# Random password generator

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Random_password_generator
> Markdown URL: https://mediated.wiki/source/Random_password_generator.md
> Source: https://en.wikipedia.org/wiki/Random_password_generator
> Source revision: 1339202335
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Program that generates password from random number generator}}
[[File:Bitwarden Desktop 2024.12.1 password generator screenshot.webp|thumb|upright=1.2|Random password generator in [Bitwarden](/source/Bitwarden)]]
A '''random password generator''' is a [software](/source/Computer_software) program or [hardware](/source/Computer_hardware) device that takes input from a [random](/source/random) or [pseudo-random](/source/pseudo-random) number generator and automatically generates a [password](/source/password).

[Mnemonic](/source/Mnemonic) hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the [hash](/source/hash_(computing)) can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.<ref name="memorize">{{cite book |last1=Ghazvininejad |first1=Marjan |last2=Knight |first2=Kevin |title=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |chapter=How to Memorize a Random 60-Bit String |date=May–June 2015 |volume=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |pages=1569–1575 |doi=10.3115/v1/N15-1180 |chapter-url=https://www.isi.edu/natural-language/mt/memorize-random-60.pdf |location=Denver, Colorado |publisher=Association for Computational Linguistics |s2cid=8028691 }}</ref>

==Password type and strength==
{{Main|Password strength}}
{{Empty section|date=August 2025}}

==Websites==
=== Web Cryptography API ===
The [Web Cryptography API](/source/Web_Cryptography_API) is the [World Wide Web Consortium](/source/World_Wide_Web_Consortium)’s (W3C) recommendation for a low-level interface that would increase the security of [web applications](/source/Web_application) by allowing them to perform [cryptographic functions](/source/Cryptography) without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the <code>crypto.getRandomValues()</code> method. Here is the simple Javascript code that generate the strong password using web crypto API.<ref>{{Cite web |title=Generate a Secure Random Password Using Web Crypto API and Javascript |url=https://gist.github.com/fearspear/4d757e956b0ff92ad0412691fbfc322f |access-date=2024-01-06 |website=github.com}}</ref><ref>{{Cite web |title=Step-by-step process of creating a robust password using Web Crypto API |url=https://passwordlab.io/blog/step-by-step-process-of-creating-a-robust-password-using-web-crypto-api |access-date=2024-01-06 |website=passwordlab.io}}</ref>

== FIPS 181 standard ==
Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.<ref>{{Cite web |title=StrongPasswords – Community Help Wiki |url=https://help.ubuntu.com/community/StrongPasswords |access-date=2016-03-25 |website=help.ubuntu.com}}</ref> [FIPS 181](/source/cryptography_standards)—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.<ref>
NIST. [http://www.itl.nist.gov/fipspubs/fip181.htm Automated Password Generator standard] [FIPS](/source/Federal_Information_Processing_Standard) 181
</ref> However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.<ref>{{cite conference |author1=Shay, Richard |author2=Kelley, Patrick Gage |author3=Komanduri, Saranga |author4=Mazurek, Michelle L. |author5=Ur, Blase |author6=Vidas, Timothy |author7=Bauer, Lujo |author8=Christin, Nicolas |author9=Cranor, Lorrie Faith |year=2012 |title=Correct horse battery staple: Exploring the usability of system-assigned passphrases |url=http://www.andrew.cmu.edu/user/nicolasc/publications/Shay-SOUPS12.pdf |conference=SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security |doi=10.1145/2335356.2335366}}</ref><ref>{{Cite journal |last1=Ganesan |first1=Ravi |last2=Davies |first2=Chris |year=1994 |title=A New Attack on Random Pronounceable Password Generators |url=http://csrc.nist.gov/publications/history/nissc/1994-17th-NCSC-proceedings-vol-1.pdf |journal=Proceedings of the 17th {NIST}-<nowiki/>{NCSC} National Computer Security Conference |publisher=NIST |pages=184–197 |access-date=2014-12-17}}</ref>

==Mechanical methods==
Yet another method is to use physical devices such as [dice](/source/dice) to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter ''"j"'' from the [fractionation](/source/transposition_cipher) table below.<ref>Levine, John R., Ed.: ''Internet Secrets'', Second edition, page 831 ff.  John Wiley and Sons.</ref> 
:{| class="wikitable"
!
|''1''||''2''||''3''||''4''||''5''||''6''
|-
|''1''
! a
! b
! c
! d
! e
! f
|-
|''2''
! g
! h
! i
! j
! k
! l
|-
|''3''
! m
! n
! o
! p
! q
! r
|-
|''4''
! s
! t
! u
! v
! w
! x
|-
|''5''
! y
! z
! 0
! 1
! 2
! 3
|-
|''6''
! 4
! 5
! 6
! 7
! 8
! 9
|}

==See also==
* [Cryptographically secure pseudorandom number generator](/source/Cryptographically_secure_pseudorandom_number_generator)
* [Diceware](/source/Diceware)
* [Hardware random number generator](/source/Hardware_random_number_generator)
* [Key size](/source/Key_size)
* [Master Password (algorithm)](/source/Master_Password_(algorithm))
* [Password length parameter](/source/Password_length_parameter)
* [Password manager](/source/Password_manager)

==References==
{{Reflist}}

==External links==
<!-- Please do not add links to specific password generator Web sites and programs here. They will be removed. See WP:SPAM -->
* [http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx Cryptographically Secure Random number on Windows without using CryptoAPI] from [MSDN](/source/Microsoft_Developer_Network)
* [https://www.ietf.org/rfc/rfc4086.txt RFC 4086 on Randomness Recommendations for Security] (Replaces earlier RFC 1750.)
<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM -->

<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM -->

{{DEFAULTSORT:Random Password Generator}}
Category:Password authentication
Category:Applications of randomness
Category:Cryptographic algorithms

---
Adapted from the Wikipedia article [Random password generator](https://en.wikipedia.org/wiki/Random_password_generator) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Random_password_generator?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
