Jump to content

Passphrase Generator


Recommended Posts

Generate random passphrases. Find the workflow on Packal.

 

There is only one keyword: "passphrase"; you have the option of providing two arguments: the number of words and the max number of characters. The generator will extend the phrase as close to the character limit, but it will break only on word boundaries. If the arguments are bad, or if you do not provide any arguments, then the passphrase will default to four words with a maximum of 30 characters.

So, to create a five word passphrase within 25 characters, just type

passphrase 5 25

You'll get a discreet notification of the passphrase, and it will be automatically copied to the clipboard.

 

This workflow came about based on a question asked on the forums, and Ctwise wrote an initial Ruby script there. I've just modified it to accept arguments and have the max character length.

If you want to use your own wordlist, then look in the workflow folder for the file "passphrase_wordlist"

View on on Packal.

 

Link to post
  • 8 months later...
  • 1 year later...

FYI, 6 words is the minimum length you should use for a decently secure password.

 

On a modern password-cracking box, the default length of 4 words can be cracked in under 3 minutes on average. 5 words is about 4.5 days. 6 words should hold out for 26 years.

 

These numbers are based on an attacker using the exact same word list, which is not the likeliest scenario, but it's a fair bet that any dictionary-based attack will include all of these words.

 

For anyone interested in the maths, you get log2(N) bits of entropy per word, where N is the number of words in the list. That's ~11 bits per word in this case. The average number of guesses needed to find the right password is 2n-1 where n is the total entropy in bits. The times assume 45bn guesses/second, which is what a modern dedicated password-cracking box (made of off-the-shelf parts) can do.

Edited by deanishe
Link to post

I just updated it on Packal to have a default of six words and a max chars count of 60 (which made the six words come out more consistently).

 

I thought about using SecureRandom instead of rand, but since it's just picking random words, it seemed to be overkill.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...