Brignull.co.uk

Passphrase generator

I'm a strong proponant of passphrases, eg: case-knee-bat-grape. In almost every sense they are far better than passwords made from 6-8 hard to remember symbols, eg: a6h%S\9F. They are both stronger and so harder for computers to crack, and easier to remember by humans. Their strength comes from their length which gives then a high entropy. If you tried to naively brute force one there would be 26^16 = 4.4x10^22 possibilities, and even if you know it's made from four short words then there are still 7000^4 = 2.4x10^15 possibilities.

So to help me I made my own passphrase generator, because why trust somebody else when you can write it yourself? This is going against the normal advice is security of not to try as you'll likely get it wrong, but with something this simple I say why not.

This implementation picks as many random words as you want from a list of 7512 3-5 letter english words, using suitably secure random number generation. To fit old fashioned password security guidelines you can then choose to add capital letters or numbers if you wish.

Of course some of this security is negated by the fact that it's served over unsecure HTTP, but oh well...

Number of words:
Use capital letters:
Append how many numbers: