
Password Generator - dbremmen
https://www.beta.browxy.com/user/david/PasswordGenerator
======
TheDong
This generates the password on a server you don't control.

I recommend not using it.

Using 'tr -dc A-Za-z0-9 < /dev/urandom | head -c $length' is more secure and
available on your linux or osx machine even more easily than waiting a second
for a server to run some java off in a magic black box.

~~~
iudqnolq
You can also try indexing into /usr/share/dict/words for a
correcthorsebatterystaple-style password. I'm sure there's a cute on-liner, I
did it in Python because that took a lot less time than all the man page
searching how to do it with Unix text processing tools would have taken.

Yes, it would be better to remember random characters of the same length. But
most people don't. I personally have one password I use to sign into 1password
and a small other set of critical services, and longer random passwords for
everything else. I personally don't worry about nation state adversaries so I
can make myself less vulnerable to mass automated attacks and targeted attacks
by non-experts. It's important to remember not to let perfect be the enemy of
the good, and important not to discount the cost of DOSing yourself. I reduced
my security after I lost access to something of value.

~~~
archgoon
shuf -n 4 /usr/share/dict/words | tr '\n' ' ' && echo

~~~
iudqnolq
Thanks! I'm trying to learn bash, and it's going slow (right now still trying
to fully understand set -euxo pipefail). I would not have guessed that a
command existed to make random permutations, I was expecting an awk
incantation.

------
SomewhatLikely
I'm a fan of the apg linux command because it generates somewhat phonetically
prounceable passwords and of course runs locally.
[https://help.ubuntu.com/community/StrongPasswords#APG](https://help.ubuntu.com/community/StrongPasswords#APG)

------
oeuviz
I created something similar ~2 decades ago in perl. It would spit out a long
list of passwords in text format so you could chose one without the server
knowing what you chose.

Today, keepass does the job just fine.

~~~
oefrha
Instead of a search space of 1 you augmented it to N which is likely <= 2^10.
Still a pretty terrible idea to trust a password like that.

~~~
oeuviz
I agree, however, it ran on our own server so it was OK-ish.

------
ozgrozer
A better version of this might be [https://piper.gq/](https://piper.gq/) that
I made last month.

------
dbremmen
Thanks for all the nice comments that are intended with good karma. What other
feature can I add to this password generator that is useful? I agree that
using linux is more secure but for passwords that are not as important I think
this tool works fine, also you don't need to remember a big line of code and
you can execute it on your mobile phone

~~~
tobr
It seems surprisingly complicated. Why is there a “start” and “stop” button?
Why does it take so long for it to generate a random string? Why is there a
“console” that just seems to show the page template?

~~~
dbremmen
You right! Console and stop button are not necessary. The UI is generated with
a UI creation tool that match program arguments with UI widgets (see:
[https://ibb.co/phQQFxr](https://ibb.co/phQQFxr)). In this case there is an
option missing to don't show the stop button and the console (These are shown
due that you can create interactive programs with browxy)

------
known
I use

</dev/urandom tr -dc 23456789~*@#$%_+-=qwertQWERTasdfgASDFGzxcvbZXCVB | head
-c13; echo ""

