5 comments

[ 1.3 ms ] story [ 21.9 ms ] thread
Doesn't it allow easier brute force?
It probably depends on the reference point. If I now use 4 words (2*2 rhyming words) instead of passphrases with 2 words, then the password is more secure than before (even if the attacker knows for sure that I use a rhyming password). Besides, there is the rhyme scheme, which is not necessarily known to the attacker.

The idea is fun. I'm just not sure it helps much in practice. If I can't remember the exact words, the rhyme makes me only marginally less lost than without it.

If they know you used this to generate it, yes.

Also, the default of only 20 bits of entropy is not nearly enough, IMO. That's only ~1M options. If you're using this to generate a password that foolishly gets hashed using something like SHA-256, even a mobile phone from 15 years ago could have it cracked in seconds. A modern CPU would crack it before your finger even let go of the Enter key.

Again though, the information above does require that the attacker knows you used this to generate your password. Without that knowledge, the 20+ character passwords it generates are quite secure, especially if you modify them.

This is a pretty neat idea. This inspired me to think if there are any password styles that can maintain their security, while you could make a hint keyword public so you could easier remember the password.

I use a password manager and I often wonder what to do if I forget the master password. Especially if I’m traveling and need to log in.

"HelpfulLayerFilmedPlayer" is quite the tongue twister.