Hmmm. Such a statement should be backed by proof, not by trust. Until you can run the code locally you can't assume that any of these things is true. As far as we know, this can be a reverse password harvesting scheme.
Just noting that "Cheswick" is the dude that literally (co-)wrote the book on firewalls (1e in 1994):
* https://en.wikipedia.org/wiki/Firewalls_and_Internet_Securit...
But now that you mention him, the man was working at Bell labs during the time when Ken wrote his famous essay "reflections on trusting trust". If he shared just a small part of his colleague's spirit, it would be irresistible to him to log all passwords that thousands of people may decide to use. Mainly as a conversation starter, not to do anything bad with these passwords. Maybe he's gathering cool stories in case of a hypothetical Turing award in the future?
Security is no issue if you don't care. They did abolish unhashed storage after a while (and a while is really quite recent).
[1]: https://cheswick.com/ches/cv/index.html
EDIT: Pardon my sudden lack of linguistic finesse, clearly the beer I had tonight was good.
However, anyone taking this thing as anything more than the jovial manner in which it is intended is not someone that understands a word of what you just said. So it's all just grandstanding for the sake of it
(I acknowledge this site is mostly a joke and you'd be crazy to use any of these for an important password)
Shameless plug: I made a secure* passphrase and password generator in Python [1]
[0] https://www.eff.org/es/deeplinks/2016/07/new-wordlists-rando...
I also suspect WIIV and Tele(can't remember the last part of the name) stored them as plaintext, but I didn't evaluate those as closely.
I once caught someone calling into my BBS as another user, so I implemented a pseudo 2-factor authentication system that asked for some other details from the profile. I also added a script that made my co-sysops enter a whacky 2nd password in case someone used a vulnerability to download other users' passwords.
> You malformed garbage can of podagric pig precipitations
That alliteration for the second part is particularly pleasing. Although they wouldn't make good passphrases, it'd be fun to see an "oops! all alliterations" version of this.
> You misbegotten locker of pathological coon cat [dial] dross
I wonder how the "[dial]" slipped in there -- is it part of the animal list or the excrement list?
Edit: after refreshing a few more times I've seen a few other tags attached to other words ("labis [eccl]", "painter [S US]", "budget [dial]", "scrip [archaic]"). I'm guessing that "dial" means dialect, and the words that went into this were scraped from some old version of Roget's Thesaurus.
well now I want to make one of these generators using cosine similarity and this "embeddings" thing all the kids are raving about to make passphrases where the words are related, making them even easier to remember, e.g.
remember recall recollect reminisce
> Diceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five rolls of a six-sided die are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five-digit number, e.g. 43146. That number is then used to look up a word in a cryptographic word list. In the original Diceware list 43146 corresponds to munch. By generating several words in sequence, a lengthy passphrase can thus be constructed randomly.
Is there a site that lists everyone in the entire universe in alphabetical order?
Bowerick would like to use it for a project he is working on in his spare time - and he has a lot of that since his accident.
Edit: Hah, my bad, I thought Bowerick was a HN user Google set me straight!
Good one!
Also, I don't care how sensitive someone is, if the tech that clicked the "Generate" button informs them, "it's just random words strung together :shrug:" how offended can you be? I mean, seriously?
If anything we should be doing our darndest to intentionally make passphrases as offensive as possible so that people are encouraged to change them right away! Generating temporary passphrases for new employees? Feed a picture of them into an AI that's trained to generate insults about their appearance!
They are absolutely a problem from a business perspective.
>how offended can you be? I mean, seriously?
Have you never worked in a customer-facing position? Customers get offended all the time.
I mean, it's not really anyone's place to decide what is or isn't offensive to someone else. But even if a customer isn't actually offended, they may feign offense for purposes like discounts, preferential treatment, rage-baiting for internet points, etc.
All of those scenarios suck for the lowly tier 1 customer service employee who has to deal with it, and sucks for the company.
Much easier for everyone (customer, company, and the poor person who is actually dealing with the customer) to just... not send offensive passphrases.
Shirley I'm not the only one.
Though password managers are useful, they don't obsolete memorization! At the very least, you need to memorize your password manager's master password. I also don't put extra-sensitive passwords in my password manager, such as for my email account, laptop OS, SSH key, employer enterprise account, etc. I probably have about ten passwords / passphrases memorized, and I don't think this'll ever reduce.
To scratch my own itch, I created https://phrase.shop, which also generates grammatically correct phrases (not full sentences though), minus the insults. Hopefully you find it useful too!
Is the source code available somewhere, and if so, under what license?
I'm currently working on a tiny game, and this gave me the idea of having generated insults in the banter!
As a young engineer, I had the opportunity to meet him at one of the tech conferences my dad was attending, where he gave me one of his printed copies of the internet map (and signed it). Hung on my childhood bedroom wall until my parents moved. Lovely piece.
Why not port to JS and generate it on the client? Should be trivial.
Yould should not encourage people to trust you.
I wish this was Open Source. I want to add quite a lot of pre-defined words that should come up more often than not. ;-)
But it's pretty simple; here's the exported function: https://gist.github.com/dijit/3c3c9754b79fa961805172fb48c72b...
I use a passwordcard[1]. When the paper dissolves, I generate a new one from the same seed and print it again.
If there's about 42 bits of randomness, presumably there's an average of a bit more of 2^8 entries in each of those five lists?
"Well, well, well, well. If it isn't fat, stinking billy goat Billy-Boy in poison. How art thou, thou globby bottle of cheap stinking chip-oil?"
Lost In Space - Dr Smith insulting the Robot:
https://www.youtube.com/watch?v=wyH33DXusTY
Jonathan Harris and PimpBot 5000 appeared on Conan O'Brien in 1998:
If I take it and use it as my password, the generator author then has my password in his list.
(If the generation happens on the client of course this doesn't apply, assuming it doesn't also phone home).
Any idea how we get this added to Bitwarden? :-D
function Insult { (Invoke-WebRequest -Uri "https://cheswick.com/insults") .ParsedHtml.getElementsByTagName("p")[2].innerText } #Outputs a random quality insult!
Note: delete the space behind insults") Formatting ¯\_(ツ)_/¯
I kinda like this one.
A swearword password is great for the same reasons: You can't publish it in most public locations. They'll refuse to publish it.
Next up: A password full of covid disinformation. Preferrably racist.
Is it just me thinking that it's not ok to have China in the nouns list? Or do we also find "united states of america" or "germany" in there?
[1] https://en.m.wiktionary.org/wiki/china#English
Edit: Capitalization
seen several Capitalized names of places
You disagreeable lota of plagued Japanese spaniel chaff
You unpretty hipflask of neuritic Colorado beetle excretes
You wearisome clothesbasket of envenomed Yorkshire terrier feces
I agree with other comments that “China” in this context is intended to refer to porcelain. However including “Persian” (rugs?), “Cubano” (cigars?), “Afghan” (dogs?), or Arab (numerals?) as nouns in your cute online insult generator is probably a bad idea.
Edit: I see that “Boston” and “English” are also included as insults. At least with those there can be no doubt.