Read the hash algorithm SHA-1. You need to do something similar and more lightweight. Most importantly, to your function of generating passwords is not addressed.
The hash function is drawn, if the hash of the image, you can restore the original text.
By the way, in Windows the passwords are not stored physically. When you specify a new password the system calculates a hash of the image and saves it. When you enter your password to authorize the system finds the hash for the entered password and compares with his. If the same, then the password is correct. And if an attacker will break the place of storage of passwords, except the hash image it won't find anything. And from the hash of the image, the password cannot be recovered, even if he's in ten times more of the password. Interesting, thing.