Insult Passphrase Generator
Overall reactions
- Many commenters find the insult generator hilarious and creatively written, with people sharing favorite generated phrases.
- Several say they won’t actually use these as serious passwords, but enjoy them as entertainment or for things like Slack bots, games, or occasional giggles in shells.
Security, entropy, and suitability as passwords
- The claimed ~42 bits of randomness is widely seen as low for modern security; some suggest aiming for 77–128 bits.
- A few argue 42 bits might be brute‑forced in minutes for simple hashes, especially if the generator becomes popular and its space is explicitly targeted.
- Others note that an attacker must first know you used this specific generator; if so, the search space is fixed but still large.
- Some recommend combining two generated insults if used for anything serious, though memorability then becomes an issue.
Server-side generation and trust
- A strong recurring concern: insults are generated on the server, so the operator could log every output and later try those as passwords.
- Several insist that trustworthy passphrase tools should run client-side or locally, with auditable/open-source code.
- Others counter that, even if logged, the generator doesn’t know who you are or where you’ll use the passphrase, and that extreme distrust can be impractical.
Wordlists, offensiveness, and business concerns
- Debate over entries like “china”, “Japanese”, “Colorado”, “Boston”, “English”:
- Some argue these refer to objects or dog breeds, not nations/ethnicities.
- Others say including potentially ethnic or national terms as insults is risky or in poor taste.
- Separate discussion on issuing random passphrases to customers or employees:
- Some say random offensiveness is harmless and even desirable to encourage rapid change.
- Others stress that, in business contexts, even accidental slurs can trigger complaints, bad PR, or feigned outrage, so offensive content should be avoided.
Passphrases vs password managers and alternatives
- Multiple users recommend password managers and locally-run generators (CLI tools, Diceware, custom scripts).
- Passphrases are seen as especially useful for the small number of passwords you must memorize (OS login, master password, etc.).
- There is debate around the oft-cited “correct horse battery staple” model; some emphasize that long, random-character passwords offer much higher entropy when managed by a password manager.