Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Wordentropy – Pseudo-grammatical passphrase generator (wordentropy.org)
30 points by _ondq on Nov 14, 2014 | hide | past | favorite | 24 comments

I like using phrase passwords like this, but unfortunately a lot of sites have massive lists of ridiculous rules which disallow these sorts of passwords, despite their apparent security.

Google currently gets it right, but a lot of IT departments I've encountered are absolutely adamant about things like "must contain 1 number, 1 symbol, 1 uppercase, 1 lowercase" etc, essentially enforcing a completely non-memorable string of 8 random characters.

If you know your passwords are strong without those requirements, you could always come up with a standard prefix that adds no security but serves only to satisfy those rules. For example, all your passwords could begin with "$A1a". Unfortunately, this doesn't help when you run into the truly bizarre (but fortunately rare) case of sites that disallow specific characters (e.g. '$', which I believe I discovered is disallowed on Seattle City Light's website).

This is yet another wonderful use case for password managers. Let them remember the weird symbol combo you needed to log in to all the shitty sites, and use your awesome wordsmith skills to craft a nonsense string of words for your master password.

Good point, though I've often found that even that doesn't help because of "no dictonary word" requirements. So a password like $A1aHackerNews would still fail because it contains dictionary words.

It's not super grammatical. I think the right way to do this is to invert a text compressor.

1) Take a state of the art text compressor like cmix (http://mattmahoney.net/dc/text.html#1243)

2) Compress a very large corpus of text with it.

3) Edit the compressed file, and add 16 random bytes to it.

4) Uncompress the text, and recover the part derived from the random bytes (for most compressors, the compression is sequential and it'll be at the end).

5) You now have a passphrase that sounds very natural and has 128 bits of entropy. It might be a short one with a rare word, or a longer one with more common words.

(P.S. I've tried to do it with cmix and got good results, though it didn't always work, so I suspect there is some redundant information in the compression to detect potential corruption).

As an example, these are 64 random bytes (521 bits) passed to the paq8hp12 compressor, using the text of "Tom Sayer" as context:


Most of the prisoners was almost to be resonated from the heads; I was, Tom, they no no alley to the old man's face. For some yellow the insert wing, and muscle and the reg'lar great world to his haunched.

Tom becamethen because it's a distance, I'll get any. The calm


It needs to have a stronger prior on grammatical rules, but overall making sensible sentences with a given amount of entropy is a good way to go about this.

You could alternatviely use my tech industry "Bullshit Generator 3.0" for this: http://bsgen30.com/

Every internet user has so many passwords that the age of trying to remember passwords is over. You pretty much either have to reuse passwords (dumb) or use a password manager. Given that any technically literate person will choose the latter option, grammatical passphrases provide no benefit over random characters.

Every so often, for instance when I am setting up my password manager on a new device I find myself reading the password from one device and typing it on the next. This would make that process much easier/saner. The password is effectively much easier to read in and type back.

What kind of off-brand password manager doesn't let you transfer your password database to a new device? You should only ever need to remember/type in the master password.

KeepassX. And I'd actually rather handle password-file sharing myself as I'm not super comfortable with everyone having access to my password-file even though it's encrypted. Also the fact that my main platforms are Linux and Android removes quite a lot of options as far as password managers go.

Do you mean that you store the password to your password manager in another password manager?

No, I don't. But I share my password-file over dropbox and my dropbox password is managed by my password manager.

So, sort-of, I guess.

What sort of attack is this assuming? Would a dictionary attack be more effective than the "centuries" estimate?

Hi, author here.

I'd be interested in hearing how to accurately estimate passphrase strength assuming the attacker has perfect knowledge (ie, that you used Wordentropy to generate your passphrase, approximate length, etc).

In reality, though, no attacker will have this. Your password hash will be brute forced along with thousands or millions of others, so I think it's accurate to look at the password as a semi-random bitstream. In that case length trumps all other characteristics when it comes to security.

It depends on the attacker. It is possible (though far less likely in the grand scheme) to be targeted as an individual. In that case, an attacker could use compromised data from weaker services to derive information about your other passwords.

This is one of the reasons I don't recommend patterns as with the one mentioned elsewhere in this thread. While something like "[category] [words] [name of service]" might aid memorization, the pattern will leak if a weakly-protected secret is compromised, allowing an attacker to approach more important secrets.

It's also much more costly because the attacker cannot rely on the birthday paradox anymore to reduce the cost per bit of entropy.

Also, it depends on how popular the scheme becomes, you never know! :-D

Here's a toy pseudo-random generator I threw together the other day in the course of doing something else:


How about this password scheme: [category] [words] [name of service] [optional: required characters]?


email correct horse battery staple gmail

social correct horse battery staple facebook

dumb correct horse battery staple imgur

bank correct horse battery staple stupid-bank-inc 0!A

I believe that would reduce the total number of word combinations. Building a string from a dictionary is easy, and by inferring the scheme from the service category and provider you automatically give 2 of N words to the attacker.

It was asked here: http://security.stackexchange.com/questions/72434/how-differ...

It's no more secure than using the password everywhere.

Don't you want to generate my SSH keys, while you're at it? ^^

I mean, I understand the idea but I would much rather a short script that I can run locally.

Edit: See answer below. Apparently this is possible. Sorry!

  > and/or thir reverified Erastatus
  > divers Clymenus unreconcilably iarovized

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact