> Each entry has about 42 bits of randomness. Queries are not recorded.
Randomness is probably as good as the random resource in the operating system.<p>Hmmm. Such a statement should be backed by proof, not by trust. Until you can run the code locally you can't assume that any of these things is true. As far as we know, this can be a reverse password harvesting scheme.
This is hilarious, I love these. If you're tempted to use one of these as your password, you probably have to choose the first one you see in order to maintain the desired 42 bits of security. You can't keep refreshing until you find one you like since the search space for a reaaaaally good one is probably much smaller than the search space of all combinations.<p>(I acknowledge this site is mostly a joke and you'd be crazy to use any of these for an important password)
A few interesting generations:<p>> You malformed garbage can of podagric pig precipitations<p>That alliteration for the second part is particularly pleasing. Although they wouldn't make good passphrases, it'd be fun to see an "oops! all alliterations" version of this.<p>> You misbegotten locker of pathological coon cat [dial] dross<p>I wonder how the "[dial]" slipped in there -- is it part of the animal list or the excrement list?<p>Edit: after refreshing a few more times I've seen a few other tags attached to other words ("labis [eccl]", "painter [S US]", "budget [dial]", "scrip [archaic]"). I'm guessing that "dial" means dialect, and the words that went into this were scraped from some old version of Roget's Thesaurus.
Reminder of Diceware:<p>> <i>Diceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five rolls of a six-sided die are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five-digit number, e.g. 43146. That number is then used to look up a word in a cryptographic word list. In the original Diceware list 43146 corresponds to munch. By generating several words in sequence, a lengthy passphrase can thus be constructed randomly.</i><p>* <a href="https://en.wikipedia.org/wiki/Diceware" rel="nofollow">https://en.wikipedia.org/wiki/Diceware</a><p>* <a href="https://diceware.rempe.us/" rel="nofollow">https://diceware.rempe.us/</a><p>* <a href="https://packages.debian.org/search?keywords=diceware" rel="nofollow">https://packages.debian.org/search?keywords=diceware</a>
My dear friend Bowerick asked me about this and maybe someone can help him out:<p>Is there a site that lists everyone in the entire universe in alphabetical order?<p>Bowerick would like to use it for a project he is working on in his spare time - and he has a lot of that since his accident.
We issued temporary passphrases for new users once and thankfully checked them manually before issuing them. Even if you remove swear words it's amazing how random words put together could be interpreted as insults and slurs.
This reminds me of the "Abuse" room from Monty Python's Argument Clinic [0].<p>Shirley I'm not the only one.<p>[0] <a href="https://youtu.be/uLlv_aZjHXc?t=42" rel="nofollow">https://youtu.be/uLlv_aZjHXc?t=42</a>
This is great in that it creates a grammatically correct sentence, which really helps with memorization, and which is lacking in many other "passphrase generators" that are simply sets of disconnected words.<p>Though password managers are useful, they don't obsolete memorization! At the very least, you need to memorize your password manager's master password. I also don't put extra-sensitive passwords in my password manager, such as for my email account, laptop OS, SSH key, employer enterprise account, etc. I probably have about ten passwords / passphrases memorized, and I don't think this'll ever reduce.<p>To scratch my own itch, I created <a href="https://phrase.shop" rel="nofollow">https://phrase.shop</a>, which also generates grammatically correct phrases (not full sentences though), minus the insults. Hopefully you find it useful too!
I'm probably not gonna use these for my passwords, but there are some pretty awesome insults generated here!<p>Is the source code available somewhere, and if so, under what license?<p>I'm currently working on a tiny game, and this gave me the idea of having generated insults in the banter!
Bill Cheswick is a cool dude. In the 80s and 90s, he ran the Internet Mapping Project, which was an attempt to collate the complexity that is our routing stack into something approachable. It also produced some really cool graphs: <a href="https://cheswick.com/ches/map/gallery/index.html" rel="nofollow">https://cheswick.com/ches/map/gallery/index.html</a><p>As a young engineer, I had the opportunity to meet him at one of the tech conferences my dad was attending, where he gave me one of his printed copies of the internet map (and signed it). Hung on my childhood bedroom wall until my parents moved. Lovely piece.
I made a readable passphrase generator[0] (in Spanish) with a UI that lets you configure the sentence structure. It's all generated in the client and code is open[1]. According to my primitive calculations I get up to 9x bits of entropy<p>[0] <a href="http://mirrodriguezlombardo.com/passphrase/" rel="nofollow">http://mirrodriguezlombardo.com/passphrase/</a><p>[1] <a href="https://github.com/mir123/readablePassphraseJS-ES">https://github.com/mir123/readablePassphraseJS-ES</a>
Nice except that it is an absolute no go to generate these on the server.<p>Why not port to JS and generate it on the client? Should be trivial.<p>Yould should not encourage people to trust you.
This reminds me of the mid 90s when we first started having servers in the colo and you'd need to give a Noc tech the root password to fix things.. our policy was to always have the most offensive root password so you'd never -want- to give it to anyone... god it was fun...
Setting the seed would be great.<p>I use a passwordcard[1]. When the paper dissolves, I generate a new one from the same seed and print it again.<p>[1] <a href="https://www.passwordcard.org/en" rel="nofollow">https://www.passwordcard.org/en</a>
So the template is 'You <adjective> <object> of <adjective> <animal> <noun>'.<p>If there's about 42 bits of randomness, presumably there's an average of a bit more of 2^8 entries in each of those five lists?
Reminds me of <i>A Clockwork Orange</i> quote...<p>"Well, well, well, well. If it isn't fat, stinking billy goat Billy-Boy in poison. How art thou, thou globby bottle of cheap stinking chip-oil?"
Doctor Zachary Smith would love this for insulting the Robot on Lost in Space!<p>Lost In Space - Dr Smith insulting the Robot:<p><a href="https://www.youtube.com/watch?v=wyH33DXusTY" rel="nofollow">https://www.youtube.com/watch?v=wyH33DXusTY</a><p>Jonathan Harris and PimpBot 5000 appeared on Conan O'Brien in 1998:<p><a href="https://www.youtube.com/watch?v=BlU0hs5j-W0" rel="nofollow">https://www.youtube.com/watch?v=BlU0hs5j-W0</a>
You can even mutter them while entering the password and nobody will suspect that it's an actual passphrase.. just the typical nerd talking to her/his computer.
Good one, added it to my Powershell profile for the occasional giggle so I can invoke it on demand, feel free to reuse it<p>function Insult { (Invoke-WebRequest -Uri "<a href="https://cheswick.com/insults" rel="nofollow">https://cheswick.com/insults</a>") .ParsedHtml.getElementsByTagName("p")[2].innerText } #Outputs a random quality insult!<p>Note: delete the space behind <i>insults")</i>
Formatting ¯\_(ツ)_/¯
I've been wondering, to use something like this in a new captcha system. AI is great for solving captchas, but megacorp censorship won't let them swear. So captcha: Write some swearwords in this textbox.<p>A swearword password is great for the same reasons: You can't publish it in most public locations. They'll refuse to publish it.<p>Next up: A password full of covid disinformation. Preferrably racist.
`You depressive china of noxious burro deer slabber`.<p>Is it just me thinking that it's not ok to have China in the nouns list? Or do we also find "united states of america" or "germany" in there?