

Show HN: Memorable but hard to crack password generator - adamneilson
http://passw.org

======
danpalmer
As mentioned these passwords aren't hard to crack.

Anything based on a word list is going to be inherently easy to crack, and
with a predictable format like word-separator-word, it is even easier.

I realise this is a fun weekend project, and learning new languages is always
a good thing, but I think it's a little irresponsible to make any claims that
these passwords are secure.

Also as mentioned, if people were to actually use this for password generation
it should be behind SSL, although I would discourage anyone from using
passwords generated by a remote service.

------
ricardobeat
Having uncommon words doesn't make a password hard to crack, they're in the
dictionary just the same.

~~~
namenotrequired
Having long words does make brute-force cracking harder.

~~~
StavrosK
Which is why everyone tries the dictionary search before the brute force.

------
tzs
Assuming a generous 1000000 words in the dictionary, and any non-letter ASCII
printable separator allowed as a separator, this is equivalent to a 9
character random password with just lower case letters and digits, or a 7
character random password if all printable ASCII is allowed. It's about 46
bits of entropy. That is a bit low by modern minimum acceptable password
length standards.

------
cobrabyte
Should this not be behind SSL? Looks good though.

~~~
adamneilson
Probably should yes!

------
namenotrequired
Pretty cool! What does the "<huge number> to one" mean exactly?

------
cpt1138
john --wordlist

