PLANLOFT — PLANLOFT Passphrase Help — Julian M.N. BourneHomeContents1. Overview2. Differences3. Guidance4. Strength5. Calculations6. Dictionary7. Security8. LegalsPLANLOFT Passphrase HelpJulian M.N. BournePLANLOFT2018-07-07last edited 2018-09-02(last edited 2018-09-02) 1. Overview § PLANLOFT Passphrase <> helps to create passphrases using a scheme similar to that suggested by this xkcd comic <>. § The general idea is to build a passphrase from familiar, random words and to create a mnemonic of some form to help you recollect it. § 2. Differences § There are some small differences: that scheme is great for a creative individual who is capable of thinking laterally, but many of us aren't that great at picking truly random ideas out of the ether. That scheme is not so great if we end up creating weak passphrases like "car horn goes beep", even if we don't mean to. § Other solutions from the same inspiration typically generate an entire phrase, word by word, from an internal shortlist of well known words. This has two deficiences: well known words provide less entropy, and at the same time might not appeal to the user, or be familiar to them. § To compensate, PLANLOFT Passphrase takes away both the need for the user to choose random words and the reliance on familiarity with a specific dictionary. Instead, the user is presented with random shortlists of words from a dictionary and can select words that they want to use. § 3. Guidance § As words are added to the chosen phrase, the page will report what the phrase could be used for. Use this strength guidance to build the passphrase only to the level of entropy needed. More words just makes it harder to remember, which usually leads to misuse. § By the way, its really important to only pick familiar words. Looking up words that you don't know in a dictionary website leaks information about your choices and makes it later harder to remember accurately. § Avoid creating grammatical phrases that describe reasonable ideas. Its also good to steer away from too many words specific to your professional field, since that is likely public knowledge. Nonsense is best. § 4. Strength § The strength is given in bits of entropy, which is useful really only for those of us that work in cryptography. So a more user-friendly assessment is also provided in text. § In calculating the true entropy, we make the assumption that the attacker knows the passphrase was constructed with this tool. This is pessimistic, but quite reasonable, given what an attacker may know about the user. § The user-friendly assessment is also adjusted for the date at time of use, since password cracking strategies and resources about double in strength every year. § Note: The assessment is overly conservative for key derivation purposes — we plan to refine it with some time and research. § 5. Calculations § In practice, most users will find only a fraction of the words in the dictionary familiar, so the assessment algorithm uses the number of words that have been presented, but not chosen, to help calculate the truly available entropy of your result. The ratio is used as a representative sample to determine what portion of the dictionary the user finds familiar. § So for example, if you pick a word from a single suggest list of 50 items out of the default dictionary of about 210 thousand items, the word is worth about 12 bits of entropy. But if you needed a list of 500 to find a suitable word, that word is worth only about 8 bits of entropy. § The dictionary can contain a lot of specialist words and words that are no longer in common use, but the algorithm above compensates for that adaptively, so long as you choose words familiar to you. § 6. Dictionary § The default dictionary is assembled from files in the /usr/share/dict/ directory in Unix-like systems. The 'words' and 'american' files are joined together to make a US English corpus, which is then filtered for lower-case words of four or more 'a' to 'z' characters. § We are working on a better solution <> using more up-to-date source material, but this works well for now and the security is not impacted either way. § If you have other dictionaries or languages <> in mind, we'd love to collaborate on alternatives, email <>. § 7. Security § The potential security of the resulting passphrase hinges on three essential things: that the page source is not intercepted and modified by a third party (both code and dictionary); that the client being used is not otherwise compromised; and that the client's random number generated seed and pseudo-random number generator algorithms are sufficient for the task. § No information is sent back to the origin server, and no queries are made that could divulge the options presented or choices made. In an ideal world, a user would download the code, verify that it does what it should, test it while monitoring browser network traffic, and only then use it from a securely stored copy. § While most people won't do this, the page source is simply arranged and documented quite clearly. It should be easy to follow for people with a little knowledge of javascript, and not too hard for other coders. § 8. Legals § The copyright notice near the beginning of the page source details the warranty, use and re-use terms. That notice takes precedence over anything written here. § To paraphrase the copyright notice: you can use this as you like, though PLANLOFT provides no guarantee; you can copy it and include it in other works so long as you mention PLANLOFT. § ©2018 PLANLOFT registerPopups(new Array(), document.documentElement, "span", "explanation");