forked from mike-hearn/useapassphrase
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
253 lines (238 loc) · 17.3 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
<!doctype html>
<html lang=en>
<head>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-74829107-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-74829107-1');
</script>
<!-- Meta Info for Social Media -->
<meta property="og:title" content="Bytes Unlimited | Use a Passphrase" />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://bytesunlimited.com/UseAPassphrase/" />
<meta property="og:image" content="https://bytesunlimited.com/wp-content/uploads/2018/07/byteslogo.png" />
<meta property="og:site_name" content="Bytes Unlimited" />
<meta property="fb:app_id" content="1007999749273675" />
<meta property="og:description" content="Here at Bytes Unlimited, we offer a wide array of IT Services for small businesses and home users in person or remotely. Try out this free tool!" />
<meta property="og:image:secure_url" content="https://bytesunlimited.com/wp-content/uploads/2018/07/byteslogo.png" />
<meta name="twitter:card" content="summary" />
<meta name="twitter:title" content="Bytes Unlimited | Use a Passphrase" />
<meta name="twitter:description" content="Here at Bytes Unlimited, we offer a wide array of IT Services for small businesses and home users in person or remotely. Try out this free tool!" />
<meta name="twitter:image" content="https://bytesunlimited.com/wp-content/uploads/2018/07/byteslogo.png" />
<script type="application/ld+json">{ "@context" : "https://schema.org",
"@type" : "Organization",
"name" : "Bytes Unlimited",
"url" : "https://bytesunlimited.com",
"sameAs" : ["https://www.facebook.com/BytesUnlimited"]
}
</script>
<meta charset="utf-8" >
<link rel="stylesheet" href="css/styles.css?__inline=true" />
<link rel="stylesheet" href="css/fonts.css?__inline=true" />
<link rel="canonical" href="https://bytesunlimited.com/" />
<link rel="icon" href="https://i0.wp.com/bytesunlimited.com/wp-content/uploads/2018/07/cropped-byteslogo-1.png?fit=32%2C32&ssl=1" sizes="32x32" /><link rel="icon" href="https://i0.wp.com/bytesunlimited.com/wp-content/uploads/2018/07/cropped-byteslogo-1.png?fit=192%2C192&ssl=1" sizes="192x192" /><link rel="apple-touch-icon-precomposed" href="https://i0.wp.com/bytesunlimited.com/wp-content/uploads/2018/07/cropped-byteslogo-1.png?fit=180%2C180&ssl=1" /><meta name="msapplication-TileImage" content="https://i0.wp.com/bytesunlimited.com/wp-content/uploads/2018/07/cropped-byteslogo-1.png?fit=270%2C270&ssl=1" />
<style>
.container-header {
width: 100%;
background-color:#f4f4f4;
text-align: center;
margin-top: 0px;
}
.logo {
width: 100%;
}
.content {
padding: 16px;
}
.sticky {
position: fixed;
top: 0;
width: 100%;
}
.sticky + .content {
padding-top: 102px;
}
</style>
<title>Bytes Unlimited | Use a Passphrase</title>
</head>
<body>
<header class="container-header" id="myHeader">
<div class="container">
<h1 class="logo">
<a href="https://BytesUnlimited.com"><img src="https://bytesunlimited.com/wp-content/uploads/2019/07/bytes-unlimited-logo.png" width="100" height="82" alt="Bytes Unlimited Logo"></a> Bytes Unlimited
</h1>
</div>
</header>
<div class="container">
<div class="header">
<h2 class="title">Use A <span>Passphrase</span></h2>
</div>
<p class="passphrase-label">Generate a passphrase or test your password's
strength (we don't store or transmit these):</p>
<input id="passphrase" type="text" value="Loading..." onmouseover="this.select()"/>
<p class="crack-time-label">Approximate Crack Time: <span class="crack-time">0 seconds</span></p>
<div class="passphrase-options">
<select id="passphrase_select">
<option value="5">Five-word passphrase</option>
<option value="6" selected>Six-word passphrase</option>
<option value="7">Seven-word passphrase</option>
<option value="8">Eight-word passphrase</option>
<option value="9">Nine-word passphrase</option>
<option value="10">Ten-word passphrase</option>
<option value="11">Eleven-word passphrase</option>
<option value="12">Twelve-word passphrase</option>
</select>
<p>Spaces?
