See also Our Big PPG FAQ
If you only want to generate a passphrase then you are almost there. The default settings provide sensible parameters. Click on generate to create a new passphrase or use the get new buttons to alternate single words. Modify your passphrase until you got something that makes sense only to you und is easy to remember. Click on the passphrase, if it is not already selected, and copy it to your clipboard with Ctrl-C.
Get more possibilities by changing the options. Select between various dictionaries [soon to come], vary the allowed length range of the words. Altering the number of words has an heavy impact on security. Passphrases that consist of more words are harder to guess, but may be less easy to remember.
The wordlist that your phrase is derived from can be customized, if you use a local dictionary. After activating the Local dictionary checkbox, the currently used dictionary is downloaded and displayed in a box. You can modify it, extend it or replace it with your own wordlist. Think of wordlists consisting of fish or flower names. Or special wordlists for children. You could even use Shakespeare's complete works as a dictionary—repeated words will be ignored and too short words will be filtered out. Not every device may be capable of processing the amount of data, though.
Using a custom wordlist will make your passphrases even more secure, as the attacker can not use a known dictionary.
A few rules apply:
We have incorporated a small example model into the generator, to make explaining easier. Just use the words correct horse battery staple as your wordlist.
What? It did not work? How embarassing. In fact there is a good chance you let the horse get away. Most people do. You do if you see 3 of 4 words selected over the generate button. Which means, the minimum word length is at the standard setting of 6 (or even higher), and does not include the five-letter-word horse. Once you fixed that, it works. Or, most times it does.
In slotmachine mode, many phrases contain the same word more than once. Let us show why this is important. If a word may appear once, three choices are available for the second word, then two for the third, and the last one pays the bill. Giving only 4 x 3 x 2 x 1 = 24 combinations. If every word is allowed to appear in every place, there are 4 x 4 x 4 x 4 = 256 possible combinations.
So, if you cut out duplicates, you reduce the number of possible choices and therefore security. Of course, with a minimum size directory of 2048 words, duplicates are much much much less frequent. But this fact allows us to let the processes to select each word independently from each other. [is this of any relevance?] [2bc]
Our goal with this site is to gain focus on security in a playful, creative way.
First was the idea that a passphrase generator could be a nice little project to play around with. Next we found out that the domain passphrase-generator.com was still unregistered. And that was it. Brainstorm, stuff ideas into the wiki, let it ripen some weeks. Let it gather momentum. And then start to code. Materialize our ideas. Code, code. This is the hot fingers phase. Functionality and design condense into a product, while losing the beauty of simplicity. Now the site creates work by itself. Content has to be filled in, various ends are to be joined. Another problem solved. Working towards a proof of concept. Then...
We are currently in dire need of funding, hence the following proposal:
Paypal accepts transfers to us under the account peter.rodinger <at> gmail.com.