Show HN: Memorable but hard to crack password generator
passw.orgAs mentioned these passwords aren't hard to crack.
Anything based on a word list is going to be inherently easy to crack, and with a predictable format like word-separator-word, it is even easier.
I realise this is a fun weekend project, and learning new languages is always a good thing, but I think it's a little irresponsible to make any claims that these passwords are secure.
Also as mentioned, if people were to actually use this for password generation it should be behind SSL, although I would discourage anyone from using passwords generated by a remote service.
Having uncommon words doesn't make a password hard to crack, they're in the dictionary just the same.
Having long words does make brute-force cracking harder.
Which is why everyone tries the dictionary search before the brute force.
Of course you're correct and I don't claim that these are uncrackable. Just a way to practice a bit of clojure while the missus had her girlfriends over.
The headline is "hard to crack" which seems misleading.
Assuming a generous 1000000 words in the dictionary, and any non-letter ASCII printable separator allowed as a separator, this is equivalent to a 9 character random password with just lower case letters and digits, or a 7 character random password if all printable ASCII is allowed. It's about 46 bits of entropy. That is a bit low by modern minimum acceptable password length standards.
Should this not be behind SSL? Looks good though.
Probably should yes!
Pretty cool! What does the "<huge number> to one" mean exactly?
john --wordlist