Jump to content

Passphrase Generator

Recommended Posts

Generate random passphrases. Find the workflow on Packal.


There is only one keyword: "passphrase"; you have the option of providing two arguments: the number of words and the max number of characters. The generator will extend the phrase as close to the character limit, but it will break only on word boundaries. If the arguments are bad, or if you do not provide any arguments, then the passphrase will default to four words with a maximum of 30 characters.

So, to create a five word passphrase within 25 characters, just type

passphrase 5 25

You'll get a discreet notification of the passphrase, and it will be automatically copied to the clipboard.


This workflow came about based on a question asked on the forums, and Ctwise wrote an initial Ruby script there. I've just modified it to accept arguments and have the max character length.

If you want to use your own wordlist, then look in the workflow folder for the file "passphrase_wordlist"

View on on Packal.


Share this post

Link to post

The maximum character property isn't working. The workflow has generated a password 33 characters long when no arguments were provided (should have max 30). 



Share this post

Link to post

FYI, 6 words is the minimum length you should use for a decently secure password.


On a modern password-cracking box, the default length of 4 words can be cracked in under 3 minutes on average. 5 words is about 4.5 days. 6 words should hold out for 26 years.


These numbers are based on an attacker using the exact same word list, which is not the likeliest scenario, but it's a fair bet that any dictionary-based attack will include all of these words.


For anyone interested in the maths, you get log2(N) bits of entropy per word, where N is the number of words in the list. That's ~11 bits per word in this case. The average number of guesses needed to find the right password is 2n-1 where n is the total entropy in bits. The times assume 45bn guesses/second, which is what a modern dedicated password-cracking box (made of off-the-shelf parts) can do.

Edited by deanishe

Share this post

Link to post

I just updated it on Packal to have a default of six words and a max chars count of 60 (which made the six words come out more consistently).


I thought about using SecureRandom instead of rand, but since it's just picking random words, it seemed to be overkill.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...