Random password generator
A random password generator is a software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password.
Mnemonic hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the hash can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.[1]
Password type and strength
[edit | edit source]| [icon] | This section is empty. You can help by adding to it. (August 2025) |
![[icon]](/index.php/File:Wiki_letter_w_cropped.svg){kind=link}
Websites
[edit | edit source]Web Cryptography API
[edit | edit source]The Web Cryptography API is the World Wide Web Consortium’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the crypto.getRandomValues() method. Here is the simple Javascript code that generate the strong password using web crypto API.[2][3]
FIPS 181 standard
[edit | edit source]Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.[4] FIPS 181—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.[5] However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.[6][7]
Mechanical methods
[edit | edit source]Yet another method is to use physical devices such as dice to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the fractionation table below.[8]
1 2 3 4 5 6 1 a b c d e f 2 g h i j k l 3 m n o p q r 4 s t u v w x 5 y z 0 1 2 3 6 4 5 6 7 8 9
See also
[edit | edit source]- Cryptographically secure pseudorandom number generator
- Diceware
- Hardware random number generator
- Key size
- Master Password (algorithm)
- Password length parameter
- Password manager
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ NIST. Automated Password Generator standard FIPS 181
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Levine, John R., Ed.: Internet Secrets, Second edition, page 831 ff. John Wiley and Sons.
External links
[edit | edit source]- Cryptographically Secure Random number on Windows without using CryptoAPI from MSDN
- RFC 4086 on Randomness Recommendations for Security (Replaces earlier RFC 1750.)