Talk:Passphrase

This article has not yet been rated on Wikipedia's content assessment scale.

The second and third paragraphs seem to be an exact copy of the section "What is a passphrase?" from http://world.std.com/~reinhold/diceware.html. The copyright for that page states, in part, "The author hereby grants rights for free, non-commercial, electronic distribution, with attribution, of this entire text or just the Diceware word list.", with emphasis on entire..

Your right; in fact, the original version — as of 15:05, 27 Nov 2002 — is even more similar. I suggest we just merge the ideas into Password, as a pass phrase is just a type of password. — Matt 09:12, 6 May 2004 (UTC)[reply]

Matt, True enough. But not to users. Choosing a pass phrase is rather different than choosing a password, the security implications can be rather different, and so on. I would advocate cross links and two articles despite the conceptual identity from particular perspectives. Thoughts in response? ww 14:29, 7 May 2004 (UTC)[reply]

I don't see any major differences in concept. In both cases you avoid guessable passwords, try not to write it down on bits of paper and stick them on the monitor, and have a tension between entropy and memorability. A passphrase just has a special form. We already have the line "Passcode is sometimes taken to imply that the information used is purely numeric, such as the PIN commonly used for ATM access." in Password; why not append "A Passphrase is a long password, usually formed from a sequence of words."? — Matt 16:12, 7 May 2004 (UTC)[reply]

Matt, No conceptual difference, I agree. The precedent of passcode here is unconvincing. (Perhaps I should done a wig whilst pronouncing on questions of precedent, or at least judicial robes?) I like the 'tension between entropy and memorability' phrase, though. Nice job. The 'special form' of a pass phrase is sufficiently distinct, I think. Cross refs are certainly in order and your sentence would be quite appropriate in making the point of no conceptual difference. However, choosing a pass phrase is rather different than choosing a password or passcode and readers should, I think, learn of this. As it stands the article doesn't do a good job of covering this, nor does password. On my list of course......

The reason I argue for a separate article is not conceptual difference (as there is none in my view, nor in yours; nor anybody's I would imagine) but practical difference to users. I think enough difference to justify 2 articles. ww 18:13, 8 May 2004 (UTC)[reply]

I just looked carefully at the above discussion, which took place before I started editing here, and realized someone could infer a possible copyright problem with this article. I am the owner of http://world.std.com/~reinhold/diceware.html and I hereby give retroactive permission under GFDL for whatever use was made of it by Wikipedia.--agr 12:19, 20 March 2007 (UTC)[reply]

I hereby add permission under the Creative Copyright CC-BY license with the understanding that it is compatible with past, current and future licensing schemes approved by Wikipedia and/or the Wikimedia Foundation.--agr (talk) 16:09, 24 January 2014 (UTC)[reply]

There is a conceptual difference between a password and a passphrase. A traditional password is short, and therefore to be secure, it should be random (have high entropy). The idea of the passphrase is to maintain the same total entropy, but lower the entropy per character. This permits the use of phrases that are easier to remember without loss of security. This concept should be included in the main article. It would be better if people would read my original paper* before opining. --Sig Porter

• "A Password Extension for Improved Human Factors"

       Crypto 81 (1981 IEEE-CS Workshop on Cryptography) 
       Computers & Security, Vol. 1. No. 1, 1982, North Holland Press
       http://pages.sbcglobal.net/snporter5/passphrase/page1.html

Snporter 03:15, 26 August 2007 (UTC)[reply]

Why are there passphrases in OpenPGP, when there already is a private key? --Abdull 22:41, 5 October 2005 (UTC)[reply]

The passphrase is used to encrypt the private key so someone else who gains access to your private key file cannot use it, assuming you have a strong passphrase and the attacker can't employ a keyboard logger or acoustic cryptanalysis or other means to discover your passphrase. --agr 23:13, 5 October 2005 (UTC)[reply]

I had never encountered this word — "passphrase" — till just now. What I need is to describe a multi-word (i.e. sentence) "password" used for mutual identification of underground operatives in clandestine meetings. Is "passphrase" appropriate for usage in mainstream contexts, or does it meanwhile remain strictly in Information Techonology usage, as the page seems to indicate? -- Thanks, Deborahjay 09:20, 20 March 2007 (UTC)[reply]

