Password Generator

This password generator works locally on your computer: the generated passwords are not sent over the network, and their strength only depends on how long they are and how much do you trust in the secure random number generator of your web browser. You could also save this page locally for later usage off-line. Read the notes below for more.

Complexity(2): bits    Mode:

 


NOTES

1. How much random are these random passwords? This page generates random passwords by using the JavaScript function window.crypto.getRandomValues() of your web browser, which is supposedly able to generate cryptographically secure random numbers, as much secure as the keys it must generate to establish secure HTTPS connections, for example.

2. What is that "complexity" number? The complexity parameter is the number of equivalent random bits to generate. In general, if S is the number of available symbols (for example all the printable characters) and N is the length of the generated password, then the number of possible different passwords of that length is

SN = 2complexity

So, the required length of the password N to get the equivalent strength of a random key of "complexity" bits length is

N = complexity * log(2) / log(S)

Our generator uses S=75 characters from the ASCII table, chosen over a set of non ambiguous shapes and always available on any keyboard. As a rule of thumb, a complexity of 49 bits (about 8 characters length) or more is the minimum security requirement for general usage; less than 32 bits (about 5 characters) is a very weak password that could be easily cracked by brute force by nowadays fast networks and computers.

3. What is the "Characters" generator mode? Our implementation uses pretty much all the printable ASCII characters available on any computer keyboard, but some have been removed from the set for several reasons:

	" '   (Word would likely change these into fancy quotes :-)
	\ /   (could be confused together)
	O o 0 (could be confused together)
	Z z   (could be confused together)
	1 l   (could be confused together)
	^ [ ] ` { | } ~ (hard to find on some keyboards)

So this leaves us with only S=75 for the characters mode. This means that a complexity of 49 (the default proposed by this page) is equivalent to a password 8 characters long.

What is the "Phrase" generator mode? Is my attempt (mostly failed) to make passwords readable and then easier to remember. It works like that: rather than using single characters, each symbol is represented by a (supposedly) readable syllable. Unfortunately, what could be readable on a certain language (say, English) could result completely un-readable in another (say, Italian) and vice-versa. And in this implementation both statements are true, though...

I borrowed syllables from a quote of the "Cappuccetto rosso" tale ("Little Red Riding Hood" in English). You could try changing the list of syllables to make the result better for you.


Updated 2020-03-06 by Umberto Salsi <salsi@icosaedro.it>, www.icosaedro.it