March 14, 2007

A Secure In-Browser JavaScript Password Generator

This password generator picks random passwords for you. It runs entirely on your computer, inside your browser--the generated passwords do not travel over the Internet and are not known by my server.

The passwords are generated by picking words at random from a dictionary. I like to find a randomly generated password where the words bring to mind a memorable image--these passwords are easy for me to remember, but relatively hard to guess. For example, I just generated the password "social-fuzzy-okay"; I might remember this with the image of a party where stuffed animals are welcome. You can generate new sets of passwords several times looking for one that seems appropriate.

Please wait for the dictionary to load.
First, please move your mouse around in the window. Your unpredictable movement is used to seed the random number generator that is used to generate the passwords.
0% complete (0 bits)

Your generated passwords:

Q: How strong of a password do I need?

A: The strength you need depends on what you're going to use the password for and how hard you think someone might work to break it. If you're using the password to encrypt a file or something similar where an attacker could do an "offline attack," where she could try many different passwords very quickly, you would want to choose a very strong password. For most online accounts, you don't actually need such a strong password: it's difficult to check online passwords quickly. Also, many services, particularly security-sensitive ones like banks, will disable accounts where the password is entered incorrectly too many times. This means you can have a much shorter password and still be secure.

Q: What does the number of bits mean?

A: The number of bits (e.g., "3 words - 41 bits") is an approximation of how many bits of entropy there are in a password of that length. This is essentially how many bits it would take to enumerate the number of different passwords that have a certain number of words.
Every extra bit of entropy doubles the number of possible passwords an attacker would have to guess, so a password with 24 bits of entropy is twice as hard to guess as one with 23 bits of entropy, and 25 bits is twice as hard again. 10 more bits of entropy makes it approximately a thousand times as hard to guess a password.
For example, if there were only 5 words in the dictionary this programs uses (say "apple", "bouncy", "castle", "dancing", and "edith"), and you were generating passwords that were 3 words long, there would be 125 different passwords that it could generate (5 x 5 x 5 = 125). This would be approximately 7 bits of entropy, because 27 = 128. (Actually, this program always rounds the estimate down, so it would report this as 6 bits of entropy).

Q: How long would it take to guess my password?

A: How long it would take depends on how hard to guess your password is (its "entropy", the number of bits reported in the menu), and how fast an attacker can guess passwords.
If you are interested in a detailed analysis, there is a guide to how long a key you need for unbreakable security at www.keylength.com.

3 comments:

Ankur said...

camel casing the password would make it shorter. in addition limiting to <=5 letter long words will shorten it further (with a bag of 11071 words, still gives you 13.4 bits per word)

Patrick Moor said...

you've made it: http://www.xkcd.com/936/

Denis Howe said...

This was almost exactly what I was looking for but I thought the phrases would be more memorable if they were vaguely grammatical so I made http://foldoc.org/pub/misc/password.html.