On Passwords

We are told to change our passwords often, and to make them difficult to guess. I submit that the latter requirement also makes them difficult to remember. If I have a way of remembering the password, then someone who knows me could have a chance of guessing that password.

The amount of information in a password does vary with its complexity; see Algorithmic Information Theory (Gregory Chaitin) for details. And a more complex password takes more logic to generate.

However, I believe a solution is possible. It depends on two pieces of software. The first one generates a random password. Since this is impossible, the generator must be either kept secret, be seeded by a noise source, or have some other means of making its output unpredictable. It should be noted that a real random number generator program must (see Chaitin again) be infinitely large. Any finite program will eventually repeat, as it can only generate a finite amount of output information.

Randomness based on noise sources, such as sunspots, would work provided the source were kept secret. It turns out that the ideal case of an open source of random numbers is too predictable.

Assuming one has a random number generator, it could easily be hooked up to a program to generate text characters in any alphabet or character set. I proceed on the assumption that you can actually get assigned to you a password that is sufficiently random. This means you did not pick it out, and since it was not predictable by you, hopefully it is not predictable by anyone else either.

Now for the second piece of software. A little background may clarify what I want this program to do.

I once watched a student put the first one hundred digits of pi on a blackboard. Another student volunteered he could do the first one thousand digits. How was this possible? The digits of pi are, in a sense, quite random. They are predictable only if you know you are looking at pi. Every possible combination of every possible finite size of digit groups is guaranteed to occur in the decimal expansion of pi. Eventually, that is.

The student had a mnemonic, which was “easy” to remember, which gave the digits of pi in sequence. I suspect it was a verse or a story.

What I want is a program which, given a random password, generates a story involving each character in that password, to make it easier to remember. I would expect a user might customize the output to make it easier for her/him to recall, but the program would give a coherent first recall-generator for any given password. The program would have no ability to write anything, so it would not be able to record the input password.

The dumb question is, can anybody make or find such a program? When the digits of pi were turned into a memorable item, was this done by hand?

An even dumber question is, is any password you or I make up, guaranteed to be in some sense predictable? What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *