We tend to associate secure passwords with complicated and hard-to-remember passwords. But it doesn't have to be this way.
@@ -125,22 +128,89 @@correcthorsebatterystaple is more memorable than n98idhi3n, for approximately equal
security. To increase security, we can always add more words.
- 5 words from the large list, or 6 words - from the small list is sufficient for all reasonable threats.
+5 words from the large list, or 6 words + from the small list is sufficient for all reasonable threats.
Let us consider the absolute worst case, assuming the attacker knows your password is generated by this site,
knowing that it has 65 bits of entropy, your password was insecurely hashed, and your enemy has GPUs to run
500 billion attempts every second. Even then, this scheme will resist the
- cracking attempt for over a year.
Now, most attackers can't attack you that fast, and those who could have better things to do than spending a year - doing nothing but attacking you (unless you possess state secrets or something), so this is more than sufficient for - your password. In the highly unlikely case that your password need more security than this offers, or perhaps you - are just paranoid, adding an extra word would make the attack time thousandfold.
+You don't have to worry about this hypothetical scenario. Running this sort of attack is prohibitively expensive. + Unless you possess highly valuable secrets that makes this sort of effort worthwhile, in which case you should be + using stuff more complex than a password to protect it. If you have to, you can simply add more words.
In practice, most real life systems use secure password hashing algorithms, captchas, and other mechanisms to stop password cracking. It is unlikely that your attacker can reach anywhere close to a million - guesses a second, and so a 4 word password is probably sufficient for most non-critical accounts.
+ guesses a second, and so a four word password (from the large list) is probably sufficient + in real life. If you are paranoid and want to feel better, use five. ++ I made this website because I wanted a good password generator. I know the xkcd-style password scheme is fairly + secure and easy to remember, especially if you increase the length, and it's simple enough to understand and + verify. Most programmers can audit the source code of this website to ensure security. +
+
+ Another major part of the reason is that a lot of the similar websites fail to generate passwords securely: for
+ example, they used Math.random(), which is not a cryptographically secure random number generator,
+ and should never be used to passwords. This website aims to avoid such pitfalls, and provide a truly secure
+ experience.
+
window.crypto.getRandomValues() — the only cryptographically-secure random number
+ generator in JavaScript, instead of
+
+ Math.random(), whose use is explicitly discouraged for this purporse.
+ + Bruce Schneier completely missed the point: +
+++Modern password crackers combine different words from their dictionaries:
+…
+This is why the oft-cited XKCD scheme for generating passwords -- string together + individual words like "correcthorsebatterystaple" -- is no longer good advice. The password crackers are on to + this trick.
+ +
+ Excuse me, Bruce, but the entropy calculation for this password scheme is based on the absolute worst case + scenario: that the attackers knows exactly which words you have to choose from, and attempts to guess every + possible combinations from the known dictionary. +
++ In essence, we are assuming the attacker is more than “on to this trick” already. Whether + attackers are “on to this trick” is completely therefore irrelevant to its security. If Bruce + Schneier thinks using four words is insufficiently secure, he should be suggesting five or six words, not + shamelessly promoting his own password generation scheme. +
++ If you don't believe me, that okay. Lots of other people agree with me. Check out + this post on the Information Security Stack + Exchange. The top four answers (by a huge margin) agree with me.
+