Do you believe "trying various snippets from random.org history" to be a viable oracle for guessing passwords? Because honestly that does sound a bit paranoid.
I guess I don't understand your statement as an actual real-world vector would look quite different than that. I may not understand what you're suggesting.
Visiting a webpage and copy-pasting a string off of it is not a very good practice for security because you're adding on a lot of parties to trust with that secret!
Effectively you want to minimize ANY place that your secret exist in plaintext, and trusting a webpage with this is just not a good idea.
It absolutely is paranoia. No point calling it anything else.
I imagine owning random.org, and not being very mean but a little clever. I know how many people come here for a quick clip; more importantly I know you come here. I rotate the same blob. I know all the pieces to brute force your infrastructure. Maybe you’ll use the wrong setting and something will be public that shouldn’t be. Hello.
