
Visual, multi-language XKCD-style password generator - alanfranzoni
http://password.optionfactory.net/
======
itcrowd
From the previous HN thread on this:

 _To have fun on April Fools ' Day we wanted to build something useful and
funny: we created a new XKCD-like password generator that can use different
languages dictionaries and show a picture for each generated term by searching
Google Images. We had a lot of laughs playing around with Italian and English
passwords and we hope you'll have as fun with this as we did!_
[https://news.ycombinator.com/item?id=9304688](https://news.ycombinator.com/item?id=9304688)

It should be just for fun and education, anyone foolish enough to use these
generated passwords as real passwords is well ... foolish enough. Flaw #1: no
HTTPS.

~~~
Udo
HTTPS does nothing for you in this case. The passwords are generated locally
with JavaScript, and there is an option you can check to prevent them being
sent back to the server. But even if they actually were generated on the
server, HTTPS would be of limited use, since you'd still have to trust the
server itself and the people operating it.

~~~
itcrowd
Good point. However, the dictionaries also need to be transferred to the user
and a MITM could easily replace this with his own (flawed) dictionary.

Same point: JavaScript injection/modification.

HTTPS doesn't guarantee that the dictionary isn't flawed or the JS is secure,
but it does guarantee that the received data/scripts/dictionaries are exactly
the ones the server intended to send.

------
minikites
[https://www.schneier.com/blog/archives/2014/03/choosing_secu...](https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html)

> This is why the oft-cited XKCD scheme for generating passwords -- string
> together individual words like "correcthorsebatterystaple" \-- is no longer
> good advice. The password crackers are on to this trick.

~~~
andybak
4 true random choices from a dictionary of 5000 words is 50 bits of entropy.
All things being equal that is just as good as any other password scheme with
50 bits of entropy. I think that's about the same as a 10 character
upper/lower/numbers/symbols password.

That's your worse case scenario. Add to that the fact that:

a) the attacker doesn't have your dictionary b) they can't be sure you're
using this method c) you might add a minor extra step of your choosing

then the attack becomes significantly harder than attacking a 'normal'
password with 50 bits of entropy

~~~
mrmcd
I just looked at some of the hashcat benchmarks and they are clocking MD5 on
one of their test machines at 115840 Mh/s.

(2^50)/(115840*10^6) = 9719.43 seconds, or about 2-3 hours to break one
correct horse style password. I think the point is that 50 bits of entropy is
not enough when you consider the speed of GPU hashing.

Obviously you shouldn't use MD5 for hashing passwords, but since you often
have no control over what algo a site uses (or even information about which
one they did pick), assuming they will do something common and bad like
unsalted MD5 isn't a bad starting point for this kind of analysis.

~~~
orblivion
Maybe so, but then that doesn't say much about the usual alternative which has
even less entropy.

EDIT: Actually I was going by xkcx's claims, which start with a dictionary
word and adda random tweaks to it. I don't know off hand how long a random
password would have to be to match 50 bits. But ultimately, that is the
question; is this method at least as good as the alternative.

~~~
mrmcd
Assuming 80 possible characters (A-Z,a-z,0-9 + 18 punctuation symbols),
log2(80^8) ~= 50. So a correct horse password would be about the same as a
random 8 character alpha-numeric entropy wise.

The XKCD argument is that correct hose style is way easier to remember. It's
possible Schneier thought Munroe was arguing that a correct horse was as much
entropy as a 20 character random password, even though he isn't. This is the
first I've heard of this argument though so I'm not even sure how much of a
controversy it is.

------
petepete

        $ shuf /usr/share/dict/words | head -n4
        Zygopterides
        frenulum
        unexuberant
        delightsome
    
        $ wc -l /usr/share/dict/words
        235886

~~~
vive-la-liberte

        $ # No need to use head. Also, I prefer output on one line.
        $ shuf -n4 /usr/share/dict/words | xargs
        limper mastoplastia highfaluting Bobbinite

------
jstanley
Looks like the image search doesn't work?

