Note: This version of RLPassWeb does not use the letter Y to increase the probability of pronounceable words while slightly decreasing the entropy of the resulting password.
RLPassWeb is designed to create so-called "natural language" passwords for user accounts. These passwords are designed to be phonetically easy to pronounce, and can be associated into memory as "words" that can be more easily remembered than completely random passwords. RLPassWeb gives you three options for doing this, progressively with more entropy (i.e. harder to guess): consonant/vowel pairs, passwords based on standard english consonant/vowel patterns, and random alphabetic/alphanumeric passwords.
Please note that while these passwords are easy to remember, they are also more vulnerable to attack, because they are not as random - anything with a pattern to it can be broken. For the most secure password possible, the password should contain upper and lowercase letters, numbers, and special symbols, generated by a true-random algorithm (according to Tom Clancy, the most random you can get are samples of atmospheric FM radiation interpolated via a computerized hashing algorithm). However, if someone attempting to crack your password was unaware that you used a natural language password, it should be nearly as secure as a totally random password to brute-force attempts - however, it is important to note that by only using 26 letters instead of the full 128-character ASCII set, you are still reducing the number of tries needed to guess your password, which can be a problem for generating passwords for encryption. To combat this, use numbers and capitals as well, or if you're really paranoid, try a completely random generator (such as the "random" option below), or an easier-to-remember high-entropy method such as Diceware. However, if you simply need a password for your email or other online accounts, natural-language passwords should be more than enough for everyday use - and, in combination with other words or methods, can be used to make easier-to-remember but still secure passwords for uses such as PGP encryption.
For maximum security, it is recommended that you change your password on your online accounts frequently. The jury's still out on whether it's safe to write passwords down - if you're not using the password for high-security applications, and don't worry about people going through your pockets at night, a scrap of paper in your wallet is probably secure enough - just remember, though, that if you're really worried about someone finding your password, memorization is the most foolproof method - until you forget.
And now, the actual RLPassWeb program:
Length of password in characters: Note: Version 2 Passwords should be limited to a length of 15 characters to work properly - for the other algorithms, you can set this to any length that you desire, but take note that after a certain length the memory advantage of natural language passwords becomes limited.
Include lowercase letters in password? (1=yes/0=no) Including lower-case letters inproves the security of your passwords. Note that if you are using Version 3, entering a "2" here also includes numbers.
Include numbers at the end of the password? Including numbers improves the security of your password.
For version 2 only: select a bitpattern.
6. VCCVVCVCCVVCVCC - reccommended
The bitpattern determines the proportion and order of vowels and consonants according to a standardized pattern derived from simlar patterns in common english words. Be careful when using this algorithm, as it has a greater likelihood of generating actual dictionary words than the other algorithms.
- this is the original version of RLPassWeb. This generates a Natural Langauge password consisting of consonant/vowel pairs. For added security, you can also include lowercase letters and append numbers. This algorithm is moderately random, and provides a decent level of security for the casual user. This algorithm uses the lowercase and number inclusion settings.
- this version of RLPassWeb generates passwords using bitpatterns based on the distribution of consonants and vowels in English-language words. This may or may not generate passwords that are more easily memorable than Version 1 or Version 3 passwords. However, because they are based on patterns, they are less random than Version 3, but more random than Version 1 if a potential attack is unaware of the pattern used to generate the password. This algorithm uses the lowercase and bitpattern settings.
- Completely random alphabetic/alphanumeric password. Should be the most random/most secure of any of the algorithms. Options: lowercase bit set to 0 - all-caps alphabetic; set to 1 - multicase alphabetic; set to 2 - multicase/alphanumeric. This algorithm uses the lowercase setting.
- not a natural language generator. Generates a completely random password with upper and lower-case letters, numbers, and special characters.