[Cryptography] generated passphrases

jamesd at echeque.com jamesd at echeque.com
Tue Aug 13 18:57:54 EDT 2019

> On Tue, 13 Aug 2019 06:53 jamesd asked:
>> Jitsi uses a random passphrase generator which generates grammatically
>> correct nonsense phrases, but its passphrase generator only generates
>> four word phrases.
>> Obviously, we would be better off using randomly generated grammatically
>> correct twelve word nonsense phrases than randomly generated strings of
>> words.

On 2019-08-14 1:49 am, Arnold Reinhold wrote:
> Please see my Diceware(tm) page (diceware.com) which has word lists in 27 languages and a simple random generation scheme using dice. 

random words is the same as bips32, which open source and the standard 
for crypto currency wallets.  But Diceware has a larger vocabulary.

Passphrases that are grammatically correct will have significantly lower 
entropy, the sum of the binary logarithms of the number of words for 
each part of speech. A "randomly generated grammatically correct twelve 
word nonsense phrase” is unlikely to come close to 128 bit entropy.

Assuming your grammar uses six categories of words generate sentences 
with five hundred words in each category and total number of words is 
three thousand.

Then a randomly generated string of eleven random words will be 127 bits 
of entropy, whereas a randomly generated grammatically correct nonsense 
phrase of fourteen words will be 129 bits of entropy.

> I also have made a table that generates a grammatically correct sentence for any random string of 10 English letters:
>      https://www.researchgate.net/publication/324089943_Making_Random_Letter_Passwords_Memorable
> Two sentences worth (twenty random characters) provides 94 bits of entropy. A third shorter sentence with 7 letter can be added for 128 bit entropy. Just to be clear, the random letters are the password, the sentences are mnemonics for the user.  I do recommend writing passphrases down and keeping them somewhere safe.

One  could get denser entropy than that with grammatically correct 

This email has been checked for viruses by Avast antivirus software.

More information about the cryptography mailing list