<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 8/12/19 6:53 PM, <a class="moz-txt-link-abbreviated" href="mailto:jamesd@echeque.com">jamesd@echeque.com</a>
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1c986b43-4176-1f1b-4404-d36b41de04b9@echeque.com">There
are plenty of random phrase generators around, but I have not
found their algorithms and their word databases.
<br>
<br>
I hope someone could direct me to some open source for random
phrase generation
<br>
</blockquote>
<p>I have a simple largely homebrew solution using mnencode. I
downloaded my copy a long time ago, but I think it is the same as
<a href="https://github.com/singpolyma/mnemonicode">https://github.com/singpolyma/mnemonicode</a></p>
<p>It is a program that converts data to words (and the companion
mndecode converts back). It is like base64 but more pronounceable
output. And because it is a two-way thing--nothing added nothing
lost--whatever entropy you feed in is in the output.</p>
<p>I use it to generate passwords by (roughly*) feeding a few bytes
from Linux's /dev/urandom into it. Presto: turn high quality
random bits into something memorable.</p>
<p><tt>$ head -c 4 /dev/random | mnencode</tt><tt><br>
</tt><tt> Wordlist ver 0.7 - EXPECT INCOMPATIBLE CHANGES</tt><tt><br>
</tt><tt> artist-equal-cricket</tt><tt><br>
</tt><tt>$ head -c 4 /dev/random | mnencode</tt><tt><br>
</tt><tt> Wordlist ver 0.7 - EXPECT INCOMPATIBLE CHANGES</tt><tt><br>
</tt><tt> eric-panic-visitor</tt><tt><br>
</tt><tt>$ head -c 4 /dev/random | mnencode</tt><tt><br>
</tt><tt> Wordlist ver 0.7 - EXPECT INCOMPATIBLE CHANGES</tt><tt><br>
</tt><tt> orient-empire-final</tt><tt><br>
</tt><tt>$ head -c 4 /dev/random | mnencode<br>
Wordlist ver 0.7 - EXPECT INCOMPATIBLE CHANGES<br>
costume-harvard-charlie </tt><br>
</p>
<p>Those are high quality passwords with 32-bits of real entropy
each.<br>
</p>
<blockquote>
<p> * Actually, I use it in combination with a Python program I
wrote to generate somewhat more complicated passwords. For
example sometimes systems will silently truncate passwords at,
say, 8-characters. So that last one might actually end up being
"costume-", which isn't so good. So I recommend prepending some
hex digits. If some stupid system truncates "<tt>7csaturn-accent-vatican</tt>"
at 8-characters it will still be "<tt>7csaturn</tt>" which isn't
a horrible password.<br>
</p>
</blockquote>
<br>
<blockquote type="cite"
cite="mid:1c986b43-4176-1f1b-4404-d36b41de04b9@echeque.com">pass
phrases for crypto currency accounts require about a 128 bits of
entropy<br>
</blockquote>
<p>The difference between a login password and an encryption
passphrase is gigantic and mostly ignored. I am so glad to see
people underlining this point.</p>
<p>Encryption passphrases are <i>really</i> hard to reliably
remember (and quite hard to blindly type accurately without a
keyboard echo).</p>
<p>In the examples above it is easy to "curve fit" an idea through
three words, and use it to help remember the password. But when it
gets longer the "curve" gets bumpy and arbitrary. The following is
128-bits of entropy, and a monster to remember and type:<br>
</p>
<blockquote>
<p><tt>artist-equal-cricket-</tt><tt><tt>eric-panic-visitor-</tt></tt><tt><tt><tt>orient-empire-final-</tt></tt></tt><tt><tt><tt><tt>costume-harvard-charlie
</tt></tt><tt>
</tt></tt><tt>
</tt>
</tt></p>
</blockquote>
<p>And get wrong a word form ("visit" vs "visitor") or confuse your
Brit sports ("rugby" vs "cricket") and you are locked out.<br>
</p>
<blockquote type="cite"
cite="mid:1c986b43-4176-1f1b-4404-d36b41de04b9@echeque.com">
Trouble is random words are hard to remember and type.
Grammatically correct nonsense passphrases are easier to remember
and type.
<br>
</blockquote>
<p>But in a real sentence it is even easier to mess up a plural or
tense or preposition. (Or was it: "But in real sentences it's even
easier to mess up plurals or tense or a preposition.")</p>
<p><br>
</p>
<p>Passphrases are hard. That's the key reason I think ssh keys are
almost always a bad idea: the key file isn't going to be protected
with a decent passphrase because decent passphrases are really
hard. Whereas an ssh password like "<tt>3d97critic-develop-winter</tt>"
has over 47-bits of entropy; if the sshd has any rate limiting it
will take years of continuous hammering to have a 50-50 chance of
getting in.</p>
<p>The fact that an ssh key will survive even more years of the same
hammering doesn't see so valuable if:</p>
<p>a) The computer it is protecting doesn't have that long a
lifetime.</p>
<p>b) The at-rest key file, were it to be acquired by the Bad Guys,
can be attacked at arbitrary speeds and might succumb far sooner.</p>
<p><br>
</p>
<p>If you had an important passphrase that you needed to type from
memory what would I recommend?</p>
<p>- It's okay to have internal structure to the passphrase to make
it easier to deal with: some numbers here, some words there, some
punctuation or capitalization mixed in. But don't tell anyone what
that structure is, keep it secret--which means don't use it
anywhere else.</p>
<p>- Make the passphrase long. Even if the components are all low
entropy (dictionary words) the whole thing being longer and in a
unknown format makes cracking much harder.</p>
<p>- Put significant real entropy in it. (That is, choices you did <i>not</i>
make but were made by some high quality RNG.)</p>
<p>If the passphrase length implies 150-bits of entropy (about 23
printable ASCII characters), with a format unknown to your
attacker, and has, say, 70-bits of real entropy in it...I think
that's pretty dang good. At over twenty characters it can't be raw
brute forced, someone needs to guess the internal format and then
brute force within that constraint. If they don't know the
structure of the passphrase they need to not only brute force
70-bits of entropy, they need to brute force all the different
ways you might have formatted those 70-something bits of entropy.
That sounds hard. How juicy a target <i>are</i> you?<br>
</p>
-kb<br>
</body>
</html>