Generate Memorizable Passphrases That Even the NSA Can't Guess

HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

Still not allowed by many places.

[timrod]

Many websites, especially those designed to be more secure (banking, education, employment) still require passwords in a certain form (usually requiring some combination of caps, numbers, and special characters) and don't allow passwords like these.

Re:Wait a sec

[hatemonger]

Exactly the opposite: "Encryption works" was one of the key points made by Edward Snowden. The NSA found it much easier to just bypass encryption. There are some instances where we suspect the NSA has had a hand weakening or backdooring some algorithms (like recommending odd seed values for elliptic curve cryptography) but nothing definitive.

Re:Memorizing site-unique passwords isn't possible

[mlts]

I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.

For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.

If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.

6 sided dice?

[31eq]

makepassphrase()
{
# Requires GNU sort
grep -vF "'s" /usr/share/dict/words |
sort -R --random-source=/dev/urandom | head -${1-5} |
while read word
do
printf "%s " "$word"
done
echo
}

Re:Memorizing site-unique passwords isn't possible

[TWX]

I stopped using Groklaw back in the day because they started requiring excessively complex passwords. They seemed to feel that their forums were rather important, when in fact the only really important part was what people could read, not what they would post.

I'm sure that most of us would be upset if our accounts on various forums or bulletin board systems were compromised, but it wouldn't be life-altering for the vast majority of us. Social Media that's designed to avoid anonymity like Facebook would be worse but still ultimately doesn't affect one's bottom-line, but things like banks and e-mail services where everyon's stuff ultimately consoldiates are much more important.

I wish that we could trust central ID systems, where we could create an account on a forum site with a unique user ID and then link that user ID to a central authentication database so that our central credentials give us acces via that unique user ID, but I just don't trust the authentication databases. I'm already leery enough of Active Directory that I don't use work passwords anywhere else to begin with, but companies providing such a service don't necessarily know what they're doing, and they're probably too willin to hand over information for what sites people would need authentication to as well.