Suggestions for passphrase generator

Each word is chosen at random using an SHA-256–based random number generator.

You’re making me a wee bit nervous here. Jeff and I went back and forth on this subject a while ago. It is not easy to pick at random, with equal probability, from a list of words whose length is not a power of two. However, I say a wee bit because the impact of any bias is unlikely to be substantial.

The entropy in the passphrases comes directly from the entropy of the random numbers used to select each word.

Yes, but one cannot calculate that without knowing the size of the word list. If words are being selected at random with equal probability from a list of 17,679 words, then the entropy per word is log₂(17,679), or about 14.1 bits, compared with 12.9 bits per word—log₂(7,776)—for the standard diceware word list. The Diceware word list yields slightly less entropy per word, but considerably more entropy per character given the average word lengths for the two lists. This confirms my belief that I would prefer the standard Diceware list (or perhaps the Diceware 8K list) to the 1P4/Win word list for passphrase generation.

@svondutch—

I like that Word list option!

My issue with the Separator settings remains. FYI, here is the full version of my Caps Slider request.

I also can't recall my reasons for picking 4 as the lower length limit for the list we constructed. I will have to rethink this.

Why need there be a lower length limit at all? Dr. Reinhold writes:

Because some words on the diceware list are two characters or less, you can get a very short passphrase. If your passphrase, including the spaces between the words, is less than 17 characters long, we recommend that you start over and create a new passphrase. You should also start over if your passphrase is a recognizable English sentence or phrase. (These situations are very rare.)

Programming the 1Password passphrase generator to comply with the second half of Dr. Reinhold’s advice would be no mean feat, but automatically “re-rolling” too-short passphrases so that the user never sees them ought to be easy. This tweak introduces a slight bias against the selection of short words, but slight bias seems to me to be preferable to massive bias, which is what a minimum length cut-off amounts to!

Here is another way to look at it. If you pre-determine the length of your word list, setting a minimum word length reduces the entropy per character, but has no effect on entropy per word. However, if you start out with a word list and then strip out all words of three or fewer letters, you are also reducing the entropy per word. How can that possibly be a good idea? Zyzzyva lists 994 three-letter words in the Words With Friends lexicon, and 1,015 three-letter words in the OWL2 lexicon used in North American Scrabble® tournaments. The Diceware list stretches this by including proper nouns (a Scrabble® no-no), familiar acronyms, and easy-to-remember non-words like bbb and bcd. The Diceware list also includes all 26 letters and all 676 two-letter combinations.

One "problem" for us with the original Diceware list is that it includes digits. For example, "456" is a Diceware word. I wanted to avoid those for considering iPhone and other similar keyboards.

The Diceware list actually includes symbols as well as digits. I agree that this is an issue. As I explain in my Caps Slider proposal, IMO digits and symbols should only be generated at user request (to satisfy password complexity requirements at finicky websites), and even then should only be appended to words (for the sake of iPhone-friendliness).

How about a dropdown that specifies the required strength. ie: the dropdown would have list items: Fantastic, Excellent, Good, Fair, Weak, Terrible.

Too long for a dropdown, but I really like Dr. Reinhold’s analysis of passphrase strength:

• Five words are breakable with a thousand or so PCs equipped with high-end graphics processors. (Criminal gangs with botnets of infected PCs can marshal such resources.)
• Six words may be breakable by an organization with a very large budget, such as a large country's security agency.

>

…

Another way to think about passphrase length is to consider what security precautions you take to physically protect your computer and data. Here is a list of possible passphrase lengths and commensurate security precautions. …

>

5 words

>

• You would be content to keep paper copies of the encrypted documents you are protecting in an ordinary desk or filing cabinet in an un-secured office.

…

>

7 words

>

• Your computer is protected from unauthorized access at all times when not in your personal possession by being locked in a room or cabinet in a building where access is controlled 24 hours a day or that is protected by a high quality alarm service.
• Routine cleaning and building maintenance people do not have physical access to your computer when you are not present.
• You regularly use an up-to-date anti-virus program purchased off the floor at a computer store.
• You have verified the signatures on your copy of PGP or your installed Hushmail 2 client.
• You never run unverified downloaded software, e-mail attachments or unsolicited disks received through the mail on your computer.