might have just been a, a weird fluke, but just in case.
So then we print F the word that we want in a pipe symbol, because that's what word
mode uses for its table boundaries into the destination file.
And we're using print F here, because echo kind of generally implies in the line, we
don't want that, we just want to, we want to dump things into the line one after another.
And then we, we increment in so that we're now on the next, we're on the next, um, column.
And we do that until we hit 27 columns, then we're done and then we echo a blank, uh,
we do, we echo a blank character, so that, that gives us a new line into the file.
And then we increment C. And so now we're on the next, we're on the next line, or the
next row.
And that's it.
That's the, we, we do that a bunch of times 27 times 27, so like 729 times or whatever
it is.
And, uh, when we're finished, we have a matrix.
So if you provide a word list, then, then, or, or some list of values, one value per
line, then, then this script will take that list, we'll dump it into a file called temp,
it will use that file as its, as its source and generate an org mode table called, you
know, matrix.org or whatever you called it.
And then you can open that table and view it in, in org mode.
When you first open it, you should know that it will, it does take a little while to
generate, depending on how fast your computer is or how slow your computer is.
And once you, when you first open it, you might, the table may not look like a table.
It'll be all, it might be scattered all over the place and kind of uneven, depending
on what kind of, well, even, yeah, it'll actually look that way.
So what you want to do, or at least what I do is I do, um, I do a fill.
So alt x or meta x and then, uh, fill, fill dash paragraph.
And that aligns everything perfectly into table form.
So that's a quick, quick org mode trick for you, or actually it's an emax trick.
I don't know if there's, but there may be an org specific way to, to read, read a line
a table.
I'm not sure.
But, but the way that I do it is I just do the fill paragraph, fill dash paragraph.
And that's it.
That's how you generate a big matrix of words in emax, uh, or, or in bash for emax
org mode.
So anyway, as I say, if you have other ideas, other cool password generation ideas, I'd
love to hear them.
So record an episode about it.
And definitely if you, if you find my logic completely erroneous and, and I'm coming
up with way, with things that are super easy to reverse engineer, then that's great too.
Tell me about it.
Um, tell me about it on a hacker pulver radio, which is this show.
You can record an episode and submit it.
It will air.
I will hear it.
And boy won't I be embarrassed.
Oh, and I'd like, I should probably think Jay Lindsay.
My friend Jay Lindsay from IRC for planting this seed, this, this, the seed of this puzzle
into my head about 11 years ago.
Thanks, Jay Lindsay.
And thanks everyone else for listening.
Talk to you later.
You've been listening to HackerPublicRadio at HackerPublicRadio.org.
We are a community podcast network that releases shows every weekday, Monday through Friday.
Today's show, like all our shows, was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast, then click on our contributing to find out
how easy it really is.
HackerPublicRadio was founded by the digital dog pound and the infonomicom computer club,
and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on
the website or record a follow-up episode yourself.
Unless otherwise status, today's show is released on the creative comments, attribution,
share a life, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink