Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Funny, Human-Memorable SHA-256 Fingerprints (telekinesis.cloud)
42 points by eneuman 6 days ago | hide | past | favorite | 19 comments





See also rfc1751[1] which I use in a project[2] to make human readable fingerprints like this:

    === secrets.vm ===
    common name: secrets.vm
    fingerprint: b957e10c998faa9909cff3ba4ec35485d04708c3ecc7481fe14d7f07bc0229cd
    public key:  c15e697e4807793ef8a9461a7b2c6cf2266d1ec1480a594e83b54e7b75e07702
    public sign: f1db594eb55fe97657c57f2aa01afd1210a46d42d80d5552ac4d548162d4968e
    mnemonic:    AM ROBE KIT OMEN BATE ICY TROY RON WHAT HIP OMIT SUP LID CLAY AVER LEAR CAVE REEL CAN PAM FAN LUND RIFT ACME
    does that look right? [y/n]
[1]: https://tools.ietf.org/html/rfc1751 [2]: https://github.com/ketralnis/secrets

I like the Telegram safety feature where they use Emojis as fingerprints.

Yeah, it’s very clever. Packs a lot more bytes into few characters.

My disappointment is immeasurable that I can't put in a Madhash and get the SHA-256 back ;)

I am so sorry, I'll do it tomorrow!

I do not get it. How are black, white, and western offensive? https://github.com/e-neuman/madhash/blob/master/offensive.tx...

Anyway, this is kinda similar to https://en.wikipedia.org/wiki/PGP_word_list


The words aren't offensive, but the output sentences might be, so why risk it?

I appreciate the reference to the PGP word list, I didn't know about it.

One thing MadHash adds is a bit of structure in the form of <adjective> <noun> <adverb> <verb> <adjective> <noun> which should help make the phrases more memorable.

Also, each sentence covers 64 bits, whereas the PGP word list covers just 2 bits per word.


Having generated user passwords with dictionary[random()] a few times, I can tell you you will get angry users moaning about the fact you defaulted their password to "You Fat Pig", or "Dumb Looks".

A surprising percentage of random combinations of innocuous words can be found offensive by someone, and automatic filtering is pretty much impossible.


At work I briefly experimented with naming releases deterministically based on the git hash and a common words list. I generated 20 random 3-word phrases as a quick proof of concept, and 3 of the 20 were easily construed as sexually suggestive.

I filed a bug report with the English language, but it was rejected.


That's pretty funny, and you're right. I'm just avoiding the very obvious ones, but there will always be more!

Maybe you should consider telling your users not to get offended by machine generated semi-random strings of words.

For a password generator we ended up going with something like three pieces: predefined word list, list of all the colours CSS supports, two digit number. I originally tried to use more of our own word list but the possibly offensive combinations drove us away.

We're not making passwords anymore (yay!) but use it for like coupon code generation.


> the PGP word list covers just 2 bits per word

huh? no, it covers 8 bits per word, just a bit less than yours (6 vs 8 words per 64 bits)


There are a lot of potential words that those words could appear offensive in combination with. Looking through the current word list (https://raw.githubusercontent.com/e-neuman/madhash/master/pu...), a couple that come to mind are "power", "dominance", "curse", "immigration", "perfection", and "intelligence". (Some of those words should probably be removed from the list themselves, but that's besides the point.)

TBH, I don't think the approach of picking words randomly from a dictionary is appropriate here. Not only does it have a tendency to leave in words which could cause offense, but it can also end up picking uncommon words which are hard to remember (like majdanek, szold, or palazzo) and groups of words which could easily be confused (politician and politics; psychiatrist, psychologist, and psychology; supervision and supervisor).


Another implementation of this idea: https://www.huffgram.com/


Neat idea!

Btw: Consider renaming your list of offensive terms “denylist” or similar.


What's the reasoning here? (not challenging you, just want to make sure I understand your thought process).

I imagine it's something to do with the fact that some of the words won't be "offensive" by themselves, or perhaps even at all by all people. So naming it deny disassociates the reason from the word? Ie sometimes the word itself is offensive, sometimes it's fine but part of offensive combinations, etc etc?


Good point! Thanks for the tip!



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: