Random Passphrase Generator

Put the cursor in this box and type:

out of 128 bits created,
previous groups of 128 bits have been entered.

Place the cursor in the box at the top and type to create random passphrases. If this does not work on this machine, see the example output from one run of this program. After typing 128 characters to generate 128 random bits, 13 passphrases are created, each encoding those 128 bits a different way. These are: Each of these contains the same amount of entropy (128 bits) if they are known to have been generated by this program. If only 64 or 32 bits of entropy are needed, then use just the first half or quarter of one of the passphrases.

An interesting question is how to rank these passphrases by ease of memorization. Several people I've asked felt they should be ranked in the order listed above: 11 words are the easiest to memorize, and 128 bits are the most difficult. I find the sequence of 11 words can be memorized quickly as a story with 3 sentences or images, each 4 words long (3 words for the last one).

Another interesting question is whether there is some other way to encode 128 random bits that would be easier to memorize than any of these. Perhaps as a picture with recognizable icons in a random arrangement? Or music notes? Or chess board arrangements? My guess is that the 11 words will still be easier for most people, but some people may find other things easier to memorize. It has been suggested to me that it might be easier to memorize a mixture of 2 types, such as 64 bits of words followed by 64 bits of phone numbers. Or even 4 or 8 different types. The order of the types could be randomized, encoding a few more bits.

For added security, type in additional groups of 128 characters, and look at the last set of passphrases generated. The last set of passphrases is generated based on all the sets of keystrokes preceding it.

The random number generator maintains an internal state of 160 bits. After each keystroke, the state is XORed with the character entered, the time at which it was entered, and a counter. Then the state is replaced by the SHA-1 hash of itself. After 128 keys have been entered, the passphrases are generated. The internal state is not reset between sets of keystrokes, so better passphrases may be generated by entering multiple groups of 128 keystrokes, and using just the last set of passphrases generated.

The keystroke timing contains only a small amount of entropy from what I can tell, unless you wait about 10 seconds between keystrokes. The ASCII code of the key contains no entropy if you just hit the spacebar repeatedly, and contains a little entropy if you hit keys at random. If you flip a coin repeatedly and type in the results, with one keystroke per flip, then presumably there's at least a full bit of entropy per keystroke. If a group of 128 bits is not completely uniform, then typing in multiple groups of 128 bits will probably be better since they're all used to generate the last set of passphrases.

The 4096 6-letter words used here are a modified form of the public-domain list compiled by Dianelos Georgoudis. The 2048 4-letter words are from rfc1751

(c) 2000-2009 Leemon Baird