Using Password Generators

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

C

CTEKAV

Member
Mar 14, 2026
5
0
Steve & Leo were talking about using Password Generators.
I have used Steve's Perfect Passwords, but 64 charactors is just to much for all my
Passwords.

https://www.grc.com/passwords.htm

I started using Proton Password Generator (I like & trust Proton products)

proton.me

Password generator - Create strong, random passwords | Proton

Generate robust, random passwords effortlessly. Our password generator creates strong, secure passwords to safeguard your online accounts
proton.me proton.me

I would like to hear from Leo,Steve & others. What is your opinion on using
the PPG?
 
Last edited:
Any software that uses cryptographically strong random numbers should be easily capable of generating random password strings. Here's a little bit of code I threw together one day during the SN show.

Code: 
jshell
|  Welcome to JShell -- Version 25.0.2
|  For an introduction type: /help intro

jshell> String makeRandomPassword(int pwLen) {
   ...>     final Random rand = new SecureRandom();
   ...>     final StringBuilder sb = new StringBuilder();
   ...>     final char[] characterPool = "Aa0Bb1Cc2Dd3Ee4Ff5Gg6Hh7Ii8Jj9Kk!Ll@Mm#Nn$Oo%Pp^Qq&Rr*Ss(Tt)Uu-Vv+Ww=Xx.Yy;Zz?".toCharArray();
   ...>     for(int i=0;i<pwLen;i++) {
   ...>         sb.append(characterPool[rand.nextInt(characterPool.length)]);
   ...>     }
   ...>     return sb.toString();
   ...> }
|  created method makeRandomPassword(int)

jshell> IO.println(makeRandomPassword(32));
R^=s%cBzD30e^UE#z!;7gLvSk?dGUwnK

jshell> IO.println(makeRandomPassword(32));
X#RBT@Hq^vdNssaA$XzrE3(t;ZJL5.oZ

jshell> IO.println(makeRandomPassword(32));
cQ6!q.X+U(A%1dUXpq.BVM=7EGH%UI*J
 
With Steve's Perfect Passwords, you don't even need to copy the full 64 characters. The times I have used it, I just copied a random substring of the type of password I wanted.
 
I'd assume Proton Pass's generator is good as would any of the major password manager programs. Use what's easiest - a string of random characters may be difficult to enter into your mobile phone's password manager. Length is key.
 
I don't use a Password Manager, but if I did it would be Proton Pass.
I just used the PPG to change all my passwords with one from PPG.

I just wanted to bring Proton Password Generator to Steve's attention
& get his opinion of it, & other listeners might find it useful. It is in reference to SN-1066.

This is from the SN-1066 Show Notes.

Leo Laporte [01:36:18]:
Uh, what do you recommend? Right. What do you do for entropy in your password generator?

Steve Gibson [01:36:26]:
Um, I've, I've got a, a algorithm that's been running for 10 years or something which uses crypto in order to, to, to roll passwords forward.

I signed up to Steve's GRC Email a long time ago, but he gets tons of Emails
so I gave up mentioning anything in an Email.
I don't need Steve to read my email on SN but I told him about
Protons PG so he & Leo could mention it in a SN episode & give
their opinion.

I only used Perfect Passwords for my Asus RT-AX86U Pro Router.

Proton has a good explanation here...

https://proton.me/blog/what-is-password-entropy
 
CTEKAV said:
I don't use a Password Manager
Click to expand...
You really and truly should. It can save you from phishing because it won't fill a password field on the wrong site where one day you might make that mistake, (You can say you never will, but both Steve and Leo have made this type of mistake, or nearly so.)
 
SPP is great, however for personal passwords I use my passwordmanager. For work there are times I need to generate lists of passwords, random strings, and numbers so I like to use the site random.org which provides TRNG.
 
I wish I could remember what it was, but I had some random project idea popped into my head that would have me download the pregenrated files from random.org. Sadly, I can't remember what I wanted those random numbers for.
 
  • Like
Reactions: Mike.P
You must log in or register to reply here.

Similar threads

Maplegate
Is blocking use of password managers really increased security?
Replies
4
Views
102
Security Now Podcast
Darcon
D
I
New Security Analysis of Online Password Managers
Replies
6
Views
1K
Security Now Podcast
idubrawsky
I
B
Browsers Using AI (incremental power usage?)
Replies
3
Views
740
Security Now Podcast
davidgrouse133
D
H
Security Now - #1019 - re Password stuffing - Microsoft
Replies
1
Views
1K
Security Now Podcast
miquelfire
miquelfire
P
What Certificate provider do you use?
Replies
1
Views
597
Security Now Podcast
ABSG
A
Top Bottom
Back