A simple cross-platform cryptographically secure (SHA-256) random number generator that uses entropy collected from your mouse movements to generate easy to remember passphrases based on the Diceware list.
For the web version visit https://kalpetros.github.io/hawkpass
The latest version of Hawkpass can be downloaded from the releases page.
First install the necessary dependencies by running:
$ npm install
To run the app in your browser type:
$ npm run develop
Before packaging you need to run a production build by typing:
$ npm run build
Then packaging Hawkpass for your platform can be done using Electron Forge.
To generate platform specific distributables type:
$ npm run make
Check the out folder for the created package.
- Original by Arnold G. Reinhold
- Modified by EFF
- Latin by Sebastian Mozejko
- Greek by kalpetros
- Italian by Tarin Gamberini
- Finnish by Kai Puolamaki
- Chinese by cfbao
- German by Simon Klima
- French by Joachim Dubuquoy-Portois
- Japanese by Hiroshi Yuki
- Norwegian by Willy T. Koch
- Dutch by Bart Van den Eynde
- Czech by Vladimir Sedmik
- Danish by Povl Falk-Jensen
- Portuguese by Paxti Pierce
- Swedish by Magnus Bodin
- Turkish by Mert Dirik
The word "passphrase" is used to convey the idea that a password, which is a single word, is far too short to protect you and that using a longer phrase is much better. The increased length can allow for a greater number of possibilities overall, even if you use a passphrase made of random words to help you remember it. Passphrases made of randomly-chosen words can be both easy to remember and hard for someone else to guess, which is what we want out of a passphrase. While the EFF random number generators are not casino-grade dice, we believe that they are sufficiently random for these purposes. (EFF)
Computers are now fast enough to quickly guess passwords shorter than ten or so characters - and sometimes quite a few more. That means short passwords of any kind, even totally random ones like nQ\m=8*x or !s7e&nUY or gaG5^bG, may be too weak, especially for settings where an attacker is able to quickly try an unlimited number of guesses. This is not necessarily true for an online account, where the speed and quantity of guesses will be limited, but it could be true in other cases (for instance, if someone gets ahold of your device and is trying to crack its encryption password). (EFF)
Your passphrase is especially suitable when directly used to encrypt information, like for full-disk encryption on your laptop or mobile device. The large number of possibilities makes it much harder for someone to crack even if they get ahold of your device and use encryption-cracking hardware. Other great uses are the passphrase for an encryption key (like your PGP or SSH key), or, especially, for unlocking a password safe or password manager application. (EFF)
Your passphrase should only be used for a single purpose, and especially should not be used for more than one online account. Sometimes password databases or websites get compromised. If you reuse a passphrase and it ends up being leaked in a data breach or otherwise discovered, it can be used to try to access your other accounts. (EFF)
- Creating strong passwords
- How to Make a Super-Secure Password Using Dice
- Using Password Managers to Stay Safe Online
- EFF Dice-Generated Passphrases
- Deep Dive: EFF's New Wordlists for Random Passphrases
- Arnold Reinhold's Diceware list
- Guessing human-chosen secrets
Contributions are welcome! To get started please read the contribution guidelines.
Report any issues or feature requests you have here.