Password scheme

Posted Jun 5, 2013 15:44 UTC (Wed) by robbe (guest, #16131)
In reply to: Password scheme by diederich
Parent article: DeadDrop and Strongbox

> Selecting at random four words from the /usr/share/dict/words on my
> box (which contains 99171 entries) gives you more than 64 bits of
> entropy.
> [...]
> I'm not aware of any system that allows me to remember that many
> bits of entropy so easily.

Assuming we have the same words file (the number of entries match), this contains a lot of hard-to-remember variants. For example every name occurs in there as "Jack" and as "Jack's". It is definitely not the list of simple words used by XKCD 936 (dictonary size 2^11 == 2048).

For the sake of discussion, a script of mine generated this alternatives from the same 64 bits of randomness:

adzes rights Macumba's staleness's
AU's mastoscirrhus seel Bremerton's
Abgangszeugnisse Sollstärke blumigen Synthetik
17244702336126568816
gyskcgtcjfpsbg
cpprKpTOYLaG
uH25bi602OO
dLl%M4Aw.ZI
?bwto5p5Zs
y°USK8Tüöq
g-ßa+j6ög3bv

Decide for yourself if you're better at remembering the spelling of "mastoscirrhus" or "adzes" (or was it "adzes's") or a shorter random jumble of characters.

[an hour later]
I added another wordlist based on Ogden's Basic English containing a bit over 2000 words. Example output:

disgust saucer cool library overall moral

to post comments

Password scheme

Posted Jun 6, 2013 7:30 UTC (Thu) by micka (subscriber, #38720) [Link] (1 responses)

There are lists created specifically for this usage.
Just take the diceware list or one language spcific one.

Password scheme

Posted Jun 6, 2013 13:07 UTC (Thu) by robbe (guest, #16131) [Link]

The diceware list contains too many obscure entries for my taste. YMMV.

We can agree that /usr/share/dict/words is usually not the best candidate.