<input type="radio" id="spaces" name="spaces" value="1" checked />Yes
<input type="radio" name="spaces" value="0" />No
</p>
</select>
<button class="btn-generate" onmouseover="" style="cursor: pointer;">Generate New Passphrase</button>
</div>
<div class="social-buttons">
<a href="https://www.facebook.com/sharer/sharer.php?u=https://bytesunlimited.com/useapassphrase/" target="_blank" class="sc-btn sc--facebook"> <span class="sc-icon"> <svg viewBox="0 0 33 33" width="25" height="25" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g><path d="M 17.996,32L 12,32 L 12,16 l-4,0 l0-5.514 l 4-0.002l-0.006-3.248C 11.993,2.737, 13.213,0, 18.512,0l 4.412,0 l0,5.515 l-2.757,0 c-2.063,0-2.163,0.77-2.163,2.209l-0.008,2.76l 4.959,0 l-0.585,5.514L 18,16L 17.996,32z"></path></g></svg> </span> <span class="sc-text">Share It</span> </a>
<a href="http://twitter.com/share?url=https://bytesunlimited.com/useapassphrase/&text=Use a passphrase! A helpful tool for generating strong passwords.&via=mikehearn&" target="_blank" class="sc-btn sc--twitter"> <span class="sc-icon"> <svg viewBox="0 0 33 33" width="25" height="25" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g><path d="M 32,6.076c-1.177,0.522-2.443,0.875-3.771,1.034c 1.355-0.813, 2.396-2.099, 2.887-3.632 c-1.269,0.752-2.674,1.299-4.169,1.593c-1.198-1.276-2.904-2.073-4.792-2.073c-3.626,0-6.565,2.939-6.565,6.565 c0,0.515, 0.058,1.016, 0.17,1.496c-5.456-0.274-10.294-2.888-13.532-6.86c-0.565,0.97-0.889,2.097-0.889,3.301 c0,2.278, 1.159,4.287, 2.921,5.465c-1.076-0.034-2.088-0.329-2.974-0.821c-0.001,0.027-0.001,0.055-0.001,0.083 c0,3.181, 2.263,5.834, 5.266,6.438c-0.551,0.15-1.131,0.23-1.73,0.23c-0.423,0-0.834-0.041-1.235-0.118 c 0.836,2.608, 3.26,4.506, 6.133,4.559c-2.247,1.761-5.078,2.81-8.154,2.81c-0.53,0-1.052-0.031-1.566-0.092 c 2.905,1.863, 6.356,2.95, 10.064,2.95c 12.076,0, 18.679-10.004, 18.679-18.68c0-0.285-0.006-0.568-0.019-0.849 C 30.007,8.548, 31.12,7.392, 32,6.076z"></path></g></svg> </span> <span class="sc-text">Tweet It</span> </a>
<a href="http://github.com/mike-hearn/useapassphrase" target="_blank" class="sc-btn sc--github"> <span class="sc-icon"> <svg viewBox="0 0 33 33" width="25" height="25" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g><path d="M 16,0C 7.163,0,0,7.163,0,16s 7.163,16, 16,16s 16-7.163, 16-16S 24.837,0, 16,0z M 25.502,25.502 c-1.235,1.235-2.672,2.204-4.272,2.881c-0.406,0.172-0.819,0.323-1.238,0.453L 19.992,26.438 c0-1.26-0.432-2.188-1.297-2.781 c 0.542-0.052, 1.039-0.125, 1.492-0.219s 0.932-0.229, 1.438-0.406s 0.958-0.388, 1.359-0.633s 0.786-0.563, 1.156-0.953s 0.68-0.833, 0.93-1.328 s 0.448-1.089, 0.594-1.781s 0.219-1.456, 0.219-2.289c0-1.615-0.526-2.99-1.578-4.125c 0.479-1.25, 0.427-2.609-0.156-4.078l-0.391-0.047 c-0.271-0.031-0.758,0.083-1.461,0.344s-1.492,0.688-2.367,1.281c-1.24-0.344-2.526-0.516-3.859-0.516c-1.344,0-2.625,0.172-3.844,0.516 c-0.552-0.375-1.075-0.685-1.57-0.93c-0.495-0.245-0.891-0.411-1.188-0.5s-0.573-0.143-0.828-0.164s-0.419-0.026-0.492-0.016 s-0.125,0.021-0.156,0.031c-0.583,1.479-0.635,2.839-0.156,4.078c-1.052,1.135-1.578,2.51-1.578,4.125c0,0.833, 0.073,1.596, 0.219,2.289 s 0.344,1.286, 0.594,1.781s 0.56,0.938, 0.93,1.328s 0.755,0.708, 1.156,0.953s 0.854,0.456, 1.359,0.633s 0.984,0.313, 