Why do I have to roll dice for a new password?
Rolling dice makes the creation of random data transparent for you. To make sure, that the random data is good enough, you only have to check if the dice has all numbers from 1 to 6 and is shaped like a cube. To check the quality of random data that is created by an algorithm you need to not only be able to program to read the algorithm, but have very good mathematical knowledge as well. Another advantage of rolling dice is that it decentralizes the creation of random data whereas an algorithm centralizes that. This means that a not random dice only allows cracking of the password of very few users using that dice, but a bad algorithm potentially allows the cracking of millions of passwords. See the Debian OpenSSL Security Bug for reference.
How hard is it to crack my password?
This table shows how hard it is to crack your new password in comparison to other common password types.
Description | Alphabet size | Length | Possible passwords | Bits |
---|---|---|---|---|
Lowercase letters | 26 | 8 | 268 ≈ 2,09E11 | 37 |
Lowercase letters | 26 | 10 | 2610 ≈ 1,41E14 | 47 |
Lowercase letters | 26 | 11 | 2611 ≈ 3,67E15 | 51 |
Lowercase letters | 26 | 14 | 2614 ≈ 6,45E19 | 65 |
Lowercase and uppercase letters | 52 | 7 | 527 ≈ 1,03E12 | 39 |
Lowercase and uppercase letters | 52 | 9 | 529 ≈ 2,78E15 | 51 |
Lowercase and uppercase letters | 52 | 12 | 5212 ≈ 3,91E20 | 68 |
Lowercase and uppercase letters and special characters | 80 | 6 | 806 ≈ 2,62E11 | 37 |
Lowercase and uppercase letters and special characters | 80 | 8 | 808 ≈ 1,68E15 | 50 |
Lowercase and uppercase letters and special characters | 80 | 10 | 8010 ≈ 1,09E19 | 63 |
Dice method | 65 | one word | 65 = 7776 | 12 |
Dice method | 65 | three words | (65)3 ≈ 4,7E11 | 38 |
Dice method | 65 | four words | (65)4 ≈ 3,66E15 | 51 |
Dice method | 65 | five words | (65)5 ≈ 2,84E19 | 64 |
Why should I let a website create my passwords? Doesn't this enable the website to store my password and steal it that way?
That is true. I vow to not try to steal your passwords with this website. Moreover the web server does not know the created password at any point in time, because all necessary computations are done with javascript in your browser. To make sure that this really is the case you can do the following:
Get new Password
Alternatively you can have a look at the source code of this page and check how the password creation works.
Or you could create your password manually. This works the following way:
hereand then
Save target as