I think it's only used in relation to computing, its goal being to emphasize the strength of one's passwords. The reason is that computers are capable of systematically trying a large numbers of passwords by brute force, whereas this is simply not possible when trying to identify yourself to a human being. While remote systems can analogously detect brute force attempts, protecting local storage in this manner is simply not reliable, if your threat model includes the attackers gaining access to this data. Hence the need to protect your important data with a "phrase", and not just a "word". -- intgr 09:53, 20 March 2007 (UTC)[reply]

The term was invented in 1981 by Sigmund N. Porter (A Password Extension for Improved Human Factors, Advances in Cryptology: A Report on CRYPTO 81, Allen Gersho, editor, volume 0, U.C. Santa Barbara Dept. of Elec. and Computer Eng., Santa Barbara, 1982. Pages 81--81. Also in Computers & Security, Vol. 1. No. 1, 1982, North Holland Press.) [1]. So if your looking for authentic spy lingo for a novel, it probably won't do. If you are writing a paper, there is no reason not to use the word if it suits.

By the way, remote systems can not detect brute force attempts, in general, because of the way many systems pass credential in the form of a hashed password. These can be attacked off-line at very high speeds.--agr 11:57, 20 March 2007 (UTC)[reply]

Password: 94 characters (26 lower case, 26 upper case, 10 number, 32 symbol) Passphrase: 880,000 characters (dictionary) separated by spaces —The preceding unsigned comment was added by Bluefoxicy (talk • contribs) 06:59, 6 April 2007 (UTC).[reply]

The parts without citation in the security section don't make sense. For example: "The words or components of a passphrase need not all be, but often are, found in a language dictionary" -- if a passphrase is not a word in any particular language, that is no longer a passphrase by definition. A random collection of letters and symbols is called a password -- not a passphrase.--Musides (talk) 18:12, 27 March 2008 (UTC)[reply]

It seems that at least one decently easy way to think of passwords, passphrases, and alike is by separating all considered languages into ”token spaces” of characters, words, phrases (and so on…).  The exact method to generate the token spaces in cases where languages such as Japanese and Chinese are to be considered is suitable to be left for linguistics—as well as correcting my terminology.

A password is defined as follows: a string that stores most of its entropy in a sequence of randomly selected members of the character token space. In this case, the set of passwords = set of all possible strings.

A passphrase is defined as follows: a string that stores most of its in as a sequence of randomly selected members of the word token space. Passphrases are thus a subset of passwords. Also, both “CORRECT HORSE BATTERY STAPLE” and “+0CORRECT#Horse#BATTERY#STAPLE!” should be considered different members of the set of all passphrase because both of them store most of their entropy in a sequence formed by four random English words.

I know one old teacher with her own “passparagraphs,” which continue this distinction by consisting of phrases from popular songs and poems.

Passphrase security does not derive from their length in characters (though that may be important when choosing the cryptographic password salt). Think about BIP39-wallets which do not even accept anything but words. 2001:14B8:1871:6440:7157:B1F0:2EAB:E214 (talk) 21:28, 31 March 2022 (UTC)[reply]

I'm removing a section that attempts to estimate the entropy of passphrases based on the assumption that each character has 1.1 bit of entropy. The 1.1 bit of entropy for characters in English texts are optained by letting humans guess characters taken from an article or book under the assumption that the human already knows the context from which the text was taken. Passphrases are a different scenario, hence the study has little to no relevance here. For example one can not conclude that 10 character passwords taken from an English dictionary have 11 bits of entropy (there are certainly more than 2048 English words with 10 characters). Similarly, the result can not be applied to passphrases, since these do not follow a given context. 85.2.11.92 (talk) 06:11, 28 March 2008 (UTC)[reply]

(1) Those are not estimates, but mathematical calculations; (2) these findings are widely published and used, as the references indicate; (3) there is a tremendous amount of academic research backing up this data, starting with Shannon; (4) you can't remove a section because you don't personally agree with it. In particular, the reference from Microsoft uses this data. It is not satisfactory if you do not agree with his findings; you must cite alternate sources.