1.438,0.406 s 0.951,0.167, 1.492,0.219c-0.854,0.583-1.281,1.51-1.281,2.781l0,2.445 c-0.472-0.14-0.937-0.306-1.394-0.5 c-1.6-0.677-3.037-1.646-4.272-2.881c-1.235-1.235-2.204-2.672-2.881-4.272C 2.917,19.575, 2.563,17.815, 2.563,16 s 0.355-3.575, 1.055-5.23c 0.677-1.6, 1.646-3.037, 2.881-4.272s 2.672-2.204, 4.272-2.881 C 12.425,2.917, 14.185,2.563, 16,2.563s 3.575,0.355, 5.23,1.055c 1.6,0.677, 3.037,1.646, 4.272,2.881 c 1.235,1.235, 2.204,2.672, 2.881,4.272C 29.083,12.425, 29.438,14.185, 29.438,16s-0.355,3.575-1.055,5.23 C 27.706,22.829, 26.737,24.267, 25.502,25.502z"></path></g></svg> </span> <span class="sc-text">Fork It</span> </a>
</div>
<h2 id="why-should-i-use-a-random-passphrase-">Why should I use a random passphrase?</h2>
<p>Because humans are terrible at creating secure passwords. The <a href="http://xkcd.com/936/">famous xkcd comic</a> got it right: humans have been trained to use <b>hard-to-remember</b> passwords that are <b>easy</b> for computers to guess.</p>
<p>Try as we might, humans usually end up using one of a few predictable patterns when creating passwords. We base them on things we can remember, such as names, locations, dates or just common English words. Then, we add some spice with a capital letter, some numbers, or a symbol.</p>
<p>Does your password fall into this group?</p>
<table>
<thead>
<tr>
<th>Bad Password Patterns</th>
<th>Is It Memorable?</th>
<th>Time To Crack</th>
</tr>
</thead>
<tbody>
<tr>
<td>A common word (example: <code>december</code>)</td>
<td>Yes.</td>
<td>18 milliseconds <small>(Seriously. Try it in the box at the top.)</small></td>
</tr>
<tr>
<td>An easily-typed spatial word (example: <code>qwerty</code> or <code>aaaaaaaa</code>)</td>
<td>Very much so.</td>
<td>10 milliseconds</td>
</tr>
<tr>
<td>The family dog (example: <code>rusty</code>)</td>
<td>Yep.</td>
<td>27 milliseconds</td>
</tr>
<tr>
<td>An important number, such as a date or zip code (example: <code>03261981</code>)</td>
<td>It's memorable to you, certainly.</td>
<td>2.213 seconds</td>
</tr>
<tr>
<td>A word with trivial letter→number substitutions (example: <code>S4nfr4n</code>)</td>
<td>Sort of memorable, but you may forget which letters are substituted for numbers.</td>
<td>639 milliseconds</td>
</tr>
</tbody>
</table>
<p>If your password resembles any of these examples, it is <em>instantly crackable.</em> Even a mix of these patterns, such as <code>[common word]+[number]</code> will be straightforward to crack.</p>
<p>Compare those to a passphrase:</p>
<table>
<thead>
<tr>
<th>Password Pattern</th>
<th>Is It Memorable?</th>
<th>Time To Crack</th>
</tr>
</thead>
<tbody>
<tr>
<td>Four or more randomly chosen words (example: <code>mergers decade labeled manager</code>)</td>
<td>Type it a few times, and you'll have it committed to memory.</td>
<td><strong>6,000,126 centuries.</strong> Give or take.</td>
</tr>
</tbody>
</table>
<h2 id="is-it-really-that-easy-to-crack-a-password-how-is-it-done-exactly-">Is it really that easy to crack a password? How is it done, exactly?</h2>
<p>The method for cracking usually looks something like this:</p>
<ol>
