Pseudo-Random Observations

I’ve been building a password generator the past few days. It takes words from the dictionary at random* and then combines them with punctuation and numeric characters.

I have elaborated on a few methods of personal information security before (here and here). I still prefer to

• never use a password for more than one site/service/login, and
• not even know most of my passwords, and
• let software generate them for me

But I guess I can see a need for passwords that are memorable, or at least easy to visually read and type in on another screen (perhaps a miniature one, or a computer you don’t own). That’s when passwords made out of words my brain knows, like

Sideswiped7-preparedness's

have an advantage over a more random string of characters like

hyV%<m-Wtfa,8I5V$paAObW6gj

…Try reading that off your phone and typing it into someone else’s computer!

I was inspired by the Password Strength edition of the xkcd comic, but:

• Lots of services I use require a capital letter, a numeral, and a punctuation character, and
• Most of them don’t support password lengths high enough to permit the “correct horse battery staple”-style of passwords.

And, I see that I’m not the only one — visit http://correcthorsebatterystaple.net if you like. The reason I decided to build my own generator, instead of using that one: the site’s not available via HTTPS. It doesn’t make much sense to me to generate passwords — presumably for securing stuff you care about — when that connection is snoopable.

So, I made one, secured it, and while testing it, some really interesting combinations have come up — at pseudo-random:

• 9pickers$Negotiate
• advert's~Dishonesty's4
• 9Inbred/mulishness
• 1Quibblers(guesstimate's
• 8monkeys-Propagandizing
• Sodom's=1visit's
• 4Sacerdotal:chaplaincy
• Equivalence|physics9
• 1Kiddies!matriculation
• detested(Altruists5
• organisms>Pantries5
• insouciant~Corrupter5