The proper way to resolve your concerns is to find alternative sources, and cite those. If you do that, we can set it up as two different and competing approaches. That would be fine and appropriate. There is plenty of room for varying positions on this subject. But you cannot delete/censor material you do not agree with, and this is not a place for your personal research/opinion. --Musides (talk) 16:22, 28 March 2008 (UTC)[reply]

Ok, let's try to resolve this without going into a revert war. The problem with your "calculation" is that it makes the assumption that (A) the entropy per character of the English text and (B) the entropy per character of passpharses is the same. The entropy of English text is indeed well published and 1.1 bit seems to be in line with other publications. Note however, that this number is valid for sufficiently long text. E.g., in the reference that you gave the participants have to guess 100 characters given 100 preceeding characters of the text. If you repeat these experiments but try to guess the first 100 characters of a text too, then you'll probably notice that guessing the first 100 characters is harder than guessing the next 100 characters, which would imply that the entropy per character is higher at the beginning of the text. Hence it is unclear whether (A) and (B) are the same. So regarding your comments: (1) if you start with an unproven assumption, you'll end up with an unproven result. In particular, paper you reference does not support the claim that text of size 60 have 66 bit of entropy. (2) If your claim is indeed widely published then please give a reference for it. So far it is unsupported. (3) There are publications backing up 1.1 bit per char or similar results for sufficiently long English text. You are abusing these results for something that was not measured. (4) Wrong. You made the claim. You have to support it. 85.2.71.61 (talk) 17:16, 6 April 2008 (UTC)[reply]

(A) entropy per character is not an assumption, it is based on the findings of Shannon. We agree that this is predicated on a passphrase being a line of regular english text, as opposed to a random collection of characters; (B) Another source makes this assumption, but certainly, that source does not only make an assumption, but talks about doing it.

We both agree there is room for skepticism and critique of passphrase strength. I'm not aware of good published sources against the view outlined by the Microsoft source -- I hope you can find some. I'd love to see some good, real data on the subject, because there is plenty of room for debate.

Regarding your citation needed, this is being pedantic. You don't need a citation for basic math (do I really need to cite a source that proves 1.1 x 60 = 66)? We already have citation for the 1.1 number in Shannon, and we have citation for the method itself at Microsoft. I have no idea what you are talking about with your 3 & 4, this data is from the Microsoft source.

Look, it is okay not to agree with something -- that doesn't mean that data needs to be deleted. Instead, just find a counter-point.

--Musides (talk) 22:35, 6 April 2008 (UTC)[reply]

Musides, I do not ask for a reference that 1.1 x 60 = 66, but for a reference that this computation actually gives a relevant result and is not just based on a misunderstanding. Again, the experiment you reference uses longer texts and asks for the entropy per character given that the context from which this text is taken is known. You apply this to shorter English passphrases, which do not have any context. Hence, you misuse a result for something it was not meant for. The Microsoft source does not support your calculation either. I.e., it claims a lower bound of 1.3 bits per character for typical passphrases and an upper bound of 2.3 bits and notes that these estimates are not based on sufficient experiments. Certainly, having more data would be nice. But not having data does not mean we have to fill the gap with somewhat random speculation. 85.2.55.154 (talk) 02:39, 7 April 2008 (UTC)[reply]

Okay, let's see if I haven't resolved this debate with the changes I made. It became clear to me that we needed more references for this discussion to move forward, and what better source than NIST -- about as definitive a resource as we have. So, I added their model and the huge amount of empirical data and testing that they bring to the fore. Have a review of this, and let me know if this has resolved our issue.

FWIW, regarding Shannon. We both agree that context, or in this case length, is the determining factor of entropy. Shannon's 2.3 bits was for 8 letter words, and that varies depending on word length. NIST points out that the longer the phrase (ie context) gets, the less reliant or lower the entropy of the phrase.

--Musides (talk) 19:01, 7 April 2008 (UTC)[reply]

Yes, your latest changes improve the article and resolve my complaints. I also agree that NIST has done a good job with their publication. 85.2.1.21 (talk) 20:04, 7 April 2008 (UTC)[reply]

Most of this article doesn't have citations. What is the general rule/proper etiquette to wait until we delete sections without citations and replace it with researched/documented information? --Musides (talk) 20:45, 7 April 2008 (UTC)[reply]

The citation police are of one opinion, mostly the same as the OR police. The problem is that technical articles / technical content are not the same sort of animal as literary or academic content / articles. Edmund White's opinion of Hemingway's writing (or vice versa) is probably important in that context and deserves a citation. In contrast, for technical matters (eg, that iron is solid at room temperature) I think citation demands are borderline idiotic. They quickly degrade into the sort of mushy epistemology fanaticism that one finds in disputes about junk science or religious science. It does WP no good, nor its Readers, for whom we are all working.

