Chad Wilson

Passphrase Generator


Recently, I finished doing some touch-up work on a passphrase generating program that I had written for personal use and decided to upload it to GitHub so other people can use it if they want.

Why Use a Passphrase?

In general, if a password is longer then it is more secure. It will take more time to be compromised by a malicious party, whether that's by simply brute forcing the characters, performing a dictionary attack, or some third arbitrary attack type that I don't care enough to list. This is why many websites and such require certain length requirements for your password when creating an account.

The main advantage of a passphrase, after the security-through-length, is that they are easy to remember. After practicing just a few times, most people can memorize a short combination of 4-6 words better than they can memorize a random series of letters, numbers, and symbols. As an added bonus, the words in a passphrase can combine to a phrase or short sentence, which makes them even easier to remember.

The following are examples of passphrases:


As you can see, all of these above examples are easier to remember and just as secure as "Pny88ykXP@HXy$DR"

What does it do?

It generates passphrases. When run, it loads two word lists-- one for adjectives, and one for nouns -- from the directory that the program is run in. Users can specify a few options to their liking, such as supply custom word lists with the "a" and "n" options or telling the program to generate a certain length passphrase ("m" for minimum length and "M" for maximum length). They can also give it the "x" option to generate "x" number of passphrase, which is super handy when you just want some ideas for passphrases. The default word lists are rather comprehensive, being something like 55,000 nouns and 20-something,000 adjectives. The passphrases that it generates are in the form "Adjective+Adjective+Noun".


The passphrase generation was initially written to spit out a good passphrase or two that the user could just copy it directly into whatever box they needed to when they need a new password. As it stands, you certainly *can* do that, but the passphrases aren't generally in a format that I would like. Rather than spending countless hours trimming down or rewriting the word lists, I found it easy enough to just have it create enough passphrase to help me think of ideas for one (after all, it is a computer program that we shouldn't totally rely on for something important). For example, even if you don't like a passphrase that it generates, its easy enough to generate 10 and pick and choose words from that longer list and make something that you like or would remember.

Future Work

Soon, I plan to add an option to convert the characters it produces into "l33tspeak", which would provide extra entropy for the password by increasing the set of possible characters. There would probably be two options-- the first would be to enable l33tspeak, and the second would be the chance a character could change (for example, 50 means a capital "O" has a 50% chance to change to 0). This feature isn't terribly pressing to add, though, because if somebody wants to change some characters they'd just as easily do it themselves without the computer knowing.

by Chad Wilson