[Cryptography] generated passphrases
jamesd at echeque.com
jamesd at echeque.com
Tue Aug 13 18:57:54 EDT 2019
> On Tue, 13 Aug 2019 06:53 jamesd asked:
>> Jitsi uses a random passphrase generator which generates grammatically
>> correct nonsense phrases, but its passphrase generator only generates
>> four word phrases.
>>
>> Obviously, we would be better off using randomly generated grammatically
>> correct twelve word nonsense phrases than randomly generated strings of
>> words.
On 2019-08-14 1:49 am, Arnold Reinhold wrote:
> Please see my Diceware(tm) page (diceware.com) which has word lists in 27 languages and a simple random generation scheme using dice.
random words is the same as bips32, which open source and the standard
for crypto currency wallets. But Diceware has a larger vocabulary.
Passphrases that are grammatically correct will have significantly lower
entropy, the sum of the binary logarithms of the number of words for
each part of speech. A "randomly generated grammatically correct twelve
word nonsense phrase” is unlikely to come close to 128 bit entropy.
Assuming your grammar uses six categories of words generate sentences
with five hundred words in each category and total number of words is
three thousand.
Then a randomly generated string of eleven random words will be 127 bits
of entropy, whereas a randomly generated grammatically correct nonsense
phrase of fourteen words will be 129 bits of entropy.
> I also have made a table that generates a grammatically correct sentence for any random string of 10 English letters:
>
> https://www.researchgate.net/publication/324089943_Making_Random_Letter_Passwords_Memorable
>
> Two sentences worth (twenty random characters) provides 94 bits of entropy. A third shorter sentence with 7 letter can be added for 128 bit entropy. Just to be clear, the random letters are the password, the sentences are mnemonics for the user. I do recommend writing passphrases down and keeping them somewhere safe.
One could get denser entropy than that with grammatically correct
sentences.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the cryptography
mailing list