
Show HN: Wordentropy – Pseudo-grammatical passphrase generator - bkeroack
https://www.wordentropy.org
======
FreakyT
I like using phrase passwords like this, but unfortunately a lot of sites have
massive lists of ridiculous rules which disallow these sorts of passwords,
despite their apparent security.

Google currently gets it right, but a lot of IT departments I've encountered
are absolutely adamant about things like "must contain 1 number, 1 symbol, 1
uppercase, 1 lowercase" etc, essentially enforcing a completely non-memorable
string of 8 random characters.

~~~
ntucker
If you know your passwords are strong without those requirements, you could
always come up with a standard prefix that adds no security but serves only to
satisfy those rules. For example, all your passwords could begin with "$A1a".
Unfortunately, this doesn't help when you run into the truly bizarre (but
fortunately rare) case of sites that disallow specific characters (e.g. '$',
which I believe I discovered is disallowed on Seattle City Light's website).

~~~
akerl_
This is yet another wonderful use case for password managers. Let them
remember the weird symbol combo you needed to log in to all the shitty sites,
and use your awesome wordsmith skills to craft a nonsense string of words for
your master password.

------
murbard2
It's not super grammatical. I think the right way to do this is to invert a
text compressor.

1) Take a state of the art text compressor like cmix
([http://mattmahoney.net/dc/text.html#1243](http://mattmahoney.net/dc/text.html#1243))

2) Compress a very large corpus of text with it.

3) Edit the compressed file, and add 16 random bytes to it.

4) Uncompress the text, and recover the part derived from the random bytes
(for most compressors, the compression is sequential and it'll be at the end).

5) You now have a passphrase that sounds very natural and has 128 bits of
entropy. It might be a short one with a rare word, or a longer one with more
common words.

(P.S. I've tried to do it with cmix and got good results, though it didn't
always work, so I suspect there is some redundant information in the
compression to detect potential corruption).

~~~
murbard2
As an example, these are 64 random bytes (521 bits) passed to the paq8hp12
compressor, using the text of "Tom Sayer" as context:

\----

Most of the prisoners was almost to be resonated from the heads; I was, Tom,
they no no alley to the old man's face. For some yellow the insert wing, and
muscle and the reg'lar great world to his haunched.

Tom becamethen because it's a distance, I'll get any. The calm

\----

It needs to have a stronger prior on grammatical rules, but overall making
sensible sentences with a given amount of entropy is a good way to go about
this.

------
compay
You could alternatviely use my tech industry "Bullshit Generator 3.0" for
this: [http://bsgen30.com/](http://bsgen30.com/)

------
psychometry
Every internet user has so many passwords that the age of trying to remember
passwords is over. You pretty much either have to reuse passwords (dumb) or
use a password manager. Given that any technically literate person will choose
the latter option, grammatical passphrases provide no benefit over random
characters.

~~~
TBastiani
Every so often, for instance when I am setting up my password manager on a new
device I find myself reading the password from one device and typing it on the
next. This would make _that_ process much easier/saner. The password is
effectively much easier to read in and type back.

~~~
psychometry
What kind of off-brand password manager doesn't let you transfer your password
database to a new device? You should only ever need to remember/type in the
master password.

~~~
TBastiani
KeepassX. And I'd actually rather handle password-file sharing myself as I'm
not super comfortable with everyone having access to my password-file even
though it's encrypted. Also the fact that my main platforms are Linux and
Android removes quite a lot of options as far as password managers go.

------
rquantz
What sort of attack is this assuming? Would a dictionary attack be more
effective than the "centuries" estimate?

~~~
bkeroack
Hi, author here.

I'd be interested in hearing how to accurately estimate passphrase strength
assuming the attacker has perfect knowledge (ie, that you used Wordentropy to
generate your passphrase, approximate length, etc).

In reality, though, no attacker will have this. Your password hash will be
brute forced along with thousands or millions of others, so I think it's
accurate to look at the password as a semi-random bitstream. In that case
length trumps all other characteristics when it comes to security.

~~~
akerl_
It depends on the attacker. It is possible (though far less likely in the
grand scheme) to be targeted as an individual. In that case, an attacker could
use compromised data from weaker services to derive information about your
other passwords.

This is one of the reasons I don't recommend patterns as with the one
mentioned elsewhere in this thread. While something like "[category] [words]
[name of service]" might aid memorization, the pattern will leak if a weakly-
protected secret is compromised, allowing an attacker to approach more
important secrets.

~~~
TBastiani
It's also much more costly because the attacker cannot rely on the birthday
paradox anymore to reduce the cost per bit of entropy.

Also, it depends on how popular the scheme becomes, you never know! :-D

------
exratione
Here's a toy pseudo-random generator I threw together the other day in the
course of doing something else:

[https://www.exratione.com/2014/10/four-word-phrase-
pseudoran...](https://www.exratione.com/2014/10/four-word-phrase-pseudorandom-
generation-of-word-lists-from-a-dictionary/)

------
simi_
How about this password scheme: [category] [words] [name of service]
[optional: required characters]?

Examples:

email correct horse battery staple gmail

social correct horse battery staple facebook

dumb correct horse battery staple imgur

bank correct horse battery staple stupid-bank-inc 0!A

~~~
trebor
I believe that would reduce the total number of word combinations. Building a
string from a dictionary is easy, and by inferring the scheme from the service
category and provider you automatically give 2 of N words to the attacker.

------
TBastiani
Don't you want to generate my SSH keys, while you're at it? ^^

I mean, I understand the idea but I would much rather a short script that I
can run locally.

Edit: See answer below. Apparently this is possible. Sorry!

~~~
akerl_
[https://github.com/bkeroack/wordentropy2](https://github.com/bkeroack/wordentropy2)

------
ColinWright

      > and/or thir reverified Erastatus
      > divers Clymenus unreconcilably iarovized
    

Hmm.

