"Words" password generator - how big is the wordlist?

feat_ford
feat_ford
Community Member

I can't seem to find any documentation on what word list (or more importantly, how large the list is) that 1Password uses when generating passwords in "Words" mode. Can anyone shed any light? (The size of the source word list has a significant impact on how resistant the passphrase is to cracking, and thus how many words you should choose when using "words" mode.)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @feat_ford - no need to trust me, you can grab the list itself from within the 1Password for Mac application bundle. It's just a text file, located at Contents/Frameworks/AgileLibrary.framework/Resources.

    To access it, right-click (or control-click, depending on your mouse) the 1Password 7 for Mac app in your Applications folder, then click "Show Package Contents." Follow the file path to the directory above. The file you want is AgileWords.txt. I think it's around 18,000 and something, at last count, but feel free to count 'em yourself and ask any questions. Fun (if mostly irrelevant) fact: we actually very very slightly reduced the entropy of the list by removing just a few words that randomness would have indicated we leave in. But we had to balance that against complaints such as "my grandmother generated a passphrase that included 'sodomy' in it." Just a tiny peek behind our curtain. ;)

  • @feat_ford,

    wc -l /Applications/1Password\ 7.app/Contents/Frameworks/AgileLibrary.framework/Resources/AgileWords.txt in Terminal.app will get you a count.

    for my install there are 18324 words.
    18324 /Applications/1Password 7.app/Contents/Frameworks/AgileLibrary.framework/Resources/AgileWords.txt

  • feat_ford
    feat_ford
    Community Member

    Thanks everyone. @Lars makes sense why you might want to curate the list of words. I'm not sure I follow you on "reducing entropy by removing words that randomness would have indicated we leave in". It's not about the randomness of the source list itself, it's about the randomness of the selection process from that list. As long as a good source of randomness is used in selecting words from the list, it really doesn't matter which words are on the list, as long as it's a big list. (The bigger, the better).

  • Right; the point is that we have reduced the size of the list which is bad for entropy but perhaps good for other reasons. :)

    Ben

  • Lars
    Lars
    1Password Alumni

    Exactly. That would be why I prepended my remark with "mostly irrelevant" and made sure to point out "very very slightly reduced the entropy" -- because it was only by a tiny handful of words, and in a sample size that large, it makes a negligible difference.

This discussion has been closed.