6-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
8-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
8-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
5 Blocks of Random Length Characters (a-z0-9 + space)(make: lowercase · uppercase)
5 Blocks of Random Length Characters (a-z + A-Z + 0-9 + Space + Symbols) [!!crazy secure!!](make: lowercase · uppercase)
5 Blocks of 5 Random Characters(make: lowercase · uppercase)
6 Random Words(make: lowercase · uppercase)
6 Random Words + Two Numeric Blocks(make: lowercase · uppercase)
10-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
12-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
12-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
14-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
14-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
18-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
18-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
20-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
20-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
32-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
32-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
36-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
36-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
36-char UUID(make: lowercase · uppercase)
64-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
64-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
127-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
128-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
256-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
256-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
512-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
512-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
768-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
768-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
1024-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
1024-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
2048-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
7168-chars: a-z + A-Z + 0-9(make: lowercase · uppercase)
2048-chars: a-z + A-Z + 0-9 + Symbols(make: lowercase · uppercase)
64 byte tokens(remove commas)
128 byte tokens(remove commas)
256 byte tokens(remove commas)
WPA 2 (63-Characters)(make: lowercase · uppercase)
WPA 2 (64-Character HEX)(make: lowercase · uppercase)
Assuming each password character is chosen from a pallet of 72 possible characters, then each time one adds a character to one's password, one makes it 72 times more difficult to break. Thus, a 15 character password is 72^7 times as hard to break as an 8 character password. That's 10,000,000,000,000 times harder to break.
That is why a 15-character password composed only of random letters and numbers (a-z0-9)
is about 33,000 times stronger
than an 8-character password composed of characters from the entire keyboard
We start by displaying some pretty worthless passwords (easily broken by a brute force attack)
and work our way into more and more secure passwords. It is safe to say that most of the passwords (non worthless ones) are probably WRT
unbreakable passwords, even for modern super computers
. Of course, we do not place any warranty that they c/would not be... but it is highly
unlikely that they could be. Of course, one has to ask, "How in the world could a person be expected to remember any of the 'probably unbreakable' passwords?
" -- to which we do not have an answer. Obviously writing them down greatly increases the risk that somebody might find it and try it. Use at your own risk ;)
All that said, remember that if you are not a big-fan of passwords there are such things as Passphrases
-- which many people
consider to be much more secure then a password!
If one takes into consideration a modern chipset and a budget of $1 billion (100 million custom coded encryption CPU engines in parallel)
, with some of the most efficient brute-force systems available, it is possible to crack a 128 bit encrypted volume in only 1,000 billion years. Of course the important part to remember here is that if the encryption key is either derived from a password, or is encrypted by a hash of a password, then $12M worth of equipment should be able to crack it in about 3 hours and $1B of equipment should crack it in about 2 minutes or so.
What is key to all of this is that cracking encryption methods is not always about using brute force against keys, but rather that guessing passwords which are derived by weak password generators are much more important to realize and use. How one generates keys and what one does to protect their keys is the crucial step to any level of security. It really does not matter if a key length takes a billion years to crack if the process of guessing the password itself only takes a few hours because they are not generated (by us)
and stored (by you)
A Word Of Caution:
Obviously we are taking security seriously with our passwords (even for the weak/worthless ones)
but you should not use ANY of the basic passwords that are lower in security then 14 characters for MS Window passwords as well as for WEP/WPA keys. The reason for this is that some very popular and easy to use tools already exist
to acquire these with very little effort.
This is especially true for MS Windows user-account passwords, because any that are UNDER 14-characters can be cracked with almost no effort at all, regardless of the version of Windows, so it is best to use passwords/passphrases that are greater then 14-characters in length for your Windows Users Account Passwords.
As for how long and strong you should use for WEP/WPA Keys, it is our belief that unless you are running an enterprice wireless network, wireless/wifi security is non-existent, regardless of how long or strong of a password/passphrase you use. Simply put, there are just too many software programs out there that are able to sniff and force wireless passwords. Your best solution is to either disable wireless or go with an option that provides wireless security outside the boundaries of WEP/WPA.
