Wednesday, September 04, 2013

Secure Passwords and Passphrases

There are 95 typeable characters to use in your passwords.  A nice long random string of those 95 characters is probably the most secure password.  Secure, but hard to remember.  Here’s a webpage I wrote to generate secure passwords and passphrases.  Passphrases are actual words, which are easier to remember, and a string of them can be as secure as hard-to-remember password with mixed cases and special characters and all.  Here’s anxkcd comic that illustrates the basic problem.
There are three tools on that page, one to generate a string of words to make a passphrase, one makes a crude attempt to make a valid sentence with random words, and one that just gives you a traditional strong password.
How did I make them?
  1. Get some words.  I downloaded some books off the internet and extracted all the unique words and compiled a long list.  I think there was about 13000 words.  Those utilitarian steps I coded up in C# since it’s nice and easy to work with, and Visual Studio is awesome.
  2. Pick some words at random.  I read the dictionary in at the webserver (that step in php) and picksome at random.  That’s all there is to it.
  3. What about the random sentence?  I found a list of nouns and verbs and adjectives and whatnot online.  The potentially readable passphrase is of the form:
the [adjective] [noun] [adverb] [past tense verb] the [adjective] [noun]
Q: What was the hardest part you ask?  A: The list of verbs I found was in the present-tense, but the sentence sounded better if the words were in the past-tense.  So I translated them all manually.  That was a pain.  By the end I got the brain fuzz really bad.  You might find some mistakes in there.  There might be something in there like taked, instead oftook.
Here’s the link again:  Generate passwords and passphrases.
Sincerely, Warmest regards, Best of luck,
more stuff available at my brain annex.
the merciful hydrant unimpressively stamped the quarrelsome war