Keys should be random. The hints make it too easy. Lets say there exist 100 male names and 100 female names, thats just 100*100 combinations for names part. You could make the key generation intentionally slow though to limit the crack speed.
> You could make the key generation intentionally slow though to limit the crack speed.
Am attacker keen enough to bruteforce can easily copy the ciphertext, IV, and salt to a tool that doesn't have a slowdown. Or, just modify the JS to remove the artificial slowdown.
Presumably they are using some KDF (Key derivation function) that is designed to be algorithmically slow in some way that you can't trivially sidestep.
Unless I hit my head really hard, there's zero chance I will forget this passphrase.