
Xkcd Password Generator - jolux
http://preshing.com/20110811/xkcd-password-generator/
======
slavik81
I kind of feel like all these passwords schemes and discussions about password
strength fundamentally miss the point. Password reuse is the single greatest
threat that any user faces. Nobody's going to guess your gmail password, even
if its just six random lowercase letters. They're going to get it from a
database dump of a compromised site where you reused that password.

I have well over a hundred websites listed in my password manager. There is
not a chance that I could remember a unique password for every one of them, no
matter how easy they were.

~~~
k__
Wouldn't it be then enough to just simply use a unique scheme? I mean if noone
will guess your password and just use possible DB dumps, this would be more
than enough:

G#00gl3

A#m4z0n

F#4c3b00k

...

~~~
rakoo
If a human can see one of your passwords, it's extremely easy to crack the
other ones, no matter H0w m4ny tricks you try to use.

~~~
k__
I know, but the OP said DB dumps are the biggest problems, not the password
strength or if someone sees me typing it

~~~
slavik81
Even that ridiculously weak password scheme would _probably_ stay secure until
there were a few DB dumps. Then you'd be screwed for reusing the same password
scheme across multiple sites. That was sort of my point: reuse is the enemy.

------
ninjin
Neat, I have the following in my `.bashrc` to accomplish pretty much the same
thing. It should be noted that I do not use it for passwords (I have a
password safe for that), but I do use it for passphrases since I may have to
read them over the phone.

    
    
        secret () {
            # '\u' for `sed` is a GNU extension.
            shuf /usr/share/dict/words \
                | grep '^[A-Za-z]\+$' \
                | head -n 3 \
                | sed -e 's|\(.\)\(.*\)|\u\1\2|g' \
                | tr -d '\n' \
                | sed -e 's|$|\n|g'
        }
    
        > for _ in `seq 7`; do secret; done
        InterweaveMakariosEncrusting
        DisseminatingAgriculturalistCautioned
        EffectuatingCobblersEgos
        AccidentalKopeckRevolts
        RefDivansUndersigns
        SalesmanSubmitterFlak
        TempsIlluminedQuickening

~~~
StavrosK
Good luck reading "makarios" over the phone, though. You need a phonetically
distinct alphabet, like the NATO alphabet, and entropy is very low there.

~~~
ninjin
Your mileage may wary, but I have never had any issues reading them to the
human operators. Security questions are bad policy anyway and I assume that
they are less picky when hearing "SiloRepossessedTapir" compared to
"SiloRepossessTapir", than for "Mary" to "Maria".

~~~
StavrosK
Wouldn't such a misheard phrase make the password you've set not match?

------
archagon
Ever since reading that xkcd comic and learning about diceware, I've really
wanted to create a password generator that could spin out complete diceware
sentences of arbitrary length. (Markov chains?) Mnemonics of various kinds
could be taken into consideration: rhymes, onomatopoeia, etc. Instead of a
4-word nonsense passphrase, you'd get something like "the red rancid raccoon
bit into the butter bucket biscuit" — easy to remember _and_ secure.
Unfortunately, I'm not too familiar with this subset of programming.

(Limiting the word pool of each slot due to mnemonics would complicate the
entropy calculation, but it should still be fairly straightforward.)

------
brianclements
The most important thing I realized when it comes to passwords was the
classification into 2 types: strong passwords (keys, local login, local
encryption, master passwords for password managers) which is best generated
using the Xkcd method, and then the less obvious _disposable_ passwords (all
non-local usage, i.e. websites and other temporary need). For the later, I use
SuperGenPass[1]. It ensures that 1) my passwords are not reused across sites
and 2) they are strong without the need to remember them directly. Because SGP
uses hashes, it is very easy to add counters to existing passwords/secret
phrases and create a brand new password without much mental effort. I've
outlined such a procedure in the issues[2]. Using counters in the "secret"
field, I will probably never ever need to change my master passphrase.

I won't deny though that for mobile use, it's a bit cumbersome. The Android
app is fine and free[3], and iOS app is a buck[4]. And overall it's a pain if
you must login to sites frequently (ideally, using a native app reduces this
greatly, login once until you manually logout).

It's also pretty confusing for non-technical people to get behind. I actually
sent out an entire email blast to friends and family giving them my best
attempt at an explanation, argument, and tutorial of how to use it. I don't
think anyone did it.

So while the interface is kind of clumsy, the strategy is solid and I love
knowing that I can use it.

[1]: [http://www.supergenpass.com](http://www.supergenpass.com)

[2]:
[https://github.com/chriszarate/supergenpass/issues/40#issuec...](https://github.com/chriszarate/supergenpass/issues/40#issuecomment-61357038)

[3]:
[https://play.google.com/store/apps/details?id=info.staticfre...](https://play.google.com/store/apps/details?id=info.staticfree.SuperGenPass&hl=en)

[4]:
[https://itunes.apple.com/us/app/supergenpass/id451606360?mt=...](https://itunes.apple.com/us/app/supergenpass/id451606360?mt=8)

------
trhway
instead of remembering passwords i remember only one function i've been using
for many years which takes the name of the site as an argument and returns the
password as the result.

------
qrmn
I just use Diceware: [https://qrmn.uk/dwr/](https://qrmn.uk/dwr/)

(With thanks to Alyssa Rowan for the CSPRNG design. Public domain - feel free
to copy it.)

For really important stuff, actual dice just to make sure.

------
hliyan
Two years ago I wrote about why this type of password is no longer safe:
[https://medium.com/@hnlean/imp3n3tr-ble5832-not-an-
impenetra...](https://medium.com/@hnlean/imp3n3tr-ble5832-not-an-impenetrable-
password-anymore-db9f4fbff1ba)

(See step #6 in the list of steps in the article)

I'm sure the situation has only got worse since then.

~~~
orless
> But you’re forgetting the massive GPU array. The hacker runs a program that
> generates random combinations of two, three or four dictionary words and
> tries it against your password hash. It’s going to take a while because the
> number of such combinations are very large, but it’s not impossible.

The xkcd comic suggests a combination of four from a very modest 2000 (2^11)
common words resulting in ca. 2^44 combinations to check. It also assumes 100
guesses/sec which result in over 500 years to break. That's precise math and a
somewhat reasonable assumption.

You counter this with an argument like "the number of such combinations are
very large, but it’s not impossible". You give no new numbers, no counter-
assumptions, you don't argue that 100 guesses per second is too slow, you just
state this.

So in this form your argument is ungrounded.

~~~
StavrosK
100 guesses/sec _is_ really slow, though, when a desktop pc can do billions of
SHA hashes a second.

