Last week I explained how Diceware passphrases work, and why they come with a built-in weakness. The weakness is that it takes a lot of words to build a secure passphrase. I decided to try to come up with a better solution.
The goal is to get a password that is easy to memorize but difficult to guess. Diceware has the right idea by using a passphrase, but because there are only so many combinations you must remember a lot of words in one passphrase. There are 7,776 Diceware words, so a brute force attacker knowing that you used Diceware will only try those words. In order to keep the true randomness of Diceware but increase the word count I turned to a source readily available to everyone: books!
Introducing Bookware passphrases
Approach a large bookshelf with as many books of different types as possible. Close your eyes and select a book, then open the book and put your finger on the page. Now open your eyes and look at the word you are pointing to. Do this 5 times with 5 different books to get a 5 word random passphrase. “doubt argument another new dance” is the phrase I got with this method. When I landed between two words I always chose the larger. Note that ‘argument’ and ‘another’ are not on the diceware list. Let’s try to analyze this method to see if it is better than Diceware.
How many words are there?
It is very difficult to decide how many different possible words you could reasonably expect to get from this method. There are about 1 million words in the English language. However, a large subset of these words are so uncommon they don’t typically make it into a dictionary. So let’s start from the Oxford English Dictionary’s count of 171,476. This is still a huge number which will give us a fantastic password.
If you stop right here and use the dictionary by itself you could build a password with an entropy of 17.38 bits per word. Notice that the dictionary with 171,476 words only has 4.4 bits of entropy more than Diceware with just 7,776 words. This is because entropy is exponential. Every bit of entropy means you password is twice as hard to guess.
The dictionary is great, but it is full of words that will not be very memorable. Therefore, we should focus on words that can be easily remembered. The Simple English Wiktionary has just 24,358 words. If we use only these words then our entropy is 14.57 bits. We still have over 3 times more words than Diceware. We will use this number for our calculations, although you might open a book and stumble upon a new word, a character’s name, or the name of a place.
Better than Diceware?
I would argue that this method is better than Diceware. It retains all of the randomness but allows you to use just 5 words to get 72.85 bits of entropy. That will take 269 years to guess at 1 trillion guesses per second. It is still completely random. And as a bonus, it doesn’t require you to have dice on hand!
Improving from here
Let’s build on this model with some practices that can make your Bookware passphrase a lot more secure. In fact, let’s make it so secure that we can get away with using just 4 words. As usual the goal is to get a password that is easy to remember but hard to guess.
Buy more books
First we should look at your books. If you don’t have that many books to choose from then you should go to the bookstore or library and choose a password there. Always consider what an attacker might be able to do. Assume it might be someone you know, who could take a picture of your bookshelf. From there, they could decide the frequency of word usage in the books you own and make much more efficient guesses (I don’t know of any way to determine the frequency of word usage in books but it seems like something that Google might do any day now). Just remember to use a big set of books in a big range of subjects. As a bonus, try taking one of your words from a book like Finnegans Wake.
Use bad spelling
To increase security let’s pick one of your words and misspell it. There are two rules here: First, make sure your spelling “mistake” is totally unreasonable, because a database of words can easily include common misspellings. Second, make sure your misspelling doesn’t produce a real word. Using my example passphrase above we might change “doubt” to “aoubt”. Note that it follows both rules.
Capitalize
Capitalization is a great way to add complexity to your passphrase, and it isn’t that hard to remember. When selecting a password always strive to do the unexpected. You can choose a pattern of capitalization, or just choose one letter or one whole word to capitalize. In my example password which is now “aoubtargumentanothernewdance” I could change it to “aoubTargumentanothernewdance”, “aoubtargumentANOTHERnewdance”, or “aOubtaRgumentaNothernEwdAnce”. The possibilities are endless so be creative. Just don’t forget the two goals of a good password: easy to remember but hard to guess.
Add some spice
Let’s add in some random numbers, letters, or symbols. Don’t add them to the end. Put them somewhere unexpected. For this password I will add them right in the middle of the second word which gives me “aoubtargu5:mentANOTHERnewdance”. The point here is to force a potential attacker to try numbers and symbols everywhere, making the dictionary attack less effective.
Making it more memorable
We use all of these extra changes to make the password more secure, and the sample password “aoubtargu5:mentANOTHERnewdance” is a very secure password. To calculate its effectiveness against an attack, let’s assume that the attacker knows that you have one number and one symbol somewhere in the password. The basic entropy of using these 5 dictionary words is 72.85 bits. With our changes the entropy comes to 128.50 bits. My method for calculating entropy here is as follows:
Number of possible combinations =
Possible simple dictionary combinations *
Possible combinations of capitalization *
Possible misspelled characters in every position *
Possible single digit in every position *
Possible symbol in every position
Number of possible combinations = 243585 * 228 * (26*28) * (10*29) * (33*30) = 4.81e+38
Entropy = log2(possible combinations)
If you don't have log2(x) on your calculator then use ln(possible combos)/ln(2)
Entropy = 128.50 bits
That’s a very secure password. It’s too secure if you ask me. Let’s trade in some of that security for something that is easier to memorize and use a four word passphrase.
Let’s try crafting a new password with only 4 words so it is easier to remember. From random books I got the words “pearl sometimes islands commercial.” The improved version is “peArlsome8timesislandscom|mercial” = 117.26 bits of entropy.
Just for fun, let’s try 3 words. “jump feeling centuries” becomes “j3umpfEEling!cenwuries” = 89.96 bits of entropy. Even with 3 words, the password is very secure, but perhaps it is still too difficult to memorize with all of the modifications.
Which modification is best?
On the surface, random capitalization seems to be the best option because it adds 1 bit of entropy for every letter in the password. However, if you change your symbol or number to appear a variable number of times then you get a very powerful multiplier from it. I would argue that 1 or 2 modifiers will create a secure password. Let’s try it out. “humble attribute mouse punish” becomes “humbleattributemousepUnUsh” = 93.69 bits. Or we could use length instead of complexity “humblea:|:|:|:|:|:|:|:|:|:|ttributemousepunish” has an amazing 159.18 bits of entropy. This is because once your password starts to get complex, then length is king.
In conclusion, it looks like the best Bookware passphrase for security and memorability is 4 words with some kind of creative modifier to disrupt a dictionary attack and add additional complexity.
You may have noticed by now that any of these modifiers can easily be used with Diceware. You are right about that, but by using books instead of dice, we are adding a larger vocabulary to start from without losing any of the randomness or memorability.
Warning: Never use any password you find on the internet as your own! Always build one yourself!