Passphrase Generation Tools

If you want to create random passphrases based on certain wordlists, a tool that generates these passphrases should be used rather than generating them yourself. Here comes an introduction to four different methods of creating such random passphrases.

Stand-Alone Tool: PWGen

A straightforward method of creating random passphrases is the usage of a program that concatenates randomly chosen words. Such a program is PWGen. It ships with a “default” dictionary but can be loaded with any wordlist available. And, according to its project homepage, it “uses a random pool technique to generate random data based on user inputs (keystrokes, mouse handling) and volatile system parameters”. To generate a passphrase, the “Include words” checkmark must be checked and a click at “Generate” directly displays the passphrase:

PWGen1-default

For example, I got the following passphrases out of PWGen:

Since the built-in wordlist of PWGen only contains about 8k words, other wordlists should be used to obtain passphrases with greater entropies. Wordlists are public on the Internet, e.g., the ones at Openwall. I downloaded the German wordlist which has about 90k words. (Note that when opening such files in the Windows editor, no newlines will be shown. I am using Notepad++ for all text files which shows them correctly.) After loading the wordlist into PWGen, it generates the passphrases appropriate to the wordlist:

PWGen2-German

That is, German passphrases might look like this (quite long words… ;)):

 

KeePass Plugin: Readable Passphrase Generator

Another way of generating passphrases might be the Readable Passphrase Generator plugin for Keepass which generates readable passphrases. Note that this method decreases the passphrase entropy since the concatenated words are no longer chosen independently from each other! However, if a passphrase contains more than 4 words it is still very complex and secure and, of course, much easier to remember for human beings. The plugin offers several variations in how to generate the passphrase. (Refer to the Counting Combinations section on the project homepage.)

To install the plugin, the *.plgx file must be copied into the KeePass root directory. After opening KeePass, the “Generate Password” area under “Tools” refers to the custom algorithm:

KeePass-ReadablePassphraseGenerator1-CustomAlgorithm

The settings pane provides several options for the grammar the passphrase generator should use. Furthermore, own grammar rules can be coded to fine-tune the generation algorithm:

KeePass-ReadablePassphraseGenerator2-Settings

Finally, when clicking at the “Preview” window, the plugin generates a few passphrases which are shown directly. Even though it might be enticing to choose a passphrase that “looks good” it would decrease the entropy of the passphrase, too, since humans tend to choose an easy passphrase rather than a complicated one. That is: You should always use the first one!

Here are a few examples of these readable passphrases:

 

Manual Method: Diceware

Another way to generate a passphrase is to use Diceware, i.e., take a few dice, play with them, notate the results and lookup the words for your passphrase in one of the diceware wordlists. The only thing to know is that the order of the dice should be always the same, e.g., from left to right. Well, that’s it. Quite simply. And anyone can be sure that the generation process was really random and not based on unknown computer algorithms. For those that are interested in math: Since there are 6^{6} = 46656 possibilities per word of a passphrase, a 5-worded passphrase would have an entropy of 46656^{5} = 2.21*10^{23} = 2^{77}, that is, 77 bits.

I rolled the dice a few times and got the following german passphrase. The third line shows the words with the correct grammar for upper and lower letters in german:

 

Online: Pass Phrase Generator

The easiest way to get some passphrases is the Pass Phrase Generator which generates them online. A simply click at “Generate” and you’re done. However, according to the introduction on the website, a random seed should be used to trigger the generation algorithm. That is: the tool only “translates” the seed to the random words with a wordlist of 27k. It is therefore deterministic if the same seed is used. For example, I used the first lorem ipsum sentence as a seed (“Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.”) and got the following passphrases:

For a truly random seed, a random password generator could be used (what is of course pointless because an offline passphrase generator could be used directly). However, if an uncomplicated method for the generation of a passphrase is needed, this online tool is quite fast to use.

Conclusion

There are quite a few ways to generate random passphrases. Though all methods are a little bit different they are all easy to use. Therefore the reader can decide himself which tool is most appropriate.

If someone is interested in the entropy that passphrases can hold, especially when compared to passwords, I recommend my blog post about password strength.

Leave a Reply

Your email address will not be published. Required fields are marked *