Strong Memorable Passphrase Generator

The secrecy of your master password must survive you, and its strength must hold against adversaries that are ready to spend substantially every year to eventually crack it. The default values below correspond to twice the longest-living person to date, and to the yearly budget of the NSA.

Expected time left to live: years.

Yearly budget of adversaries: thousand euros.

Generated passphrase: ████████████████████████████ .

Entropy: Awaiting generation bits.

The password is generated locally on your computer. The webpage does not store nor transmit it elsewhere. There are a few constraints for you to trust it:

  1. You must trust me (admittedly, the harder step). I claim to have not put anything malicious in the code, and I believe there are no mistakes in the implementation of the algorithms. However, I disclaim any express or implied warranty or liability from the use of this page or software. I will not give write access to the website’s code to anyone, so at least you only need to trust a single person.
  2. You must trust Github to deliver the website’s content correctly and securely. If Github is malicious, it could server a different page that sends the passphrases somewhere. If Github is incompetent, the TLS connection used to secure the transmission could be tampered with by a malicious actor that inserts encrypted content to send passphrases to them.
  3. You must trust your Web browser. It has access to all that you see in your window and more. Additionally, we rely on the JS cryptographic primitives it provides, so if the software is badly written, it may yield faulty randomness; and if the tab separation is weak, other webpages in the browser might be able to extract information from this page.
  4. You must trust your operating system and hardware, from the CPU to the RAM.

To be fully honest, even then, I tend to be extra cautious when generating passwords. I load the page from a fresh OS (typically booted from a live USB), I verify the source code, I disconnect and Faraday-cage the computer; only then do I generate the passphrase, and once the password memorized, I shut down the laptop without reconnecting to the Internet and scrub all remains of the OS.

Want to understand the computation? It is detailed in this article.