LM 2006-02-17

Just an idea during my car travel back home.

My two survival brain cells cannot remember strength password no more. But everyone knows that easy to remember passwords are very easily cracked.

So here is my very poor valuable solution.

You can complicate as you like mapPasswd proc and adapt it to your mental mechanisms (for mine letters, numbers and other character have to be splitted), than continue to type your "goofy&donaldduck" easy to remember password.

A copy & past operation and my brain cells are save.

Undoubtedly the following mapPasswd is not the procedure that I generally use ;)

Comments, suggestions and positive critics are always accepted.

 package require Tk

 proc mapPasswd {easy} {
         set map1 "abcdefghijklmnopqrstuvwxyz"
         set map3 "1234567890"
         set map4 "+*-_%&£^?!|\\\$\'\"\/\%\[\]\(\)\;\,\:\."
         set easylist [split $easy {}]
         set hardlist {}
         set magicNum 3
         foreach e $easylist {
                 foreach m [list $map1 $map2 $map3 $map4] {
                         if {[set idx [string first $e $m]] != -1 } {
                                 set len [string length $m]
                                 lappend hardlist [string index $m [expr {($idx + $magicNum) % $len}]]
         return [join $hardlist ""]

 proc mainGui {} {
     set f1 [frame .easy]

     label $f1.epLbl -width 15 -text "Easy Password"
     entry $f1.epEnt -width 40 -textvariable easyPasswd
     button $f1.epBtn -text "Harden it" -width 10 \
                         -command { set hardPasswd [mapPasswd $easyPasswd] }
     pack $f1.epLbl $f1.epEnt $f1.epBtn -side left

     set f2 [frame .hard]
     label $f2.hpLbl -width 15 -text "Hard Password"
     entry $f2.hpEnt -width 40 -textvariable hardPasswd -state readonly
     pack $f2.hpLbl $f2.hpEnt -side left

     pack $f1 $f2 -anchor w


 set easyPasswd ""
 set hardPasswd ""

Of course, now that you've shared this piece of wisdom with us, your passwords are no longer safe, as we can guess your "easy" password and run it through the code to find the real "hard" password.

I have switched to Password Safe [L1 ], which generates random passwords and remembers them for me. Why, there's even Password Gorilla, a Tcl-based, portable clone.

LM You're right, I use Password Gorilla too, but I can code myTrulyHardMapPasswd again even when these stronger tools are not available. You can see that my "piece of wisdom" is not a truly alternative, but a further possibility :)

Lars H: It should perhaps be pointed out that all the above does is that it applies a sort of Caesar cipher to the "easy" password. An alternative could be to use something like MD5 for this -- the idea being that even if someone manages to intercept the "hard" password at some time, they can't use it to reconstruct your "easy" password. (As one's "easy" passwords tend to have something in common, discovering one of them makes it easier to guess what the others are.)