Random password generator
A random password generator is a software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password.
Mnemonic hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the hash can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.<ref name="memorize">Template:Cite book</ref>
Password type and strength
{{#invoke:Labelled list hatnote|labelledList|Main article|Main articles|Main page|Main pages}} Template:Empty section
Websites
Web Cryptography API
The Web Cryptography API is the World Wide Web Consortium’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the crypto.getRandomValues() method. Here is the simple Javascript code that generate the strong password using web crypto API.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref>
FIPS 181 standard
Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> FIPS 181—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.<ref> NIST. Automated Password Generator standard FIPS 181 </ref> However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.<ref>Template:Cite conference</ref><ref>Template:Cite journal</ref>
Mechanical methods
Yet another method is to use physical devices such as dice to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the fractionation table below.<ref>Levine, John R., Ed.: Internet Secrets, Second edition, page 831 ff. John Wiley and Sons.</ref>
1 2 3 4 5 6 1 a b c d e f 2 g h i j k l 3 m n o p q r 4 s t u v w x 5 y z 0 1 2 3 6 4 5 6 7 8 9
See also
- Cryptographically secure pseudorandom number generator
- Diceware
- Hardware random number generator
- Key size
- Master Password (algorithm)
- Password length parameter
- Password manager
References
External links
- Cryptographically Secure Random number on Windows without using CryptoAPI from MSDN
- RFC 4086 on Randomness Recommendations for Security (Replaces earlier RFC 1750.)