pwgen2

pwgen

A while back, the web comic XKCD had a great obser­va­tion on pick­ing pass­words and pass­word strength.  Usually peo­ple pick a word and use “leet speek” to con­vert let­ters to num­bers and think that’s secure.  It’s only mar­gin­ally more secure than pick­ing a dic­tio­nary word.

The password-choosing tech­nique that I have used for about as long as I can remem­ber is based around a Python script called password.py.  I have no idea where I orig­i­nally found this script, but I always try to have it around.  It con­sults your computer’s dic­tio­nary file, grabs two ran­dom words, then joins them together with a let­ter or sym­bol in the mid­dle.  You end up with things like “tine^miner”.  I usu­ally have to run it a dozen times until I get two words that “work” for me and my brain.  My main prob­lem with this script is that when I’m first set­ting up a new machine, I don’t always have the script avail­able.  It would be nice to have some­thing portable.  My iPhone is ubiq­ui­tous, so I thought I’d write an app, but real­ized that more peo­ple would find an HTML5 “app” use­ful than a native iPhone app.

http://netninja.com/files/pwgen/

This “appli­ca­tion” lives entirely in JavaScript and con­tains all the right mojo to run 100% offline.  All of the logic to gen­er­ate pass­words runs only in your browser and never touches a server once the page has loaded. You can ver­ify this by view­ing the page’s source.  Nefarious peo­ple watch­ing the bits and bytes flow­ing over the net­work can only see that you down­loaded a list of words, but not what com­bi­na­tions of words the gen­er­a­tor has come up with. Also, because this is entirely offline, you can add it to your iPhone’s or iPod Touch’s home screen and it will act exactly like a native appli­ca­tion, with no net­work access required.

This gen­er­a­tor is a lit­tle more flex­i­ble than the Python script I used.  You can tell it the num­ber of words you want and whether you’d like a sep­a­rat­ing sym­bol between them, which increases the dif­fi­culty in someone’s attempt to brute-force your pass­word. The sym­bols were selected to be easy to get to on an iPhone, that is, they reside only on the first page of sym­bols with­out need­ing to shift first to sym­bol mode, then shift to the alter­nate sym­bol mode.

It looks great on the iPhone and is at least fully func­tional (if not always so pretty) on all other HTML5 plat­forms.  Give it a shot, if you’d like!

http://netninja.com/files/pwgen/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>