Ultra High Security Password Generator

Generating long, high-quality random passwords is
not simple. So here is some totally random raw
material, generated just for YOU, to start with.

Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use:

64 random hexadecimal characters (0-9 and A-F):
249A4147ACDE5970F18F7D23EB43AB67F1E43E374F1574BE6A5C0349B58B72F4

63 random printable ASCII characters:
:I+[4kvEo*-_z0"

63 random alpha-numeric characters (a-z, A-Z, 0-9):
cgw526Wo06GJJ1QqCGba5spnCgYfsmtwaJlSWR9rujcBQSOYcbfx4CE7b9LpuYo

Click your web browser's "refresh" button a few times and watch the password strings change each time.

What makes these perfect and safe?

Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again.

Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.

Therefore, these password strings are just for you. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours.

The "Application Notes" section below discusses various aspects of using these random passwords for locking down wireless WEP and WPA networks, for use as VPN shared secrets, as well as for other purposes.



Application Notes:

A note about "random" and "pseudo-random" terminology:

Throughout this page I use the shorthand term "random" instead of the longer but more precise term "pseudo-random". I use the output of this page — myself — for any purpose, without hesitation, any time I need a chunk of randomness because there is no better place to find anything more trusted, random and safe. The "pseudo-randomness" of these numbers does not make them any less good.

There are ways to generate absolutely random numbers, but computer algorithms cannot be used for that, since, by definition, no deterministic mathematical algorithm can generate a random result. Electrical and mechanical noise found in chaotic physical systems can be tapped and used as a source of true randomness, but this is much more than is needed for our purposes here. High quality algorithms are sufficient.

The deterministic binary noise generated by my server, which is then converted into various displayable formats, is derived from the highest quality mathematical pseudo-random algorithms known. In other words, these password strings are as random as anything non-random can be.

This page's password "raw material":

The raw password material is provided in several formats to support its use in many different applications. Each of the password strings on the page is generated independently of every other, based upon its own unique pseudo-random binary data. So there is no underlying similarity in the data among the various format passwords.

64 hex characters = 256 binary bits:
FE3B333284C5F4CA02C3108E168440169BC20B12EA7623F8ADA07D68334E0390
Each of the 64 hexadecimal characters encodes 4 bits of binary data, so the entire 64 characters is equivalent to 256 binary bits — which is the actual binary key length used by the WiFi WPA pre-shared key (PSK). Some WPA-PSK user interfaces (such as the one in Windows XP) allows the 256-bit WPA pre-shared key to be directly provided as 64 hexadecimal characters. This is a precise means for supplying the WPA keying material, but it is ONLY useful if ALL of the devices in a WPA-protected WiFi network allow the 256-bit keying material to be specified as raw hex. If any device did not support this mode of specification (and most do not) it would not be able to join the network.

Using fewer hex characters for WEP encryption:

If some of your WiFi network cannot support the newer and much stronger (effectively unbreakable when used with maximum-entropy keys like these) WPA encryption system, you'll be forced either to run two WiFi networks in parallel (which is totally feasible — one super-secure and one at lower security) or to downgrade your entire network to weaker WEP encryption. Still, ANY encryption is better than no encryption.

WEP key strength (key length) is sometimes confusing because, although there are only two widely accepted standard lengths, 40-bit and 104-bit, those lengths are sometimes confused by adding the 24-bit IV (initialization vector) counter to the length, resulting in 64-bit and 128-bit total key lengths.

However, the user only ever specifies a key of either 40 or 104 binary bits. Since WEP keys should always be specified in their hexadecimal form to guarantee device interaction, and since each hex digit represents 4 binary bits of the key, 40 and 104 bit keys are represented by 10 and 26 hex digits respectively. So you may simply snip off whatever length of random hex characters you require for your system's WEP key.

Note that if all of your equipment supports the use of the new longer 256/232 bit WEP keys, you would use 232/4 or 58 hexadecimal characters for your pre-shared key.


63 printable ASCII characters hashed down to 256 binary bits:
/[aVK3i/WlC \&tt4'FsLq|p^ukkW:{Z7\sCT*Bz3Q6Hmy+&-0>}K>lqxM_vA7]
The more "standard" means for specifying the 256-bits of WPA keying material is for the user to specify a string of up to 63 printable ASCII characters. This string is then "hashed" along with the network's SSID designation to form a cryptographically strong 256-bit result which is then used by all devices within the WPA-secured WiFi network.


The 63 alphanumeric-only character subset:
EAqgpiYzlUOrC5ASLRwQPtW0fO0O2qLfcTuJxDO7v0xIsJVAoNWwNoSadimfqap
If some device was not following the WiFi Alliance WPA specification by not hashing the entire printable ASCII character set correctly, it would end up with a different 256-bit hash result than devices that correctly obeyed the specification. It would then be unable to connect to any network that uses the full range of printable ASCII characters.

Since we have heard unconfirmed anecdotal reports of such non-compliant WPA devices (and since you might have one), this page also offers "junior" WPA password strings using only the "easy" ASCII characters which even any non-fully-specification-compliant device would have to be able to properly handle. If you find that using the full random ASCII character set within your WPA-PSK protected WiFi network causes one of your devices to be unable to connect to your WPA protected access point, you can downgrade your WPA network to "easy ASCII" by using one of these easy keys.

And don't worry for a moment about using an easy ASCII key. If you still use a full-length 63 character key, your entire network will still be EXTREMELY secure. And PLEASE drop us a line to let us know that you have such a device and what it is!


Shorter pieces are random too:

A beneficial property of these maximum entropy pseudo-random passwords is their lack of "inter-symbol memory." This means that in a string of symbols, any of the possible password symbols is equally likely to occur next. This is important if your application requires you to use shorter password strings. Any "sub-string" of symbols will be just as random and high quality as any other.


When does size matter?

The use of these maximum-entropy passwords minimizes (essentially zeroes) the likelihood of successful "dictionary attacks" since these passwords won't appear in any dictionary. So you should always try to use passwords like these.

When these passwords are used to generate pre-shared keys for protecting WPA WiFi and VPN networks, the only known attack is the use of "brute force" — trying every possible password combination. Brute force attackers hope that the network's designer (you) were lazy and used a shorter password for "convenience". So they start by trying all one-character passwords, then two-character, then three and so on, working their way up toward longer random passwords.

Since the passwords used to generate pre-shared keys are configured into the network only once, and do not need to be entered by their users every time, the best practice is to use the longest possible password and never worry about your password security again.

Note that while this "the longer the better" rule of thumb is always true, long passwords won't protect legacy WEP-protected networks due to well known and readily exploited weaknesses in the WEP keying system and its misuse of WEP's RC4 encryption. With WEP protection, even a highly random maximum-entropy key can be cracked in a few hours. (Listen to Security Now! episode #11 for the full story on cracking WEP security.)

I hope this "passwords" page, and the maximum-entropy and guaranteed unique passwords created just for you will be of immediate and continuing value to you.

Via: Perfect Passwords