Sunday, May 29, 2016 --
Added "5 Blocks of Random Length Characters (a-z + A-Z + 0-9 + Symbols)
". These are a crazy secure passwords for their given length. So secure that one may question if these are more secure than a "7168-chars: a-z + A-Z + 0-9"
Wednesday, August 12, 2015 --
Added "5 Blocks of Random Length Characters" which should make for an extremely
difficult password to break.
Friday, September 19, 2014 --
After a whole lot of fun (and work, of course)
we are now using quantum random numbers! This is something we have wanted to do for a very long time and are now able to do so. The QRN's are being used as an additional seed for our generator and are 4.351082437154956e186
. Additionally, but not a result of the QRN's, for those passwords that include symbols we have reworked our randomizating to increase symbol inclusion by 4.680977206849978e186
The QRU's are being generated via a vacuum laser random generator as documented here
Tuesday, September 2, 2014 --
Added '36-char Lowercase GUID + Data Separators, including: a-z + A-Z + 0-9 + Symbols + Space'
-- crazy strong passwords!
Sunday, August 17, 2014 --
Added the ability to remove commas from the x-byte tokens.
Saturday, August 16, 2014 --
Added 32/64/128/256 byte tokens.
Wednesday, August 13, 2014 --
Redesigned the website page to make it look better - hopefully - we removed a few options and added a few new options such as the 'WPA2 Keys
' and the '5 Random Words + Two Numerics
' for an added twist. We removed the utterly worthless '6 character'
options, because no password on this planet should only be 6-characters in length.
Wednesday, March 03, 2014 --
We have added a 768-character password (including: a-z + 0-9 + A-Z + Symbols + Space)
to fill in the missing gap between 512 and 1024. We have also removed the fun naming titles to all passwords over 64-characters in length.
Wednesday, October 23, 2013 --
In addition to making some cosmetic changes to the website to help break apart each section by level of cryptographic strengths, we have (1) increased the amount of 7168-characters passwords to four, we have increased the amount of TrueCrypt passwords to six, (3) resolved an issue with the 'Completely Worthless' where are rare occations it would only return five characters and not six, and lastly (4) we have added "18-character" passwords after getting
a lot of requests for it (why??)
Sunday, September 01, 2013 --
We have added a new option called "10 Random Words In Varying Length" which will produce ten randomly sequenced words. Received a request for this. Have a request? Contact @abelajohnb
Thursday, May 02, 2013 --
We have added the new section called "UUID, Lowercase" which is identical to our "UUID" only it uses lowercase (a-z) rather than uppercase (A-Z) for alpha characters, due to popular requests. We have also added the "UUID, MixedCase" which uses both upper and lower case alpha characters. While we cannot remember any software that uses mixed case true guid's, we thought we would provide it for if anybody out there wanted it - it could make for some crazy complex and potentially never reoccurring UUIDs!
Friday, October 19, 2012 --
We have added two new sections, the "5 Random Words
" and the "6 Random Words
" -- which will select five or six random words from a word dictionary and randomize them.
Wednesday, August 8, 2012 --
We resolved an issue with lower-case characters being presented within the "UUID" - a horrible mistake on our part. While we were at it we threw the domain onto a server running a SSD drive so this page is waaaay faster now! It has decreased from an average of 0.87 seconds down to 0.054 seconds! We have also added a new set of passwords entitled "5 Random Strings of 5 Characters" as more and more reports on password strengths are proving that this style of passwords are far superior to a continuous long string of passwords.
Wednesday, May 16, 2012 --
We have added a new function into all passwords that removes "hard to read characters". The present list of characters it will replace are "i, I, 1, l, 0, o, O, p, q". The function replaces each of those hard-to-read-characters with other characters. We have also added a secondary check of the fixDuplicates functions (which checks to make sure one character is not used twice in a row)
Thursday, April 19, 2012 --
We have installed a SSL Cert for the domain so that your connection to our website is over a secure connection. We also added two passwords that are 7168 characters in length, just because we can! (of interesting note: each of the 7168-character passwords takes around 0.01 seconds to compile)
February 03, 2012 --
We have resolved a random occurance of the "True GUID" from periodically being one character short. We fixed that and added a length verification indicator after the GUID. Correct character length
for a True GUID is 36 characters.
