How safe are password generator sites?

How safe are password generator sites?

I'm paranoid they are run by Russian crooks logging everything on the side

Attached: 1512857691440.jpg (446x396, 64K)

Generate a password and then send it through your own hash function then.

Literally just write a 1-line shell script. Hell, make it an alias.

Me on the left

highly unlikely. normies don't use pwgen sites. crooks are mostly going after low hanging fruit or ez to crack pws. if you're really that mentally ill generate the pw then change a single variable and you defeat this meme.

generate passwords using your own rng loser

Just use pwgen?

add emojis to your password

Generate a password with your password manager or a passphrase with diceware.

You're meant to glue together bits from multiple generated passwords, to get the password you'll actually use.

Run it through an online hasher, preferably one owned by Russians

stop using yandex then

Attached: totally legit.png (473x89, 8K)

Just bash on your keyboard.

Why not just use GUIDs as your passwords?

i think keepass generates sane defaults and it's offline. also, have upboat for posting original wojak.

then write your own you poo in loo

open the bible and make the first paragraph you see your new password

Christians are cucks but this is solid advice
>Strong pw with high entropy, hard to crack by a computer
>easy to memorize, probably you already know it
>you have it written down already

Oh I get it, he has cancer.

This needs a counterargument using a quote from the bible.

Just keep your passwords written down somewhere. But here's the kicker, your passwords all end in some character of your choosing, that you omit when writing them down.
So make your password
E9@

if it's easy to memorize it's more vulnerable to dictionary attack than random string of gibberish

>But here's the kicker, your passwords all end in some character of your choosing, that you omit when writing them down.
>That way if anyone gets their hands on your password file, the passwords are all useless because they're all wrong.
except cianiggers are reading this and taking notes to specifically try this before giving up

That's why you don't use the number 8 like I mentioned, you use something else of your choosing that you don't tell anyone.

doesn't matter, it's just way too long to brute-force even with dictionary attacks

Why would you even risk using a website? If you want convenience use an open source local password manager. You can even sync it on the web, but rather than being owned and originated by a third party; they simply have an encrypted version. Maybe if the CIA were up your ass that might concern you but not realistically.

Don't trust Russians for a fucking second.
You're right to be wary. Watch the bastards like a hawk.

Attached: CopyQ.OEVJEw.png (666x598, 190K)

It's very low entropy.
>edition of bible
>location of passage
>length of passage
That's it. This is true for basically any book.

That's the trade-off -- something easy to remember can still have sufficient entropy to be secure, but it'll be much, much, much worse than a truly random string of equal length.
You'll need to write down the string.

See above.

just use /dev/urandom/ - it's not the autismo best but honestly - it'll keep even the most determined Russki h4XX0r from being able to get into the veracrypt container with all your furry futa.

Just write your own, it's an incredibly simple piece of software

just add more entropy
>multiple editions of Bible
>multiple passages
>throw a random word from a random book

Don't have more than one Bible? stop LARPing as a Christian cuckold

it was based on a Jow Forums post where a qt getting in the bus decided to sit next to the greasy neckbeard instead of the greek god user

I feel like they all do this shit
its more about hitting the grey zone products, then you cant actually get charged for doping

>take shit on keyboard
>record output
Random and no Russians.

as a general rule dont trust anybody really,
your clickbait literally means nothing here.

That's right user, Russia and China are your enemy! Ignore your own government spying on you. Ignore your data being bought and sold as a commodity.

I printed out dicewords forever ago and keep it in my desk

Perfect security, that's now easy

You're literally defending a one-character password mate.

I just checked the first three google results for "password generator" and they were all completely client side.

Just use KeepassXC, it has a built-in password generator

how do people crack passwords? I literally use two different passwords with different numbers at the end and different capital letters for everything. Am I gonna get super hacked?

>download list of randomly generated passwords
>encrypt it with a fresh RSA-2048 key
>read the bytes of cyphertext and pick one at random mod length of file
>if selection translates to valid ASCII or Unicode character use it
>continue doing this until desired password length

Google Chrome has a built in randomized password generator.

Lol, i kek'd. Ty user

that shit never works. It never remembers the fucking auto-password or says it's not correct when i try to sign in somewhere and I have to reset it.

>How safe are password generator sites?
not very safe. i don't know what part of "never give your passwords to anyone" people don't understand?
>Google Chrome has a built in randomized password generator.
wow google made it? fuck, better start using that instead of securely generating them using an algorithm not implemented by fucking retards of the tech world. thanks, tripfagging faggot. as per usual, your suggestions are fucking worthless.

They hack that random shitty forum with poor security practices you signed up for years ago and forgot about and then try that email/password combination on every other site. No matter how good your password is, if you're reusing it, it's not secure at all.

If you have a hash and know how it's encrypted, then all you need to do is make a guess and run it through the same encryption process until they match (computers do this extremely well).

obviously there are more sophisticated methods

Go suck Google's dick, tripfag.

why not just use KeePass or something?

OP the truth is, you're not very important. You can have some of your leaked passwords out there and they still won't be used unless they're being used on services.

Some password managers have generators as well. Or you could do it with paper and pen, diceware and shit. But the truth is you don't need to go too far there. Just make a 7 word long passphrase that doesn't make any fucking sense, add a number there and maybe hashtags instead of spaces, use that as a bitwarden master password, manage every non important site there with the random password generator bitwarden already has, and with the important shit (like your google account maybe) do the same thing as that master password. Maybe add or subtract a word. Also use 2FA I guess.

The thing is even though this is not probably the best advice, it's still much better than what most people use, and let me tell you as someone who used a total of 5 different passwords for 20 years, of which none are over 10 characters or have anything but letters and numbers: I haven't had anything taken from me.