Java Password Generator

This password generator gives you a list of ten "pronounceable" passwords. It is modeled after Morrie Gasser's original generator described in

• Gasser, M., A Random Word Generator for Pronouncable Passwords, MTR-3006, The MITRE Corporation, Bedford, MA 01730, ESD-TR-75-97, HQ Electronic Systems Division, Hanscom AFB, MA 01731. NTIS AD A 017676.

except that Morrie's used a second-order approximation to English and this generator uses a third-order approximation. A descendant of Gasser's generator was added to the Multics operating system by Project Guardian in the mid 70s, and I believe Digital's VMS added a similar feature in the 80s.  FIPS Standard 181 describes a similar digraph-based generator, derived from Gasser's.

The first digraph-based password generator I know of was written by Daniel J. Edwards about 1965 for MIT's CTSS timesharing system.

This generator is programmed in  Java.

The best way to use this generator is to take its output it in ways known only to you. Make some letters capital, or insert punctuation and numbers.

Understand that the entire source of randomness in this generator is the constructor for the Java class Random(), which typically uses the system date and time. If you wish to secure extremely valuable assets, consider using better sources of randomness, longer passwords, or stronger methods than passwords. See  RFC 4086, Randomness Requirements for Security, D. Eastlake, 3rd, J. Schiller, S. Crocker. June 2005.

(Note also that  static or reusable passwords are obsolete. If you have a choice of authentication methods, look for a stronger method than passwords.)

The button below is displayed by a small applet. Clicking it downloads and runs a large class. Be patient. A JIT compiler speeds up execution of this tool substantially.

You are welcome to use the source of the password generator, if you

• Share your source with others freely
• Let me know you're using it
• Give me credit, and all the other pioneers, if you use the data or algorithms

To copy the binaries, just click on Gpw.class GpwData.class GpwDataInit1.class GpwDataInit2.class and GpwWindow.class

This tool is also available in C/C++.

updated 01/24/97 to work around AWT bugs on UNIX. Tested with Netscape on Solaris, Win95, and Mac

updated 07/31/97 to work around Java 1.1 problems with Netscape 4.0.

Steve Weintraub has written a nice pre-packaged version called  XYZZY for Mac and Windows.