All Rights Reserved.
Launch Codes - Secure Offline Password Generation
Download | FAQ | How to Compile | Software License
In general, password generation websites cannot be trusted. Here's why:
- Do websites record which IP address received which password at what time? Could that information be disclosed to others or subpoenaed?
- In most cases, the public cannot view the website's password generation source code. Exactly how are the passwords produced?
- Do websites seed RNGs with time or other known weak data (making passwords easily predictable and repeatable)?
- External sources of randomness could be manipulated without your knowledge.
- Do websites use plain-text HTTP to display passwords to users?
- Do websites use weak or homemade RNGs?