quantum5 / correcthorsebatterystaple Goto Github PK

I don't see anything here explaining how you generated your word lists. Would you mind, please, discussing the source corpus and what criteria you used to filter it down? e.g. word frequency/recognition, commonly misspelled/typo'd words, word length, parts of speech (having a diversity of nouns, adjectives, etc). Thank you!

I believe there is a security issue. Is there someone I can contact to report the issue to?

I realize the website is a separate thing, but this is only point of contact I could find. The sites correcthorse.pw and quantum5.ca return this CloudFlare error and have since early this morning:

"If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. "

If there is another party I should contact, please let me know.

if you have it use a large number of words, like ten or more, it's possible for the generated password to go off the side of the box

i suggest capping the number of words allowed, for that reason and also because it just let me generate a 1000-word-long password which is a little silly

It would be useful to be able to pre-populate options via a URL fragment or parameters.
e.g. https://correcthorse.pw/#capatailze=true,digit=true

Specifically this would make it more attractive to link the site in documentation/comms to users when suggesting they use this site to generate a password for a service with a password policy that e.g. requires a capital and number.

Otherwise, things like vibrationhornfeverhandlemadarrogantmoodsonorous are a bit hard to read.