<li>First, the hackers start with a bunch of wordlists. The <a href="https://xato.net/passwords/more-top-worst-passwords/">top 10,000 passwords</a> is a good place to start. Also, lists of all English words, all names, dates, and so on. In less than one second, <a href="https://xato.net/passwords/more-top-worst-passwords/">30% of all passwords will be cracked</a>.</li>
<li>After exhausting those wordlists, they will try all of the words again with common substitutions: capitalizing the first letter (<code>december</code> → <code>December</code>), making common letter-for-number swaps (<code>december</code> → <code>d3cemb3r</code>), and other common password variations.</li>
<li>Next, they start combining the previous wordlists. Name + date (<code>doug3251983</code>). Name + [separator] + date (<code>doug.3251983</code>).</li>
<li>If all else fails: brute force, a.k.a. try every combination of characters. Try <code>a</code>, then <code>b</code>, then <code>c</code> ... eventually <code>aa</code>, <code>ab</code>, <code>ac</code> ... eventually <code>6j2b#hi8</code>, <code>6j2b#hi9</code>, <code>6j2b#hi0</code>, et cetera.</li>
</ol>
<p>If your password is based on any kind of pattern, using some combination of the above steps, it will eventually be cracked. Depending on how well-protected a website keeps your password, modern computers can make somewhere between 10,000 and <a href="http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/">350 billion guesses</a> per second.</p>
<p>Your best defense is using a truly random password generator (like this site).</p>
<h2 id="i-get-it-simple-passwords-are-cracked-easily-but-why-should-i-use-a-random-pass-phrase-instead-of-say-ipz2-az8k-0h-">I get it, simple passwords are cracked easily. But why should I use a random pass<em>phrase</em> instead of, say, <code>ipz2!az8k%0h</code>?</h2>
<p>There are dozens of random password generators out there that will happily put together a bunch of random characters for you to use as a password. These random passwords are secure, but they're a huge pain to actually remember.</p>
<p>Random passphrases provide the best combination of <strong><u>memorability</u></strong> and <strong><u>security</u></strong>.</p>
<p>By way of example, here are two passwords with similar crackability:</p>
<table>
<thead>
<tr>
<th>Password</th>
<th>Time to crack</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>p%9y#k&yFm?</code></td>
<td>Approximately 90,182,663 centuries</td>
</tr>
<tr>
<td><code>logic finite eager ratio</code></td>
<td>Approximately 189,658,722 centuries</td>
</tr>
</tbody>
</table>
<p>Which would you rather remember?</p>
<h2 id="fine-you-ve-convinced-me-i-ll-use-a-passphrase-what-else-can-i-do-to-increase-my-security-">Fine, you've convinced me. I'll use a passphrase. What else can I do to increase my security?</h2>
<p>The recipe for perfect password management is straightforward.</p>
<h3 id="1-use-a-password-manager-">1. Use a password manager.</h3>
<p>Firefox, Chrome, Safari and Internet Explorer all have built in password managers. But if you plan to use your passwords across devices, you probably should use one of these:</p>
<ul>
<li><a href="//agilebits.com/onepassword"><strong>1 Password</strong></a> (Windows, Mac, iOS, Android)</li>
<li><a href="//lastpass.com/"><strong>LastPass</strong></a> (iOS, Android; Chrome plugin works on Windows, Mac, Linux)</li>
