https://github.com/lebinh/correct-horse

XKCD style password in Vietnamese
https://github.com/lebinh/correct-horse

Last synced: about 1 month ago
JSON representation

XKCD style password in Vietnamese

• Host: GitHub
• URL: https://github.com/lebinh/correct-horse
• Owner: lebinh
• License: mit
• Created: 2020-08-16T11:50:20.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-08-16T12:06:35.000Z (over 5 years ago)
• Last Synced: 2025-01-17T21:30:50.654Z (12 months ago)
• Language: Python
• Size: 44.9 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Correct Horse

Simple way to create *easy to read out*, *easy to type* (for Vietnamese at least), and (sometime) easy to remember password using Vietnamese words.

## How?

For now:

```bash

$ python horse.py

số học.đèn pin.liền tay.tự học

$ python horse.py 6

tị nạn.ngay khi.sư tử.máu tham.hồ nghi.song toàn

```

It's probably better to use the un-accented version of the password, i.e. `so hoc.den pin.lien tay.tu hoc`.

## FAQ

### What's wrong with random alpha-numeric password?

Try reading `PgCt4xDkXf` to another person, or writing it on a phone. I know you can use a password manager to help with that. But inevitably, there will be times you want to just read it out loud for another person sitting next to you on the couch, or typing it on your shinny new phone.

### How strong is the password?

The used words list contains 7536 compound words, and 7307 unique un-accented words.

Using the default 4-words password, that gives ~2.85e15 possible combinations for the generated output.

Assume an attacker with a password cracking rate of 10 millions attempts per second ([1]),

it will take them on average **4.5 years** to crack a password generated by this method.

Using GPUs or specialized software/hardware, an attacker might be able to test 10 billions password per second ([1]),

that will reduce the time to crack a 4-words password to about 5 days. Adding another word increase the cracking time to ~100 years.

Using at least 5 words is thus recommended if you are using this for really sensitive application.

Each word in the generated password has `log₂(7307)`, or about 12.835, bits of entropy.

So the default 4-words password will have ~51.34 bits of entropy.

That assumes the attacker knows the password is generated by this repo,

otherwise it will just be a 20-30 lowercase letters password, which is more than 100 bits of entropy.

[1]: https://en.wikipedia.org/wiki/Password_strength

### What's horse?

The correct one, of course!

![XKCD 936 - Password Strength](https://imgs.xkcd.com/comics/password_strength.png)

## Credits

The Viet11K.txt words list was composed by Ho Ngoc Duc:

https://www.informatik.uni-leipzig.de/~duc/software/misc/wordlist.html