October 24, 2023

New Generators

• Whitespace (Random)
  • 21 characters are printable non-zero width.
  • 11 characters are non-printable zero-width.
  • Easter egg.
• Obscure (Alternate)
  • Sourced from https://phrontistery.info

New Features

• Noto Sans Mono replaces the operating system fonts for displaying passwords.
• Whitespace password generator picked from 32 non-control spaces/blanks from Unicode.
• Selecting the password with the mouse now matches the color of the requested security level (red, orange, yellow, and green).
• Add Dibels (Pseudowords) to the "Every Word List" (Alternate) generator.
• Add Obscure (Alternate) to the "Every Word List" (Alternate) generator.
• "Every Word List" (Alternate) keyspace is now larger than 65,536 (16-bits) unique words.

Other Changes

• Passwords are aligned vertically.
• Comment cleanup.
• Minor CSS adjustments.
• Minor code refactor.
• RNG now 32 bits.
• Change base 4 DNA strings to 0-3 digits.
• Fix typos.

May 23, 2023

New Features

• Add the "Acronym" passphrase generator
  • Make a passphrase from a randomly chosen word turning it into an acronym.
  • E.G., "counting" could generate crummiest-ore-unthawed-narnia-tails-itself-navigator-Gamboge
• Add Koremutake pseudoword generator
  • Similar to Munemo in that it's designed to be a decimal encoder, but encodes unsigned integers.
  • E.G., "tradifefogypribagafribribrada"
• Add Lord of the Rings passphrase generator
  • Having Game of Thrones, Harry Potter, Star Trek, and Star Wars passphrase generators, but not Lord of the Rings was definitely a gaping hole. This plugs that hole.
  • Uses the 8k word list from the Eyeware project
  • E.G., "bands-declare-waiting-loathsome-mires-thinning-legolas"
• Add Verbs, Adjectives, Noune passphrase generator
  • Inspired by Storybits, the generates syntactically valid verb/adjective/noun triplets to improve memorability.
  • Each word list is free of prefix and suffix words and is fully decodable.
  • To make each triplet also fully decodable, the first character of each verb, adjective, and noun is capitalized.
  • E.G., "RuinsFormerWages-HonorsFiveMonks-UnitedGlobalHelps-AlertsSuddenPlugs"
• Add DIBELS pseudoword generator
  • Nonsense word fluency from the DIBELS system.
  • E.G., "vage-foj-parb-nime-min-sev-plish"
• Add password statistics overlay feature
  • Feature request #15 asked if the total number of elements could be displayed to help shape intuition about password security.
  • So password statistics were moved out of the box into an overlay that is activated and dismissed with a click.
• Update to Emoji 15.0
  • Released in September, 2022
• Switch from Mozilla twemoji-colr to Google Noto Color font
  • Unfortunately, the future of the Twemoji project by Twitter is uncertain. Because the font created by Mozilla depends on it, it's unclear if the Mozilla font will remain updated with future Unicode releases.
  • Google Noto fonts are open source and updated to the latest Emoji standard.

Back end Changes

• Break up main.js into smaller, more manageable scripts
• JSDocs on every function
• "use strict" everywhere
• Code refactoring, small bug fixes

August 2, 2022

New word lists

• Rearrange selection options in the "Alternate" passphrase generator to "English" and "Non-English" option groups.
  • Add new English option "Common Words Only" balancing minimal memorization effort, maximizing familiarity to most speakers, and keeping the security margin to an acceptable level. Thanks @roycewilliams for the feature request.
  • Change the default selection from "Colors" to "Common Words Only".
• Rename "Bitcoin" generator to "Cryptocurrency"
  • Add "Bitcoin" and "Monero" option groups.
  • Add Monero word lists with CRC32 checksum standard.
• Add "Lepron" pseudoword generator

Functional changes

• Add feature to track the user-selected security margin across browser sessions via localStorage.
• Update Emoji font to the latest Twemoji 14.0.2 SVGs.
• Replace the "entropy bar" with a range slider.
  • Replace the range of 55 - 80 bits every 5 bits with 48 - 128 bits every 8 bits.

General bug fixes and improvements

• Rename "Apple, Inc." to "Apple Keychain".
• Fix Apple pseudoword bug.
• Some Firefox and Safari browser fixes.
• Mouse entropy collector fixes:
  • JavaScript optimizations.
  • Tightly couple mouse movement with the animated randogram.
  • Update mouse pointer to increase placement accuracy and visibility.
• Remove old unused code.

February 9, 2022

New features:

• Six new languages in the "Alternate" generator:
  • Afrikaans
  • Belarusian
  • Croatian
  • Mongolian
  • Serbian
  • Ukranian
• New "Wordle" passphrase in the "Alternate" generator.
• Update Emoji to version 14.0.

Bug fixes:

• Convert Deseret alphabet to their Unicode uppercase versions for better readability
  • Move lowercase version to the "extra" lists directory.
• Update the Diceware Bulgarian word list.
• Add JSDoc comments to all functions.

October 24, 2021

The is a small release:

• Change switch/case statements to if/else, and be more consistent with syntax.
• Fix base32 entropy calculation bug.
• Add two new pseudoword generators: Daefen encoding by @alexvandesande and Urbit

A quick note about the pseudoword generators:

Daefen

Daefen is another binary-to-text encoding system. I have deployed a number of different binary-to-text encoding algorithms as a password generator, even if that's not explicitly what they're designed for. Some proved some benefits which can be extended into the password space, and Daefen is one of these.

