[7040] in cryptography@c2.net mail archive
Re: Automatic passphrase generation
daemon@ATHENA.MIT.EDU (j@cnb.uam.es)
Tue May 9 15:46:16 2000
Message-Id: <200005091524.RAA61884@embnet.cnb.uam.es>
Date: Tue, 9 May 2000 17:24:44 +0200 (DST)
To: sreid@sea-to-sky.net
Cc: coderpunks@toad.com, cryptography@c2.net
From: <j@cnb.uam.es>
Reply-To: <j@cnb.uam.es>
In-Reply-To: <20000430170511.A666@grok.localnet>
-----BEGIN PGP SIGNED MESSAGE-----
Steve Reid <sreid@sea-to-sky.net> wrote:
>
> This is not nearly as good as I had hoped. Does anyone have any
> suggestions for producing output that is more correct english? I'm
> wondering if maybe the lexicon I'm using isn't so good. Or maybe my
> knowledge of sentence structure hmm, with Yoda on par it is.
I tend to favor long passphrases with full meaning taken from real
works:
"d God said, Let there be light: and there was light. And God
saw the light, that it was good: and God divided the light
from the darkness. And God called the light Day, a"
Obviously, if you know it comes from a book you don't need to random
try for the key. But still, and if you don't take actual sentences,
you get a nice number of options (e.g. starting at any word and using
the next 20-40 ones you'd get ~[size-range] * [number-of-words-in-book
- - min-size-of-passphrase]). Using partial words would increase options
proportionately. That's still too little.
But, make it be a bigger number of books and you get a bigger number of
options.
Use a thesaurus to substitute words by synonyms and increase it (just
think how many alternate versions of Murphy's law there are around).
"...
peered the light, that it was fine: & Deity parted the flame
..."
Makeing use of alternate (mis)spellings you may further increase
uncertainty.
"...
peered the lit; that 'twas fin -- & deity parted the phlame
..."
Making its length have greater variability does so even more. Mixing
various languages (if feasible) helps a bit more...
"...
vu la lumier; that 'twas fin -- & deity parted the phlame
..."
Yet, for automatic generation you are bounded by electronic books,
which are still relatively few. But there's the Internet with a
source of electronic text in the form of web pages, e-mail, USENET
news messages; and there are translation tools, and so on...
Oh, and don't forget acrostics: take the first (or second or...)
letter/word from a poem and off you go.
So it would run something like
pos = random number between 0 and collection-size
go to pos in literary-collection
size = random number between min-len and max-len
phrase = fetch size characters/words starting at pos
for every work in phrase
randomly select synonym in thesaurus
with probability p = f(x)
randomly select equivalent in language Y
with p = f(y)
randomly select alternate (mis)spelling in
degenerate thesaurus with p = f(z)
for every symbol/character in phrase
randomly select alternate equivalent with p = f(v)
& so on...
Obviously too, after several transformations you may as well end up
with a nonsensical sentence. Note that repeating the steps more than
once will result in sensible meaning drifts (adding to the fun and the
entropy).
I may be wrong, but my impression is that increasing entropy may not
be so difficult with long enough (>150 char) fragments.
It may also help producing the passphrase and showing the user the
process used to develop it so s/he may learn to do it by him/herself.
Just my 2c worth.
j
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBORgtvrgsTQLvQjxFAQEzEAf/e1f1OvfBDaOimrPJb3fh75sHm+vxHtmK
Bo13sYdfd+PF3+c9Cp8oPv00dC68L2XazS4AeWqYJNaIUjeCrI7GwncSxZycKlBa
UF30PJCWR/pg8fiBva4Ay+kL+6sR5cPtPzjpW/0SeYHyJ6wuxxulhqUt5fR7BsMq
V/ChQyrV/8jMCmOYILTmcwtgVJ4Zg0mGdNqDbUmIE2bqKwowmc5FosS8GBSQp9mz
LVouObnZ6qTwO+Pb78YOLLAphA/sA7f6NddWGfqHcEsAm69CtGXM5rUhiw4J6Iyg
0ezqDzvYSVXNQtZ6pGOMXhMH3D9J2CWHjwrpXXPUlEPPKRlMoZfxhw==
=rqo8
-----END PGP SIGNATURE-----