~~~
ins0
From the source it looks like the "feature" isn't implemented yet. Only image
reference is:

 _$( '#xkcd-image-'+(index)).html("&nbsp;");_

This should be a "Show HN"

~~~
splitbrain
Uhh. Why post it then? Where's the innovation here?

------
acqq
\- It would be good to document the entropy evaluation for readers to check if
the assumptions are correct.

\- Which random number generator is involved? Optimally, the user should be
able to put his plain entropy in the locally run "nice password" maker for
which he also checked the source code. Anything else, IMHO, isn't more than
the game inspired by the real problem.

Edit: itcrowd clears it up: it's made for April 1st, that explains the
problems.

\- Worth knowing, a simple solution to real user-generated entropy:

[http://world.std.com/~reinhold/diceware.html](http://world.std.com/~reinhold/diceware.html)

The page could be actually useful if it would run fully locally (e.g. on an
air gaped computer) and take the input of the values of the user thrown dices.

------
james-skemp
Nice, but I think I'll be sticking with Preshing's version. I even have my mom
using it plus KeePass.

My usage is to generate four words, replace a/e/I/o in one of them with
4/3/1/0, capitalize, and throw on some punctuation that makes sense.

Sites with forced password limits and those that don't accept special
characters are still a pain, but using dashes, capitalization, or three of the
four words usually helps.

[http://preshing.com/20110811/xkcd-password-
generator/](http://preshing.com/20110811/xkcd-password-generator/)

------
funkyy
Unless the test will be performed using dictionary words only. Starting with 1
word 1st capital letter followed by 1st lower case. I think the calculation
time would drop significantly.

~~~
JoshTriplett
Compared to brute forcing all alphanumeric passwords of the same length, true.
However, even if you know the complete dictionary of 5k words this uses,
5000^4 = 625,000,000,000,000 > 2^49. Not trivial to brute force; comparable to
a completely random 8-character password that uses letter, numbers, and
symbols.

------
Ntrails
For me, at least, I'd rather use a line of poetry that is clearly already
memorised. An old router password was "It profits little an idle king, _etc_
". (Thanks Frasier). I imagine the real winners would be older work with non-
current English, or perhaps some good nonsense?

Obviously when someone knows that's my thing it's easier to crack though... I
shouldn't have said anything :(

~~~
andraganescu
this sounds like a good idea for those folk who are walking poetry references

------
jve
Serving password and copying over HTTP is actually a very bad idea.

Moreover, for my language I have some non-latin symbols. I'm not sure if every
service can be trusted to treat non-latin alphabet password. And this tool
generates words with umlauts that we don't even have in Latvian. Some words
are already translited, some not - that doesn't help.

~~~
mollmerx
The passwords are generated on the client.

~~~
rnhmjoj
What if someone is listening to your traffic and injects a script which sends
generated passwords to a server? http only is a bad idea in this case.

------
aargh_aargh
Several mostly grammatical examples (English common): "catholic conversation
served laughter" "zoo bearing child useless" "hitting burning psychiatrist
much" "justice except critical vacation" "assigned fantastic shower interests"

------
ollybee
This site
[http://correcthorsebatterystaple.net](http://correcthorsebatterystaple.net)
takes it's inspiration from the same XKCD cartoon

It lacks the language choice but other options are more useful to me. Also the
domain is easily memorable.

------
dlsym
"schatzmeister anschlägen vormarsch stolzen" Yeah. Pretty german.

------
yummybear
"admire fucking ali beautiful"

I've already memorized it.

------
cmcginty
Does this word list purposely choose insulting words? Out of 4 tries I was
given both p&#$y and c@#t.

~~~
Mandatum
Here's the 5K english wordlist file:

[http://password.optionfactory.net/dict/en-5k.json](http://password.optionfactory.net/dict/en-5k.json)

Looking at the JS it doesn't appear to do it on purpose, although I did
experience a similar situation.

Also to add, this is probably one of those situations where a JSON file isn't
really that useful. It's a wordlist that could be split by newlines or
similar. There's 12 bytes needlessly added to each word when using JSON
formatting (the "'s and ,'s).

------
pavel_lishin
I wonder where they got the commonly used word lists.

------
reallydontask
it would be nice if it allowed to combine words from multiple languages.

That's my technique on the websites that allow long passwords.

------
Rainymood
"sexy corpse guys grunting"

Hmmm ...

------
merb
A good password could be created by using a sentences with > 14 words. And
than you should use the first letters in their plain form i.e. This is a sunny
day will be: Tias, now you should change any s/S to a $ and any a/A to a @
after that you should add the last two bits of your birth year in fron of the
sentences and the first two bits at the end of your sentences.

So now you would have something like: 57Ti@$19