Daefen encodes any number into a base-3456 pronounceable string. By using the vowel character set of "aeiouy" and the consonant character set of "bcdfghjklmnprstvwz", there are:

• 108 "vowel + consonant" pairs
• 108 "consonant + vowel" pairs
• 648 "consonant + vowel + vowel" triplets
• 648 "vowel + consonant + vowel" triplets
• 1,944 "consonant + vowel + consonant" triplets

There is deterministic logic to break these up into "words" which can result in different word lengths in the generated pseudoword from generation to generation. The first character in each "word" is capitalized.

Exempli gratia:

• Uriyju-Kaodyh-Ko-Kui
• Sekado-Itabih-Sujsuv
• His-Orpeb-Ukevef-Duu
• Jou-Se-Sezryp-Wobke

There is log2(3456) ~= 11.75 bits of security per "word" syllable. This is the densest pseudoword generator in the project producing the shortest passwords.

Urbit

The Urbit naming system uses 256 prefixes and 256 suffixes using "consonant + vowel + consonant" for each syllable. The vowels for the prefixes are strictly "a", "i", and "o". The vowels for the suffixes are strictly "e", "u", and "y" with one exception for "doz". Each "word" thus has 2 syllables providing log2(256) + log2(256) = 16 bits of security. This is on par with the Bubble Babble and Proquints generators.

Note: to remain in theme with the Urbit naming system, each pseudoword starts with the tilde "~". This extra character does not provide any additional security.

Exempli gratia:

• ~davfep-nampur-ronren-ripsyl-noprym
• ~bintep-doslus-hactyr-tamfur-sopleb
• ~witmug-tamtuc-lintex-tanlex-dapryd
• ~fabmun-dismeb-randus-nilred-milpec

July 29, 2021

Mouse Entropy

Mouse entropy collection is a new feature for "true random" numbers that can be mixed in with the browser CSPRNG during password generation. This uses a 400x400 pixel animated canvas drawn with the browser CSPRNG. As your mouse (or finger--it's mobile friendly) moves over the randogram the xy-coordinate at that interrupt is recorded and saved. All coordinate bits are whitened using John von Neumann debiasing, then saved in local storage. After collection, the user may opt to mix that entropy in during password generation. It's mixed in with the browser CSPRNG using the xor operation.

To make mouse entropy collection less boring, it has been gamified using Star Trek: The Next Generation pip rankings. Every rank promotion requires collecting twice as many bits as the previous rank. There are 14 total ranks. In order, they are: Cadet, Chief Petty Officer, Ensign, Lieutenant Junior Grade, Lieutenant, Lieutenant Commander, Commander, Captain, Fleet Captain, Commodore, Rear Admiral, Vice Admiral, Admiral, and Fleet Admiral.

Updates and Changes

Random generator updates

• Change base64 characters to uuencode standard
• Base45 (QR code encoding)
• Rename "Coin Flips" and "DNA Sequences" to "base2" and "base4" respectively
• Remove Braille
• Add Mac OS Roman
• Update emoji font file to latest Mozilla twemoji

Other updates

• Remove DiceKeys completely
• Change theme switcher

Minor Fixes

• JavaScript cleanup
• Bug fixes

May 6, 2021

New features

• Checksums for Bitcoin, Bubble Babble, Base32, and Letterblock Diceware
• New pseudoword generators Letterblock Diceware, Munemo, Proquints
• Removed pseudoword generators Secret Ninja and Korean K-Pop
• Improved Diceware NLP to start with two adjectives for an odd number of words in the passphrase
• Updated bookmarklets
• Bug fixes

March 31, 2021

Bux fix release:

• Fix the "English (All)" generator in Alternate. Previously, I had added two array types instead of the elements themselves. This fix specifically adds the adjectives and nouns from the Diceware Natural Language Passwords. Consequently, this bumps the unique words from 32,862 to 41,076
• Also realized the "S/KEY" word list is still English words, even if some are prefixes or postfixes. So it fits better under Alternate than Pseudowords.

March 30, 2021

New word lists:

• Added formal Pokerware list to the "Alternate" generators.
• Added Natural Language Passwords to the "Diceware" generators.
  • This is an officially mentioned list on the diceware.com page. It's made up of 1,296 adjectives and 7,776 nouns. Use 4 dice to roll for a random adjective, then 5 dice for a random noun. Alternate for a more memorable passphrase.
• Added the S/Key words from RFC 1760 to the "Pseudowords" generators.
• Added the "English (All)" option to the "Alternate" generators.
  • This combines every English word list supplied by the project into a "mega list". After removing duplicates, this returns 39,862 unique words, providing about 15.28 bits of entropy per word.

Bug fixes:

• The "Korean K-pop" and "Secret Ninja" generators security was significantly less than expected, due to only evaluating the first few elements of each array rather than the full array itself.
  • If you used either of these generators for any account, you should update your passwords.

Other stuffs:

• Cleaned up some old CSS that is no longer necessary.
• Cleaned up some old logic from testing.
• Added the version to the page.
• Cleaned up some of the text in each div.
  • Removed '~' for "about", and just decided to stick with the integer floor, which is "good enough".
  • Comma-separated the bits count and characters count for each.
  • Other text changes.

December 31, 2020

New Features

• Bitcoin Portuguese word list added.
• Diceware Greek word list added.
• Diceware Chinese word list changed to the 8k Pinyin word list.
• Diceware English word list changed to the 8k word list.
• Update to Emoji 13.1 standard.
• Clean up the "Random" category drop down list.
• Remove standard base64, but keep URL safe base64.

Bug Fixes

• Theme switcher now can be used with the file:// protocol without CORS violaion (via @minig0d)
• JavaScript static analysis and linting via Standard.js
• JavaScript code cleanup