Show HN: Funny, Human-Memorable SHA-256 Fingerprints


42 points | by eneuman 11 days ago


  • ketralnis 11 days ago

    See also rfc1751[1] which I use in a project[2] to make human readable fingerprints like this:

        === secrets.vm ===
        common name: secrets.vm
        fingerprint: b957e10c998faa9909cff3ba4ec35485d04708c3ecc7481fe14d7f07bc0229cd
        public key:  c15e697e4807793ef8a9461a7b2c6cf2266d1ec1480a594e83b54e7b75e07702
        public sign: f1db594eb55fe97657c57f2aa01afd1210a46d42d80d5552ac4d548162d4968e
        does that look right? [y/n]
    [1]: [2]:
    • captn3m0 11 days ago

      I like the Telegram safety feature where they use Emojis as fingerprints.

      • Jaxkr 11 days ago

        Yeah, it’s very clever. Packs a lot more bytes into few characters.

    • smiley1437 11 days ago

      My disappointment is immeasurable that I can't put in a Madhash and get the SHA-256 back ;)

      • eneuman 11 days ago

        I am so sorry, I'll do it tomorrow!

      • dependenttypes 11 days ago

        I do not get it. How are black, white, and western offensive?

        Anyway, this is kinda similar to

        • eneuman 11 days ago

          The words aren't offensive, but the output sentences might be, so why risk it?

          I appreciate the reference to the PGP word list, I didn't know about it.

          One thing MadHash adds is a bit of structure in the form of <adjective> <noun> <adverb> <verb> <adjective> <noun> which should help make the phrases more memorable.

          Also, each sentence covers 64 bits, whereas the PGP word list covers just 2 bits per word.

          • londons_explore 11 days ago

            Having generated user passwords with dictionary[random()] a few times, I can tell you you will get angry users moaning about the fact you defaulted their password to "You Fat Pig", or "Dumb Looks".

            A surprising percentage of random combinations of innocuous words can be found offensive by someone, and automatic filtering is pretty much impossible.

            • paledot 11 days ago

              At work I briefly experimented with naming releases deterministically based on the git hash and a common words list. I generated 20 random 3-word phrases as a quick proof of concept, and 3 of the 20 were easily construed as sexually suggestive.

              I filed a bug report with the English language, but it was rejected.

              • eneuman 11 days ago

                That's pretty funny, and you're right. I'm just avoiding the very obvious ones, but there will always be more!

              • trefil 11 days ago

                Maybe you should consider telling your users not to get offended by machine generated semi-random strings of words.

                • preinheimer 11 days ago

                  For a password generator we ended up going with something like three pieces: predefined word list, list of all the colours CSS supports, two digit number. I originally tried to use more of our own word list but the possibly offensive combinations drove us away.

                  We're not making passwords anymore (yay!) but use it for like coupon code generation.

                  • dependenttypes 11 days ago

                    > the PGP word list covers just 2 bits per word

                    huh? no, it covers 8 bits per word, just a bit less than yours (6 vs 8 words per 64 bits)

                  • duskwuff 11 days ago

                    There are a lot of potential words that those words could appear offensive in combination with. Looking through the current word list (, a couple that come to mind are "power", "dominance", "curse", "immigration", "perfection", and "intelligence". (Some of those words should probably be removed from the list themselves, but that's besides the point.)

                    TBH, I don't think the approach of picking words randomly from a dictionary is appropriate here. Not only does it have a tendency to leave in words which could cause offense, but it can also end up picking uncommon words which are hard to remember (like majdanek, szold, or palazzo) and groups of words which could easily be confused (politician and politics; psychiatrist, psychologist, and psychology; supervision and supervisor).

                  • curryhoward 11 days ago

                    Another implementation of this idea:

                    • beagle3 11 days ago
                      • zedgerman 11 days ago

                        Neat idea!

                        Btw: Consider renaming your list of offensive terms “denylist” or similar.

                        • asdkhadsj 9 days ago

                          What's the reasoning here? (not challenging you, just want to make sure I understand your thought process).

                          I imagine it's something to do with the fact that some of the words won't be "offensive" by themselves, or perhaps even at all by all people. So naming it deny disassociates the reason from the word? Ie sometimes the word itself is offensive, sometimes it's fine but part of offensive combinations, etc etc?

                          • eneuman 11 days ago

                            Good point! Thanks for the tip!