Or alternatively, if the scheme is fine given a sufficient number of words,
why don't you simply provide a calculation for what that number of words
actually is? I think this would be much more constructive than just saying
multiple times that what was provided doesn't work. At the same time, it
would be worth comparing that to a string of characters (which is what you
appear to be advocating), particularly looking at how long the string of
characters needs to be to match the string of words.
I can do that. Knowing the way the password was generated and assuming the
random number generation is not vulnerable, the password with n American
words is as strong as the password with 2.7 x n 64-base characters (the exact
coefficient is log(62155)/log(64)).
What number n is sufficiently large? It depends the cracker (the computing
power at her disposal, the time she is willing to spend, the electricity bill
she is willing to pay). Let us take an extreme case to be safe: the NSA
trying to crack Laura Poitras' passwords. Edward Snowden, who better knows
NSA's capabilities than us, advised Laura:
Assume your adversary is capable of one trillion guesses per second.
https://www.wired.com/2014/10/snowdens-first-emails-to-poitras/
With n = 4, the NSA would need to keep that guessing rate during 86 days in
average (86 days being half of the time to enumerate all passwords that can
be generated). I doubt the NSA considers many people are worth such a
computing effort. For most people, the NSA probably has faster ways to get
the information, though threats for instance. But Laura Poitras may be worth
it. With n = 5, the NSA would need 6118 years in average. Starting today.
Actually, to finish earlier, the NSA had better wait a few years (decades?),
to get greater computing power, than start now.
Let us take both cases:
n = 4 and 2.7 x 4 = 11:
$ words=4; dic=/usr/share/hunspell/en_US.dic; max=$(wc -l < $dic); for i in
$(seq $words); do r=$(od -A n -N 4 -t u4 /dev/random); cut -d / -f 1 $dic |
sed -n $(expr $r % $max + 1)p; done | tr '\n' ' '
ingoing jar Emmet nemeses
$ head -c 8 /dev/urandom | base64 | head -c 11 && echo
b+B59UXulCA
n = 5 and 2.7 x 5 = 13:
$ words=5; dic=/usr/share/hunspell/en_US.dic; max=$(wc -l < $dic); for i in
$(seq $words); do r=$(od -A n -N 4 -t u4 /dev/random); cut -d / -f 1 $dic |
sed -n $(expr $r % $max + 1)p; done | tr '\n' ' '
stimuli poet parasite Caresa tinfoil
$ head -c 9 /dev/urandom | base64 | head -c 13 && echo
sI2L5LOkCPkoJ
(NB: the 11-character password actually is a little stronger than the
four-word password; the 13-character password is a little weaker than the
five-word password: I have to round...)
Now the subjective question: do you prefer to use (in particular remember and
type) "ingoing jar Emmet nemeses" or "b+B59UXulCA"? "stimuli poet parasite
Caresa tinfoil" or "sI2L5LOkCPkoJ"? To answer the question, you can refer to
the mnemonic marioxcc described (making up the first sentence to remember
"b+B5", etc.).