Bare facts (eg, melting point of lead at STP) can be sourced from most anything. Something a bit more than a bare fact (eg, lead is often used in ammunition for guns) often draws fire from the same and policy statements (eg, lead should not be used in ammunition for ecological contamination reasons) do also. Only the last, in my opinion, really requires a citation. The rest is WP political correctness gone wild. ww (talk) 20:36, 11 April 2008 (UTC)[reply]

I see, so I take it you are not a big fan of citations? In any event, the reason why I bring up citations is because some of the claims made in this article are dubious. For example, it fails to properly distinguish between pass phrases as strings of texts, and pass phrases as memorization techniques. It has some dubious claims about passwords being strong, and so on.

I can see reason with what you say, but there seems to be this competing problem of edit wars of one person's opinion versus another, and I can imagine this problem is notorious in technical articles (I shudder to think about emacs, vi, etc). Citations help keep people honest, and their personal opinions/research out of the picture. In any event, I think you've answered my question: I just need to edit.--Musides (talk) 21:18, 11 April 2008 (UTC)[reply]

The page linked has a JavaScript at Pass4All and NOT a URL.

Who has verified that ? I can find no such reference other than this external link.

Please remove until verified.

passphrases.aule-browser.com is my site and it should not be linked here.

Start with a search on "passphrase generator", please.

example: http://readablepassphrase.codeplex.com/ which provides information as to what the visitor may choose to download.

This link is missing that one crucial level of indirection: the page explaining the what the user is invited to click on and with some semblance of being verifiable witouth investigating page source ( wikipedia users able to do that are able to generate their own passphrases with simple scripts of their own.)

First and foremost, an external link should be a URL to at least information on the passphrase generator and not what this is, a completely uninformative link with an embedded piece of JavaScript. The fact that the external link SAYS "browser button" is not sufficient.

The page in question reads as source

" <frame marginwidth=0 marginheight=0 frameborder=0 name="TOPFRAME" src="http://www.email-os.com/syncapps/" noresize> "

so I will remove the link now.

G. Robert Shiplett 20:43, 21 July 2012 (UTC)

This article currently has three different ways of typing passphrase, can we agree on a default and use that or is there a reason it differs? — Preceding unsigned comment added by Ghanababar (talk • contribs) 10:26, 24 January 2014 (UTC)[reply]

Thanks for catching that I changed them all to passphrase, except in an reference article title.--agr (talk) 16:09, 24 January 2014 (UTC)[reply]

The majority of the text in Passphrase exist in the Password article. The only thing needed is to state in the Password article that a Passphrase is the same as a very long password but that it usually refer to passwords that consist of multiple words, like a sentence. Rescator (talk) 06:36, 25 December 2014 (UTC)[reply]

Oppose merge. There are significant differences between passphrases and passwords --Guy Macon (talk) 08:37, 25 December 2014 (UTC)[reply]

Prove it, as the Passphrase article itself state they are the same "A passphrase is a sequence of words", "A passphrase is similar to a password in usage, but is generally longer" and that is the first paragraph in the article. Then under "Compared to passwords" we see "Passphrases differ from passwords. A password is usually short" and "two Cambridge University researchers analyzed passphrases from..., losing much of the potential of using long passwords", and "One method to create a strong passphrase is to use dice to select words at random from a long list," but this is also suggested for passwords. Basically a password is short and a passphrase is not short, "passphrase" is a synonym for long-password. Per the password article this is a valid password "This is my secret!", and per the passphrase article this is a valid passphrase "This is my secret!" see the difference? I certainly don't. Are both articles wrong or right or is just one of them wrong, now if a passphrase truly is different from a long-password or sentence or string of words then the article fails to clarify this, for years I've seen passphrase used to indicate more-than-one-word passwords, probably due to "word" and "phrase" being rather descriptive gramatically speaking. And if passphrase is not the same and uses a completely different way or method to derive a passphrase vs a password then why is that not described in the article and in the very first paragraph. "The passphrase FAQ" which is cited as source even says "A passphrase is a sentence or phrase used instead of a single password", how can you oppose a merge on the grounds that a password and passphrase are different when the cited sources themselves says they are the same only password references a single word use and passphrase references multiple word use. Old sources states a password is typically 6-8, while a passphrase is at least 14. Certain password guides states that a really secure password should be 16 characters, but isn't that a passphrase then? If you are correct then both the password and passphrase articles need to be re-written and any cite sources that contradict themselves can not be used (which includes the Passphrase FAQ) which has this as an example "There is a sucker born every minute." how is that any different from a long password aka a password with spaces in it? From the password article there is this "Some passwords are formed from multiple words and may more accurately be called a passphrase. The terms passcode and passkey are sometimes used when the secret information is purely numeric" so why not add a passphrase paragraph in the password article? Please qualify your statement! You have a really interesting quote on your user page that is a tad ironic right now. Rescator (talk) 18:54, 25 December 2014 (UTC)[reply]

