

Show HN: Abbrase – password generation by abbreviated phrases - Scaevolus
https://github.com/rmmh/abbrase

======
brute
> "122079103" and "toldulbal" (tolerably dull ball) are equally hard to
> attack.

I believe this is only holds if the attacker has no further information on the
password generation procedure. In the generated passwords, vocals are almost
guaranteed to occur at least once in every triple. Also certain consonants
have a higher probability to occur together, due to contraints of the english
language. This should decrease entropy.

~~~
Scaevolus
It generates passwords by repeatedly picking a random 3-letter prefix from a
pool of 1024 ("tol dul bal"), then generating a phrase that would abbreviate
to that password ("tolerably dull ball"). This makes analyzing the effective
entropy easy.

1024 possibilities for each group of 3 characters is approximately equal to
1000 possibilities for each group of 3 numbers.

------
Scaevolus
WordPass doesn't really solve the 'easy to memorize' problem, since it injects
random numerals.
[https://news.ycombinator.com/item?id=7793469](https://news.ycombinator.com/item?id=7793469)

Abbrases require very little effort to remember, since phrases are very easily
imprinted.

------
atoponce
This seems like an overly complex Diceware. Not only do I have to remember the
phrase (Diceware), but I have to remember the first three letters of each word
in the phrase. Interesting, but cumbersome.

~~~
Scaevolus
Diceware passwords are jumbles of words. They are unlikely to resemble
sentence fragments, since they don't try to preserve grammatical links.

The hypothesis is that grammatically sensical groupings of words are easier to
memorize than jumbles of words.

------
woah
I usually look around me and pick 4-7 random objects, then take the first 3
letters of each. Is this secure?

~~~
Scaevolus
How many distinct objects are around you? It's a small pool, so there aren't
many prefixes available (maybe 100), so the entropy if an attacker guesses the
items around you wouldn't be very great.

