Show HN: Memorable but hard to crack password generator (opens in new tab)

(passw.org)

11 pointsadamneilson12y ago11 comments

11 comments

As mentioned these passwords aren't hard to crack.

Anything based on a word list is going to be inherently easy to crack, and with a predictable format like word-separator-word, it is even easier.

I realise this is a fun weekend project, and learning new languages is always a good thing, but I think it's a little irresponsible to make any claims that these passwords are secure.

Also as mentioned, if people were to actually use this for password generation it should be behind SSL, although I would discourage anyone from using passwords generated by a remote service.

ricardobeat12y ago

Having uncommon words doesn't make a password hard to crack, they're in the dictionary just the same.

namenotrequired12y ago

Having long words does make brute-force cracking harder.

StavrosK12y ago

Which is why everyone tries the dictionary search before the brute force.

adamneilsonOP12y ago

Of course you're correct and I don't claim that these are uncrackable. Just a way to practice a bit of clojure while the missus had her girlfriends over.

Tepix12y ago

The headline is "hard to crack" which seems misleading.

tzs12y ago

Assuming a generous 1000000 words in the dictionary, and any non-letter ASCII printable separator allowed as a separator, this is equivalent to a 9 character random password with just lower case letters and digits, or a 7 character random password if all printable ASCII is allowed. It's about 46 bits of entropy. That is a bit low by modern minimum acceptable password length standards.

cobrabyte12y ago

Should this not be behind SSL? Looks good though.

adamneilsonOP12y ago

Probably should yes!

namenotrequired12y ago

Pretty cool! What does the "<huge number> to one" mean exactly?

cpt113812y ago

john --wordlist

j / k navigate · click thread line to collapse

11 comments

danpalmer12y ago

As mentioned these passwords aren't hard to crack.

Anything based on a word list is going to be inherently easy to crack, and with a predictable format like word-separator-word, it is even easier.

I realise this is a fun weekend project, and learning new languages is always a good thing, but I think it's a little irresponsible to make any claims that these passwords are secure.

Also as mentioned, if people were to actually use this for password generation it should be behind SSL, although I would discourage anyone from using passwords generated by a remote service.

ricardobeat12y ago

Having uncommon words doesn't make a password hard to crack, they're in the dictionary just the same.

namenotrequired12y ago

Having long words does make brute-force cracking harder.

StavrosK12y ago

Which is why everyone tries the dictionary search before the brute force.

adamneilsonOP12y ago

Of course you're correct and I don't claim that these are uncrackable. Just a way to practice a bit of clojure while the missus had her girlfriends over.

Tepix12y ago

The headline is "hard to crack" which seems misleading.

tzs12y ago

cobrabyte12y ago

Should this not be behind SSL? Looks good though.

adamneilsonOP12y ago

Probably should yes!

namenotrequired12y ago

Pretty cool! What does the "<huge number> to one" mean exactly?

cpt113812y ago

john --wordlist

j / k navigate · click thread line to collapse