July 17, 2011 --
We have added an additional layer of randomization to the following options (which has added an additional 2.75 x 10131 worth of randomization)
: Secure, Relatively Secure, Highly Secure, Extremely Secure. This has been applied to the initial seed.
July 07, 2011 --
We have added a new section that generates GUID
results if you need quick access to one.
July 06, 2011 --
Thanks to @ericcoleman
we have added some code to help reduce (eliminate?)
two identical characters from displaying right after each other. We have also switched to utilize a new random generator that we have developed that greatly decreases our duplication factor. We have tested our random generator (for passwords of 32-chars in length) at one billion rows without a duplication! We have renamed "Very Secure" to "Relatively Secure" so that we could introduce a 32-char string, which we are now calling "Very Secure". It is, for the most part identical to doing a md5() except it is generated via our random password generator and checked for identical-next-character-duplications. We have also relocated to the www.cuddlycactussswords.Net domain!
June 03, 2011 --
We resolved an issue with the 128-char "Highly Useful" passwords today, that was pointed out to us by a California County employee, that resulted in the vast majority of the passwords being all lowercase. We took the opportunity to apply much greater randomization seeds to this set of passwords while we were working on it.
We resolved a small issue with the "Completely Worthless", "Worthless" and "Weak" passwords that was pointed out to us by a school employee. We did not think people would actually use them so we never double-checked them for duplication cycles. Oops.
We added the "Highly Useful: (128-chars in length, including: a-z + 0-9 + A-Z)
" set today. We should have no real security value as it is just a randomized 128-character string with no security checking for things such as consistent character checking, which is important in alpha-numeric only strings. This is more to just give those of you needing 128-character strings a quick way to have some.
We added the "Almost Unbreakable: (255-chars in length, including: a-z + 0-9 + A-Z + Symbols + Space)
" set today due to request from a developer that uses (max) 255-character passwords.
We added two more sets of passwords today. The "Unrealistically Unbreakable" a huge 512-character string and our first "Dare-We-Say Unbreakable?" password, with a massively insane 1024-characters in length! Note that both of these use [space] and it does NOT strip the [space] if the [space] occurs at the end of the password - by design. These two additional sizes where added due to requests we have received for even long passwords than our previously 124-character passwords! Because of the size and time it takes to produce these longer passwords, we are only displaying two of them at any given time.
We added two more sets of passwords today. The "Extremely Secure" and "Probably Unbreakable", both 64-character passwords in length. Note that the "Probably Unbreakable" DOES use [space] and it does NOT strip the [space] if the [space] occurs at the end of the password, by design. The 64-character password is a popular length by many hard drive volume cryptograph programs (including TrueCrypt)
and we've gotten a number of requests to add this length.
Updated: 7/7/2008 --
We made three changes to the "probably unbreakable" level passwords today.
Updated: 2/3/2008 --
- Added: - We now generate a password that is three times longer then necessary, then generate a randomized start/end point and from there, "splice out" a 128-character password. This extra level of randomization will further increase the "true randomness" of this process. Rather then our software always using a specific start/end point, by generating this extra large password and then randomly splitting out a section of the extra large password, it will make it that much more unlikely to have problems with duplication factors. It is beyond our math abilities to compute what increase of to-the-nth-power of randomness this gives us, so that is saying something.
- Updated: - We have also increased the included characters by an additional 20 characters.
- Updated: - We have also made it so a random character will replace the first and/or last character if it was generated as a [space] to help reduce copy/paste errors.
Decided to add another step of randomization for all generated passwords that are "Fairly Strong" and above.
- Added: - We now randomize the "available characters" (i.e.: a-z, a-z0-9, a-z + 0-9 + A-Z + Symbols, etc) rather then using a set-pattern. We should have done this from the start, but neglected to do so. This extra step should truly make the "probably unbreakable" unbreakable to most modern non-super-computers! Unsure of the bit-level increase on this (and unwilling to share further details of what we have done to protect our methodology), but it is a huge increase to the overall bit-level!