<li><a href="keepass.info/"><strong>KeePass</strong></a> (Linux, Windows, Mac, Android)</li>
</ul>
<h3 id="2-use-a-strong-u-master-password-u-for-your-password-manager-">2. Use a strong <u>master password</u> for your password manager.</h3>
<p>This is when a passphrase would be especially useful.</p>
<h3 id="3-use-a-different-passphrase-for-every-site-">3. Use a different passphrase for every site.</h3>
<p><span style="color: #000;">belief romanian bridge profit</span><br><span style="color: #333;">arts started bundle disease</span><br><span style="color: #666;">delay gradual asset centers</span><br><span style="color: #999;">keating post warburg johnson</span><br><span style="color: #AAA;">efforts denying billed buy</span><br><span style="color: #CCC;">whose category fonts mutual</span><br><span style="color: #EEE;">easing autonomy weight five</span></p>
<p>And so on.</p>
<h2 id="should-i-really-be-getting-my-password-from-a-website-">Should I really be getting my password from a website?</h2>
<p>Honestly? Probably not. But in this page's defense, it makes <strong>zero</strong> external calls (no images, no javascript). Check your browser's network tab to verify. The passwords are all created by code contained in this page, and they are never stored.</p>
<p>For extra security, this page is designed to run entirely offline: <a href="/generate_passphrase.html" download>save</a> this page to your hard drive, disconnect from the internet, and open it in a browser. This way you can assure that the passwords are not being transmitted anywhere.</p>
<p>And for the truly paranoid, I recommend something called <a href="http://world.std.com/~reinhold/diceware.html">diceware</a>, which is a completely offline, non-computer based method of creating passphrases. It involves six dice, and a printed wordlist. The author also recommends you close your blinds while doing it.</p>
<h2 id="thanks-for-reading-and-stay-secure-">Thanks for reading, and stay secure!</h2>
</div>
<div class="footer">
<div class="container">
<p><b>Credits:</b>
<p>The password strength algorithm uses <a href="https://github.com/dropbox/zxcvbn">zxcvbn.js</a>, which was created by Dropboxer <a href="https://github.com/lowe">Dan Wheeler</a>. Site created by <a href="http://www.twitter.com/mikehearn" target="_blank">@mikehearn.</a></p>
<p>Bytes Unlimited, ©, 2012</p>
<p><b>Legal & Tech:</b></p>
<p>The algorithm assumes 10,000 guesses per second, which is consistent with passwords hashed using bcrypt, scrypt or PBKDF2. If a database contains passwords hashed with MD5 or SHA-256/512, then no amount of password security is really going to help.</p>
<p>I assume no responsibility if you use a password from this site and subsequently are hacked.</div>
</div>
</div>
<script src="js/zxcvbn.js?__inline=true"></script>
<script src="js/wordlist.js?__inline=true"></script>
<script src="js/script.js?__inline=true"></script>
<script>
window.onscroll = function() {myFunction()};
var header = document.getElementById("myHeader");
var sticky = header.offsetTop;
function myFunction() {
if (window.pageYOffset > sticky) {
header.classList.add("sticky");
} else {
header.classList.remove("sticky");
}
}
</script>
</div>
</body>
</html>