from

PassGen2: A Password Generator Java Applet

Here is a simple Java applet to help you generate random passwords for login control, wireless security and other purposes. To use the applet, just click your mouse in the applet text window and start typing. At first, dots will be displayed in the text window. After you have typed enough characters, your password will start to appear. Continue typing to complete the password. Keep typing to generate more passwords.

You can type in anything you like or just close your eyes and type characters at random. For extra credit, type in the serial numbers from a couple of dollar bills or other paper currency. The applet records the time, in milliseconds, when you press down and release each key and uses these time values, along with the key characters you type, as a source of randomness. There will normally be enough variability in your typing times to insure that the characters that appear in the text window are highly random.

Caution: Do not hold down a single key for a long time and rely on your computer's "auto repeat" feature to generate the characters. This will not produce enough randomness for good security.


Sorry, you need a Java enabled browser to run PassGen.

Templates

The PassGen applet lets you select a pattern for the random strings it generates. Just pick a template from the choice box at the top of the applet. The following table describes each template and shows its appropriate entropy strength in bits.

Template

Type

Bits

Sample

Suggested use

99 AAA 999

License plate style

30.7

76 BST 593

Login password

SSS 99 SSS

Two nonsense words seperated by a number

32.5

rdath 80 phunt

Login password

MMMMMMMM

Maximum strength -- all printable characters

52.5

9qh/43Et

High security Unix password

CCCC CCCC

Letters and numbers

41.3

6LN6 8ZIU

Medium securty Unix password

LLLLL LLLLL LLLLL

Crypto strength password

89.3

g27kX wrXcr YkxVY

e.g for WAP, CipherSaber

HHHH HHHH HHHH HHHH

Random Hexadecimal (use two for 128-bit key)

64

3D0E 1B64 679B EF65

WEP hex password

AAAAA AAAAA AAAAA AAAAA AAAAA AAAAA AAAAA AAAAA

Random characters

4.7/ch

JBXSY ITPIU BTCPJ ORWIO XKDLS LGJOQ NSLKL XTLSL

One time pads

99999 99999 99999 99999 99999 99999 99999 99999

Random decimal digits

3.3/ch

74940 48825 39092 97632 06101 51714 40936 53014

Statistical use

66666 66666 66666 66666 66666

Random dice throws

2.5/ch

52354 34544 41254 66454 25466

Board games

The characters in each pattern template determine what sort of random characters are presented:

A

Letter, A to Z

9

Digit, 0 to 9

C

Alphanumeric, 0 to 9, A to Z

L

Alphanumeric, upper and lower case, 0 to 9, A to Z, a to z

M

Printable 7-bit ASCII character, sp, 0 to 9, A to Z, a to z, !"#$%&'()*+,-./:;<=>?[\]^_{|}~

H

Hexadecimal (base 16) digit, 0 to 9, A to F

S

Syllable, alternating consonant and vowel

6

Dice throw, 1 - 6

If you are comfortable with HTML, you can add up to nine of your own templates as the Java parameters template1, template2, and so on. Look at the HTML source of this page for an example.

Security

This applet is not the most secure way to make your password! Traces of the passwords you create can be left behind in your computer's memory, among other risks. For maximum security we still recommend using ordinary dice to select a password or passphrase. See the Diceware Page for more details.

Also note that Microsoft's Windows and most Unix operating systems (at least the ones we've tested) force keyboard interrupts to occur at intervals separated on the order of 50 milliseconds. This effectively reduces the resolution of the Java timer and, as a result, the amount of randomness accumulated for each keystroke. To compensate for this problem, PassGenn requires 3 input characters for every output character.

None the less, using this applet to make up a password is far safer than picking your pet's name or your mother's birthday. Because Java applets download and execute in your computer, there is less risk of mischief. This applet does not make any network connections, so you can run it off-line after you download it.

You should be aware that someone could substitute a bogus version of the applet that creates apparently random passwords that are, in fact, easy for the substituter to guess. To reduce this risk, the source code of the applet, with my PGP signature, is published along with the applet itself.

Random generation methods will very rarely create a password that is an English word or phrase or simple letter pattern. If a password looks like an ordinary word (or, with the MMMMMMMM template, is all the same case) simply type some more and use the next password.

Technical Details

PassGen2 uses a strong method for mixing randomness. The earlier version of PassGen used an entropy distiller with a 64-bit internal state, based on a linear congruential algorithm. PassGen2 uses an entropy distiller based on the Arcfour (RC4™) cipher.

As in Arcfour, PassGen2 uses a 256-byte state vector S that is initialized to be a null permutation. As entropy is collected, S is permuted according to the Arcfour key setup algorithm. Before each password output character is emitted, the i and j registers are reset and S is subjected to 10 full mixing passes. This is exactly equivalent to running the Arcfour cipher generation algorithm on S and discarding the first 2560 output characters.

When using an 8-bit value to select a character from an alphabet of length k, there is a risk of bias if k does not evenly divide 256. To eliminate this, candidate cipher output bytes are discarded if they are greater than or equal to the largest multiple of k less than 256.

Published analyses (e.g. http://www.mindspring.com/~dmcgrew/rc4-03.pdf) have shown that Arcfour deviates slightly from perfect randomness. But the deviations measured are far too small to compromise the generation of a few passwords. The extensive additional mixing PassGen2 preforms before each password character is output should eliminate even that bias. Using Arcfour has several advantages. The state space is large, 1684 bits. The algorithm has been widely studied. It is simple to implement and easy to verify. The last consideration is important for anyone contemplating using a utility downloaded over the Internet. For additional protection I have signed the source code using PGP. People desiring even greater assurance can use the dice based password generation techniques described at http://www.diceware.com .

Terms and conditions

Copyright © 1996, 2003 Arnold G. Reinhold, Cambridge, MA, USA

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version, with two additional restrictions:

1. You may not redistribute versions modified to create "malware," including versions that deliberately produce inaccurate or misleading results or that surreptitiously capture data entered by the user or that produce "random" values that are predictable or guessable.

2. You may not redistribute this program in ways that violate the export control laws of the United States.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. If the previous link does not work, you can request a copy of the license by writing to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


E-mail A. G. Reinhold for more information about this applet.

Return to Diceware page.

Return to A. G. Reinhold home page.

Created September 5, 1996, Version 2, October 22, 2002b
Rev. 2003-12-2a, 2005-4-8