Why not local
Like just generate an md5 hash, truncate it to whatever arbitrary number the shitty website decided is their password length limit, then store it in an encrypted db
Of course this is just a long way of reinventing keepass/1password/bitwarden/icloud keychain/etc
If you’re already generating an md5 and truncating it (an md5 of what?), you might as well use pwgen.
An md5 of whatever string pops in your head at that moment. True randomness is a persons nonsequitors
This makes sense. I had no idea what tools existed because as mentioned many db solutions exist for this
I like the little tools like this that DuckDuckGo has. A couple others:
- “color picker”
- “base64 encode your_text_here” (and “base64 decode encoded_string_here” as well)
- “json formatter”
yeah
now tell me why are people hating it and putting codes on the comments
I think a lot of people turned against DDG when they started pushing their AI generated results really hard. Seems like DDG is going all in on AI. I have started paying for Waterfox’s search engine myself, after using DDG exclusively for years.
my favorite is “qr code” best and easiest qr code generator
This seems like one picked up data packet away from being a bad idea. Am I overthinking this?
This is probably fine. The connection to DDG will be over HTTPS, so a captured packet would need to be decoded first. And if someone were to manage to break the encryption, then they would also need to know what service you used the password for.
Ultimately, it’s more secure to generate locally, but it would be a huge amount of work to get anything usable out of a packet capture
Are they sending data? I’m pretty sure this will just be generated on the client.
Yeah, I tested it. It’s not a client side thing, it is part of the search page output.
oof
might as well send them feedback about that, ddg seems to actually give half a shit about users and it should be a very trivial thing to change.
If you’re going to auto generate passwords, just use BitWarden.
If you’re going to use a password vault, use one you host yourself and not someone else’s service.
The difference in complexity in setting up bitwarden and using your own self-hosted instance of bitwarden is fucking massive. For 99.9% of people rhem using bitwarden would greatly improve their password security and bitwarden has proven to be better than the competition.
I use KeePass. It’s just a local file (which you can sync/host how you see fit if you need to). I don’t understand why people choose to use password managers hosted by other people. You almost certainly don’t need that, and it introduces issues and vulnerabilities with little upside.
You can also just use “random password x” with x being a number. What I use more often is “random uuid” which I hope is self explanatory.
Fun fact: You can generate a random UUID in your web browser without needing to visit a website. Just open your browser console and type
crypto.randomUUID()
$ pwgen -s -1 32
Or just use your password manager. Where you save that password.
gasp what??
That’s fucked up, they should not do that. Even if they do it in a way that users are actually secure (maybe generating the password in the browser, nothing serverside?), it isn’t good to train people to trust a website for this.
I’ve started using https://neal.fun/password-game/ to generate passwords 😊
![TIL that if you search "Password generator, [x] characters, [y] strength" at DuckDuckGo, it will generate a password for you.](https://lemmy.world/pictrs/image/31a5b1e1-4330-4a27-aa88-cc47a25acb05.jpeg){kind=link}