PLANLOFT — PLANLOFT Passphrase Help — Julian M.N. BourneHomeContents1. Overview2. Differences3. Guidance4. Strength5. Calculations6. Dictionary7. Security8. LegalsPLANLOFT Passphrase HelpJulian M.N. BournePLANLOFT2018-07-07last edited 2018-09-02(last edited 2018-09-02)
1. Overview §
PLANLOFT Passphrase <http://www.planloft.net/passphrase/index.xhtml>
helps to create passphrases using a scheme similar to
that suggested by this xkcd comic <https://xkcd.com/936/>.
§
The general idea is to build a passphrase from familiar,
random words and to create a mnemonic of some form to
help you recollect it.
§
2. Differences §
There are some small differences: that scheme is great
for a creative individual who is capable of thinking laterally,
but many of us aren't that great at picking truly random
ideas out of the ether. That scheme is not so great
if we end up creating weak passphrases like "car horn
goes beep", even if we don't mean to.
§
Other solutions from the same inspiration typically
generate an entire phrase, word by word, from an internal
shortlist of well known words. This has two deficiences:
well known words provide less entropy, and at the same
time might not appeal to the user, or be familiar to
them.
§
To compensate, PLANLOFT Passphrase takes away both the need
for the user to choose random words and the reliance on
familiarity with a specific dictionary. Instead, the user
is presented with random shortlists of words from
a dictionary and can select words that they want to
use.
§
3. Guidance §
As words are added to the chosen phrase, the page will
report what the phrase could be used for. Use this
strength guidance to build the passphrase only to the
level of entropy needed. More words just makes it harder
to remember, which usually leads to misuse.
§
By the way, its really important to only pick familiar words.
Looking up words that you don't know in a dictionary website
leaks information about your choices and makes it later harder
to remember accurately.
§
Avoid creating grammatical phrases that describe reasonable
ideas. Its also good to steer away from too many words
specific to your professional field, since that is
likely public knowledge. Nonsense is best.
§
4. Strength §
The strength is given in bits of entropy, which is
useful really only for those of us that work in
cryptography. So a more user-friendly assessment is
also provided in text.
§
In calculating the true entropy, we make the assumption
that the attacker knows the passphrase was constructed
with this tool. This is pessimistic, but quite
reasonable, given what an attacker may know about the
user.
§
The user-friendly assessment is also adjusted for the
date at time of use, since password cracking strategies
and resources about double in strength every year.
§
Note: The assessment is overly conservative for key
derivation purposes — we plan to refine it with
some time and research.
§
5. Calculations §
In practice, most users will find only a fraction
of the words in the dictionary familiar, so
the assessment algorithm uses the number of words that
have been presented, but not chosen, to help calculate
the truly available entropy of your result. The
ratio is used as a representative sample to determine what
portion of the dictionary the user finds familiar.
§
So for example, if you pick a word from a single
suggest list of 50 items out of the default
dictionary of about 210 thousand items, the word is
worth about 12 bits of entropy. But if you
needed a list of 500 to find a suitable word, that word is
worth only about 8 bits of entropy.
§
The dictionary can contain a lot of specialist words
and words that are no longer in common use, but the
algorithm above compensates for that adaptively, so long
as you choose words familiar to you.
§
6. Dictionary §
The default dictionary is assembled from files in the
/usr/share/dict/ directory in Unix-like systems.
The 'words' and 'american' files are joined together
to make a US English corpus, which is then filtered
for lower-case words of four or more 'a' to 'z'
characters.
§
We are working on a better solution <http://www.planloft.net/passphrase/../issues/issue-859.xhtml>
using more up-to-date source material, but this works
well for now and the security is not impacted either
way.
§
If you have other dictionaries or languages <http://www.planloft.net/passphrase/../issues/issue-860.xhtml> in
mind, we'd love to collaborate on alternatives, email
support@planloft.net <http://www.planloft.net/passphrase/mailto:support@planloft.net>.
§
7. Security §
The potential security of the resulting passphrase
hinges on three essential things: that the page source
is not intercepted and modified by a third party (both
code and dictionary); that the client being used is
not otherwise compromised; and that the client's random
number generated seed and pseudo-random number generator
algorithms are sufficient for the task.
§
No information is sent back to the origin server, and
no queries are made that could divulge the options
presented or choices made. In an ideal world, a user
would download the code, verify that it does what it
should, test it while monitoring browser network traffic,
and only then use it from a securely stored copy.
§
While most people won't do this, the page source is
simply arranged and documented quite clearly. It should
be easy to follow for people with a little knowledge
of javascript, and not too hard for other coders.
§
8. Legals §
The copyright notice near the beginning of the page source
details the warranty, use and re-use terms. That notice
takes precedence over anything written here.
§
To paraphrase the copyright notice: you can use this
as you like, though PLANLOFT provides no guarantee;
you can copy it and include it in other works so long
as you mention PLANLOFT.
§
©2018 PLANLOFT
registerPopups(new Array(), document.documentElement,
"span", "explanation");