Background: There are a lot of pronounceable password generators floating around online, but there are a handful of issues I've found: 1) many do the actual work on the server side 2) many use RNGs that aren't really meant for cryptographic use 3) many blindly follow a pattern like CVCCVC which is both more predictable and less "pronounceable" (something like "xuq" perhaps has a pronunciation but it's not so obvious).
I initially started this up by just having a Japanese syllabary and using Crypto.getRandomValues() to shuffle the syllables, but with some thought I came up with the idea of building a Markov chain from an English dictionary and using that to produce more English-like results with less predictable patterns. Once I'd done all that it wasn't much effort to throw in support for pass phrases and classic line-noise passwords, so those are in here too. I am also using zxcvbn to evaluate password strength (since with certain options you can end up making a fairly weak password).
There are plenty of offline tools that have all these features but I haven't found many online ones, and from what I've found my approach produces more convincing fake English words than others I've tried.
1 comment
[ 3.3 ms ] story [ 9.9 ms ] threadI initially started this up by just having a Japanese syllabary and using Crypto.getRandomValues() to shuffle the syllables, but with some thought I came up with the idea of building a Markov chain from an English dictionary and using that to produce more English-like results with less predictable patterns. Once I'd done all that it wasn't much effort to throw in support for pass phrases and classic line-noise passwords, so those are in here too. I am also using zxcvbn to evaluate password strength (since with certain options you can end up making a fairly weak password).
There are plenty of offline tools that have all these features but I haven't found many online ones, and from what I've found my approach produces more convincing fake English words than others I've tried.