Looks like useful script…

Maybe I should update my passwords with this :P

@ JKjoker:

Hmm… That’s a good idea. I figured randomizing capitalization would improve password strength without making them too difficult to memorize.

@ Chris Wellons:

Thanks for digging out that Coding Horror link. I tried finding it the other day, and then gave up. :P

@ SapientIdiot:

Yes, it technically does make it more easily crackable than a completely random password. On the other hand it is probably vastly superior to using “password123” or “qwerty123” or short words vulnerable to a dictionary attack.It’s a compromise.

I used to generate extreamly random and long passwords, and remember them by writing them down over and over again (then burn the paper i used), but eventually i just fell back to using phrases or abbrivations of phrases i can easily remember and throwing in random symbols and capitalizations.

Wouldnt using a script like this make passwords more easily crackable if someone knew that it was this script that was used to generate the password?

The Debian repositories have a tool called pwgen (doesn’t seem to have a website) whose purpose is to generate pronounceable passwords. I’ve known about it for awhile but have not put it to use. I think your program does a better job than pwgen anyway.

Then there’s my personal favorite, Diceware, and its variations. I find Diceware passwords to be much easier to type, in addition to memorize. But they are much longer than usual.

I like the GUID code idea you’re using. Thanks for pointing that out.

the pronunciation might be easy to remember but the change from caps to nocaps seems too random, maybe if they had a pattern like caps only on the edges of a syllables or all caps/nocaps syllables (easier to remember than for each individual letter) or you might as well program different pattern rules and choose one randomly before generating the password (inform the pattern to the user along with the generated password)

also using rare printable symbols (those that bruteforce programs tend not to use or try last) as randomized syllable separators instead of always – would improve the strength of the passwords without affecting the pronunciation (the symbol for all separators should be the same in each password tho)