About

curl -able passphrases generated using entropy from random.org .

Usage

% curl --silent https://passphrase-me.onrender.com/
aries selma stamp mark

% curl --silent https://passphrase-me.onrender.com/?size=5
qualm snap come molten embark

How it works

1. Request integers from random.org , which uses things like atmospheric data to generate truly random numbers
2. Use those integers to look up words in this list using this approach
3. Return those words as a simple text/plain response

Are the passphrases strong?

From the web page for this other generator :

The relationship between the number of words in a pass phrase and the equivalent number of bits in an encryption key is as follows. We must assume [...] that the dictionary from which we choose words is known. This dictionary contains 27489 [..] words, so the information content of a word chosen randomly from the dictionary is [..] its order in the dictionary, 0 to 27488, or log2(27489)≈14.75 bits per word.

The word list used here has 7,776 entries. This leads to a slightly lower bits per word of 12.92. At the default length of 4, you're getting ~51 bits.

The inspirational xkcd comic states it would take a computer 550 years to brute force a passphrase with 44 bits of entropy, so we're doing at least that well. If you're concerned, increase the number of words.

Is it safe to use this site?

Assuming you trust SSL, yes.

Aside from the word list itself, everything else (the random numbers, the generated passphrases) is stored only in memory and sent directly and only to you over an SSL connection.

If in doubt, please vet the source code yourself.

Doesn't mkpasswd(1) do this?

Yes, but it generates gibberish passwords. This is meant to generate secure, but memorable passphrases.