Regarding your claim that "'passphrase' is a synonym for long-password", is there any reliable source that we can cite to support this claim? Note the usage by Microsoft security guru Robert Hensing,[2] by PC Magazine,[3] cloud security expert Sabi Goriawala,[4] and by Cambridge University researchers Joseph Bonneau and Ekaterina Shutova[5] -- especially section 3.1 ("Comparison to passwords").

Regarding rewriting either article for clarity, feel free to do so, keeping in mind that WP:V applies to all claims made in any Wikipedia article. If different sources give different definitions, we simply apply WP:WEIGHT and report what is in the sources. Note that sources from before the time when the term "passphrase" became popular are especially likely to contain definitions for "password" that are of little use in differentiating them from passphrases.

As for the rest of your argument, it appears that the same argument could be used to argue for merging/redirecting our Word article with our Phrase article. Semantically, there is a world of difference between words and phrases and there is a world of difference between passwords and passphrases.

Finally, please try to dial back the aggression a bit. We are supposed to be two reasonable people having a calm, thoughtful discussion about what is best for the encyclopedia. Neither option (merged or unmerged) is obviously wrong. --Guy Macon (talk) 20:50, 25 December 2014 (UTC)[reply]

Since I was censored this has now been move to dispute resolution[6] — Preceding unsigned comment added by Rescator (talk • contribs) 16:50, 27 December 2014 (UTC)[reply]

Regarding the content dispute, there has been very little discussion on the article talk page, and per WP:CONSENSUS no dispute resolution venue is appropriate until both parties have made a good-faith attempt to resolve the dispute through talk page discussions.

Regarding the accusation of censorship, censorship is a user conduct issue and not an article content issue, and thus should be brought up at WP:ANI, not WP:DRN -- but be aware of WP:BOOMERANG.

That being said, Rescator edited my comments[7] in direct violation of Wikipedia:Talk page guidelines#Layout and Wikipedia:Talk page layout and I reverted the edits to my comment[8] in compliance with Wikipedia:Talk page guidelines#Others' comments --Guy Macon (talk) 18:09, 27 December 2014 (UTC)[reply]

I must be in backwards land then, looking at the history of the talk page I only see Guy Macon removing my responses to his many points. He answered in the form of multiple points and I answered to several of them individually (though with a lot of overlap in the answers I must admit.) Looking at the history I do not see myself editing any of his comments nor do I appear to have messed up any indentation there (Guy Macon comments are at 3 indentations while my responses to his points are at 4 indentations. Although I do see a Wikipedia error in the history (is that what the issue is?). I request that Guy Macon please show a reference to which of his comments I allegedly edited or he should refrain from making false accusations. In either case Guy Macon has achieved his goal (intentional or not) as I will refrain from editing either passphrase nor password articles, if this is how messy the talk pages get I won't bother with the articles themselves, I have enough grief in my life as it is, I do not need to keep arguing with someone on Wikipedia as well. I still wish for the accusations made against me on this talk page to be resolved though purely on principle. Rescator (talk) 21:25, 28 December 2014 (UTC)[reply]

The link showing where you edited my comments is in the comment above yours (click on the number between the "[" and "]" just to the right of "Rescator edited my comments", or just click here. Note that adding text in the middle of another editors comment is considered editing another person's comments, and is the reason why WP:INTERSPERSE links there.

