← Back to Generator

Passpraise Whitepaper

Technical Documentation & Design Philosophy

1. Introduction

Passpraise is designed to solve a specific paradox in digital security: the trade-off between security (entropy) and memorability (usability). Traditional password managers generate high-entropy strings that are impossible to memorize, while humans naturally create weak, predictable passwords when left to their own devices.

Our mission is to provide a "human-computable" security layer that leverages the cognitive ease of narrative and association—specifically through the names and achievements of notable women in history—to create passphrases that are mathematically strong yet naturally memorable.

2. Privacy & Zero-Knowledge Architecture

Security is not just about the strength of the password, but the integrity of its generation. Passpraise operates on a strict Zero-Knowledge principle.

Client-Side Execution

All logic, data processing, and passphrase generation occur exclusively within your browser's local environment. No data is ever sent to a server.

2.1 No Server-Side Storage

The application is served as a static bundle. Once loaded, it requires no further network communication to function. The generated passphrases exist only in your device's volatile memory (RAM) and are cleared when you close the tab. We do not—and cannot—log, store, or view the passphrases you generate.

2.2 Open Source Transparency

The entire codebase is open for inspection. The generation logic is contained within un-obfuscated JavaScript files, allowing security researchers and users to verify that no backdoors or external transmission mechanisms exist.

2.3 Client-Side Hashing Utility

Passpraise includes a dedicated Hashing Utility that extends the zero-knowledge principle to password hashing. Developers can generate bcrypt, Argon2id, and scrypt hashes directly in the browser using WebAssembly and JavaScript implementations. This ensures that even test data or development seeds are generated without leaving the local environment.

3. The Generation Algorithm

The core of Passpraise is a deterministic yet highly randomized algorithm that constructs passphrases from structured data.

3.1 Source Data & Entropy

The system draws from a curated dataset of approximately 1,000 notable women from history. This dataset is not merely a list of words, but a structured graph of attributes: Names, Birth Years, Achievements, Countries, and Fields of Work.

Entropy Calculation:

  • Base Pool: ~1,000 unique entities.
  • Element Selection: For each entity, we select 3-5 attributes (e.g., Name + Year + Country).
  • Permutations: The combination of entity selection and attribute permutation creates a vast keyspace.
  • Radix: Depending on complexity settings (case, numbers, symbols), the character set size (radix) ranges from 36 to 90+.

3.2 Complexity Enforcement

To meet strict password policies (e.g., "Must contain 1 uppercase, 1 number, 1 special char"), Passpraise employs a "Generate & Verify" approach with fallback injection:

  1. Natural Generation: The system attempts to build a passphrase naturally from the data (e.g., "Curie1867Physics").
  2. Verification: It checks if the result meets all selected complexity rules.
  3. Injection (Fallback): If a rule is not met naturally (e.g., no number present), the algorithm cryptographically injects the required character type into a random position within the string, ensuring compliance without compromising the structure significantly.

3.3 Random Separators

To further increase entropy and prevent dictionary attacks that rely on common delimiters (like hyphens), Passpraise implements a Random Separator system. When enabled, the separator between words is chosen randomly from a set of special characters (/, +, !, ., etc.) for each generation event. This adds an additional layer of unpredictability.

4. Design Philosophy

Passpraise is built on the belief that security tools should be educational and empowering.

4.1 The "Praise" in Passpraise

Every generated passphrase is an opportunity for micro-learning. By associating security with the names of women who have shaped history, we transform a mundane task into a moment of recognition. This narrative context aids memory retention—a technique known as the "Memory Palace" or method of loci.

4.2 Accessibility

The interface is designed to be accessible to all users, featuring:

  • High Contrast Modes: For visual accessibility.
  • Screen Reader Support: Semantic HTML and ARIA labels.
  • Keyboard Navigation: Full control without a mouse.