Skip to content
n-gram based 'nonsense word' password generator in javascript
Branch: master
Clone or download
Pull request Compare This branch is even with ameba23:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Making a nonsense password generator

Using an online service to generate a memorable password seems like a bit of a security risk, so we were thinking to make one people can use offline.

Grabbing a bunch of words from a dictionary seemed too simple so i had a look at some other online password generators and the thing that interested me most was using nonsense words which follow similar phoneme frequencies as english words. See this Frequency table of English phonemes.

That is, they kind of look like they could be english words, but they're not. Easier to remember than a random string of characters but resiliant to dictionary attacks.

The best program i found that does this is this nonsense word generator. Unfortuanately the source code is not with it, but it works using known average frequencies of phonemes (sounds) in the english language. Somehow the words I managed to generate using the method below just don't seem as catchy so maybe theres still work to be done.

Using n-grams

I also came across this: kchapelier/ngram-word-generator: Word generation based on n-gram models, and a cli utility to generate said models. Which seemed to be kind of what i was looking for. I really like the words they generated from list of french and irish first names!

However since i wanted as big a word-pool as possible I decided to just grab the english dictionary by doing aspell dump master > words.txt and then generated ngrams with ngram-word-generator words.txt words_wt.json.

I wrote a script to make the word length vary, and check that the generated words are not actual english words.

Heres some sample output with word length set to between 5 and 10 characters:











Bit of a mouthfull i know.

We can play around with different word-lists/corpus texts to maybe get some more interesting ones.


Clone the repository and open index.html in a web browser.

Building with browserify

browserify pwgen.js -o pwgenb.js

Next steps:

  • Add the ususall password generator features: Mixed CaSE, numbers, punctuation characters, etc.
  • Html-ify.
  • I would be interested to combine this with something like mixing an adjective-like nonsense word with a noun-like nonsense words, a bit similar to how Debian build names are generated (Vagrant also uses this for giving a catchy name to a virtual machine).

See also:

You can’t perform that action at this time.