To go directly to the part of the talk page guidelines where this is not allowed, click on these links: Wikipedia talk page layout guidelines and Wikipedia guide to talk page layout. Those documents are quite clear on the subject of what behavior is expected from you. I advise that you read them, follow the rules, and drop the stick.

To go directly to the part of the talk page guidelines where my undoing your editing my comments is allowed, click on this link: Wikipedia talk page guidelines on removing other editor's comments. Again, the talk page guidelines are perfectly clear on this. If you need help understanding them, post a question at our help desk with links to the edit and revert in question (feel free to copy the links from my comments above). You could even ask why the Wikipedia guidelines forbid interspersing comments.

Finally, if you had simply followed my instructions (see edit comment here) instead of escalating your aggression and filing complaints when it is you who either don't understand or are unwilling to follow Wikipedia's talk page guidelines we wouldn't be having this conversation. Competence is required. --Guy Macon (talk) 23:18, 28 December 2014 (UTC)[reply]

I see that the the guidelines you link to state "Separate multiple points with whitespace", for threading and clarity purposes I replied to the points, should I instead have replied in a singular comment but as a point list? (nowhere does it state that is the way to do it) And I certainly would not edit your points by adding your signature to their end either. I see no guidelines on how to address responding to multiple points. I checked and I only found the mention of separating multiple points with whitespace and ensuring indenting is enforced. The other issue is that when you reversed my edits you reversed all of them and not just the parts that you mean infringed upon your copy you you even removed the comment below that where I asked what aggressive behavior you where claiming I had. I did not behave aggressively and I'll state it again, I'm completely neutral in this, I do not resort to smileys or similar as I find that unnecessary, if I was upset with you I'd directly state it instead, if anything I feel it is you that are aggressive towards me. Also please don't be patronizing and telling me how to compare page history edits, I stated earlier that I did in fact do that. And the reason for the escalation was simple, looking at your user page you are clearly higher ranking and the logical thing is to ask your peers for advice how to handle the situation. I'll reiterate. You undid my comments and mentioned a violation, I read up and it says nothing about how to handle multiple points, it does mention multiple points and it states that proper indentation should be used to make it clear who is responding to what. Blaming me for lack of experience in this case is ignorant, and telling me I'm incompetent I find insulting, especially when the competent page you link to does state that perfection is not required, and it also state that not trying to help improve the knowledge of some can seem disruptive, something I agree with. I can only hope that something good comes out of this, like improving the guidelines to state how to handle multiple points and indentation of the answers to multiple points, you can not blame me for not knowing guidelines that is not even written. All this could easily have been solved if you had simply informed me that responding to multiple points with multiple answers is not allowed even if you use indentation. Instead you just pointed to the guidelines which says I did nothing wrong nor even suggested to handle multiple points and threading of such. Know if there is a policy stated for this then I do not see it, and you tell me I should have asked for help, and I did, i asked for a mediator to help mediate the situation and explain what the error was as you did not offer any. But the point is mute now anyway, you can add another notch in you belt (or perhaps a userpage badge exists for it) and Wikipedia has left a sour taste in my mouth. I'll be turning off the watch of this page so I don't have to deal with this any more, I'll just end with a closing statement: The Wiki talk page guidelines lack information for multiple points and how to respond to them, and the talk page lack the ability to respond to separate points, hopefully one of these or both will be rectified in the future so situations like this can be avoided. Rescator (talk) 10:46, 29 December 2014 (UTC)[reply]

I don't know what part of "then the next post will go underneath yours and so on" you are having so much trouble understanding, but I will open up a dialog with the editors who maintain those guidelines and see whether we can make it even more clear. You still have the option to stop wikilawyering and get back to talking about your proposed merge/redirect as explained in WP:CONSENSUS. --Guy Macon (talk) 16:47, 29 December 2014 (UTC)[reply]

The entropy discussions in the article seem to be based on English sentences, rather than on randomly chosen sets of words. The low entropy-per-character counts are based on the assumption (true for English text) that later parts of the text tend to be predictable based on earlier parts. The word "antidisestablishmentarianism" contributes almost no entropy after about 8 letters, because there are few words that start with those 8 letters. Similarly, a quotation very rapidly starts being predictable.

