Show HN: Passphrase generator that makes an absurd-but-memorable story https://ift.tt/0XLrH8b
Show HN: Passphrase generator that makes an absurd-but-memorable story I wanted to share a simple tool I just released: Tool: https://ift.tt/rk8wh2q Source: https://ift.tt/eT1aBWP ## Background I have been researching password security and got interested in diceware passphrases ( https://ift.tt/TNYwUWr ). Though the original xkcd comic claims that it is somewhat easy to remember four or five words and turn them into a little scene, I often find it pretty hard to remember the diceware passphrases. (It's taken weeks for me to finally remember it). I found this tool ( https://ift.tt/AlRrte8 ) that generates phrases that are more memorable passphrases (original source from Ryan Foster: https://ift.tt/0evNVWP ). I liked the tool, but I didn't like the interface, so I rewrote the whole thing in React and relaunched it at StrongPhrase.net ( https://ift.tt/MnZNwb0 ). ## My goals: * Make the interface a little more intuitive for basic users * Educate folks who are new to security about passphrases, passwords, and password managers. * Learn more myself about entropy, password cracking, and current cracking capacities/times/costs. Example passphrases: * evil juror obtains thin moths * drunk niece and greedy goose clean tall book * emotional boxer and concerned virus acquire 45 smashed baskets I find these a lot easier to remember because they are easier to visualize as a scene! (The downside is that the passphrases are longer to achieve the same level of entropy.) There are many other formats that have varying amounts of entropy. (You can click the "show all 18 formats" in the top right.) I am more of a security hobbyist than an expert. So this project was a chance for me to deepen my learning. Some of my key personal takeaways: * Cloud computing is powerful - I started the project thinking that I'd focus on "time to crack," but a few sources (1Password blog: https://ift.tt/SoTMXO1 , Jacob Egner: https://ift.tt/pLm0MTy... ) convinced me that because cloud computing power is so widely available, if you have enough money, you can rent a lot of power and crack much more quickly. * When passphrases are relevant - I already knew passphrases were designed for passwords you actually type. But I found it useful to really get specific about that list: password manager, laptop login password, and perhaps something like Google that you might sign into on new computers from time to time. * Develop my sense of "how much entropy is enough" - The cost to crack table ( https://ift.tt/g0sh9OR ) on the site was helpful in this inquiry. Curious to get feedback/input from this group! Thanks all! https://ift.tt/rk8wh2q September 2, 2024 at 11:11PM
No comments