On the other hand, in the top 10,000 English words there are more than 1024 that are four or fewer letters long. If we choose randomly from 1024 four-letter words, we get 10 bits of entropy per word - an average of 2.5 bits per letter - and that value is constant no matter how many words we choose. 80 bits of entropy requires eight such words, for a total of 32 letters. (Spaces between the words don't add entropy and don't need to be included.)

This arithmetic is covered to some extent in the Example Methods section, in the discussion of Diceware, but it seems to belong in a more prominent location; it's part of the fundamentals of passphrases rather than a mere example.

Perhaps there should be a section discussing sentences (or sentence fragments) vs randomly selected words? I'm not sure where to get cites, though. Jordan Brown (talk) 00:57, 20 March 2017 (UTC)[reply]

We would have find a source that discusses the above in order to avoid WP:OR, but even if we do is sentences vs random words really what the reader needs to know about? IMO he/she needs to know about the difference between a random sequence (whether it is constructed of random words, random characters or even random 1s and 0s) and a sequence that has meaning that can be figured out.

Let me try to illustrate this with an example. The English Wikipedia has 60,361,874 pages of all kinds. So I roll some dice to choose a page and cut and paste the first 256 characters from that page, making note of the time. If my attacker knows that I did that, she would only have to make 60,361,874 guesses to get my passphrase, far less than it would take to try every 256 character sequence. One could argue "how would the attacker know to use parts of Wikipedia pages as guesses as opposed to, say, parts of Linux MAN pages or quotes from My Little Pony episodes?" If one follows Kerckhoffs's principle, (which I do) one must assume that everything about the system except the actual key is public knowledge. This includes the method used to generate the key.

On the other hand, using random words or characters makes it really hard to memorize a passphrase. My personal master passphrase has over 32 words in it, a couple of which don't exist in any dictionary. I have never written it down, it isn't on my hard disk or in anything I have ever posted online and I have never spoken it aloud; it exists only in my memory. Obviously it can not be random words, because I would not be able to memorize it. Something about my long passphrase makes it hard for me to forget. See [ https://xkcd.com/936/ ]

So, how do I reconcile the two contradictory things I just wrote? The way I solved it is with those couple of words which don't exist in any dictionary. I generated a bunch of random sequences from a true random source and picked the first two that were pronounceable. I can memorize two nonsense words. Even if an attacker knows everything else about my passphrase, there is enough entropy in those two words alone to protect my information. Of course none of that is actually secure. See [ https://www.xkcd.com/538/ ] :( --Guy Macon (talk) 13:44, 20 March 2017 (UTC)[reply]

Sorry, yes, it's random vs meaningful sequences. It's approximately the same distinction as between words and random sequences of letters. (Similarly, there are fewer than a million five-word phrases in a particular edition of the Bible.) Agree that the best assumption is that the villain knows exactly what scheme you used. Anyhow, it doesn't seem like the article covers the need for randomness very well. The second paragraph says that passphrases can be relatively weak, but uses the math for non-random phrases.

As for memorability, shrug. I haven't used passphrases much, but in a few experiments getting 40 or 50 bits doesn't seem difficult. I more or less routinely memorize 8-character random lowercase/digit passwords (at ~41 bits), and my few attempts at memorizing 4-5 word passphrases made from short common words (at 40-50 bits) have suggested that they will be easier.

Anyhow, yes, the problem is references.Jordan Brown (talk) 15:30, 20 March 2017 (UTC)[reply]

This is a good point. People have been known to choose the easiest path possible when coming up with a password/passphrase that nobody will see and can judge them on. Given that the most common 100 words make up half of all written words, you just know people are going to choose something like "this is my long password", just like they used to choose "12345678". This has a huge effect on the entropy section. Nerfer (talk) 18:21, 25 July 2018 (UTC)[reply]

Bill Burr wrote the original NIST Special Publication 800-63. Appendix A,, which advised that all passwords should be a string of random characters and that they should be changed every 90 days, which eventually became the de facto standard for most commercial IT shops. In 2017, though, he had changed his position, in an interview with the Wall Street Journal, saying that random passphrases were more secure and easier to remember. I'd like to add this updated policy to this page, but I'm not sure where to put it. (Citation here^{[Bill-Burr 1]} and here^{[Bill-Burr 2]} and below.) — Loadmaster (talk) 16:53, 5 March 2018 (UTC)[reply]