[messaging] Passphrase-based key mobility (was: Peerio)
Tony Arcieri
bascule at gmail.com
Fri Mar 6 19:04:40 PST 2015
Also check out the Confusion video if you haven't seen it already (although
you may have to mute unless you like intense synthesizers in your face):
https://www.youtube.com/watch?v=BAeJsskGHsQ
On Fri, Mar 6, 2015 at 7:02 PM, Tony Arcieri <bascule at gmail.com> wrote:
> For what it's worth, here's the English wordlist I came up with for my
> semi-vaporware project Confusion:
>
> https://github.com/cryptosphere/confusion/blob/master/wordlists/en.txt
>
> 4096 words, chosen by frequency of usage (I forget what wordlist I used).
> I did a few additional passes to clean it up. I forget the specifics.
> Probably should've just scripted its generation ;)
>
> In my UI, I just added a "refresh" button, so while the passwords are
> generated by randomly combining words from data out of a CSPRNG, the user
> can refresh if they don't like the particular combination they receive
> until they find one that's nice and easy to communicate.
>
>
>
> On Wed, Mar 4, 2015 at 6:44 AM, Steve Weis <steveweis at gmail.com> wrote:
>
>> The word list is here:
>>
>> https://github.com/PeerioTechnologies/peerio-client/blob/master/src/chrome/js/miniLock/phrase.js#L41
>>
>> If my script to count the words is right, it has 32731 entries.
>>
>> If this phrase is supposed to be memorized, there are a lot of words in
>> that list that share prefixes or pronunciation. The Mnemonicode wordlist
>> has been curated to be prefix-free, have each word start with a unique
>> 5-letters, and to avoid homonyms:
>> https://github.com/singpolyma/mnemonicode
>> https://github.com/mbrubeck/mnemonic.js
>>
>> Downside is Mnemonicode only has 1633 words, so your phrases will be 50%
>> longer.
>>
>> On Mon, Mar 2, 2015 at 11:08 PM, Tao Effect <contact at taoeffect.com>
>> wrote:
>>
>>> Cool! Great improvement. :)
>>>
>>> Sorry if this was mentioned somewhere already (I searched but can't find
>>> it): how big is the dictionary that you're using?
>>>
>>> Meaning, how many words are you picking from for each word?
>>>
>>> Cheers,
>>> Greg
>>>
>>> --
>>> Please do not email me anything that you are not comfortable also sharing with
>>> the NSA.
>>>
>>> On Mar 2, 2015, at 12:30 PM, Nadim Kobeissi <nadim at nadim.computer>
>>> wrote:
>>>
>>> It's now live, pushed to users! Mentioned in this blog post:
>>>
>>> http://blog.peerio.com/post/112534441334/the-new-peerio-simpler-more-secure
>>>
>>> Thanks, everyone, for this great discussion. You've all contributed to
>>> improving Peerio. :-)
>>>
>>> On Mon, Mar 2, 2015 at 8:27 PM, Trevor Perrin <trevp at trevp.net> wrote:
>>>
>>>> On Mon, Mar 2, 2015 at 1:04 AM, Nadim Kobeissi <nadim at nadim.computer>
>>>> wrote:
>>>> >
>>>> > We have decided to forego with user-chosen passphrases entirely, and
>>>> to
>>>> > stick uniquely to the miniLock model of having a CSPRNG pick a
>>>> high-entropy
>>>> > (112-bit) passphrase for users.
>>>>
>>>> Cool, sounds like a good improvement.
>>>>
>>>> Trevor
>>>>
>>>
>>> _______________________________________________
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>>> https://moderncrypto.org/mailman/listinfo/messaging
>>>
>>>
>>>
>>> _______________________________________________
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>>> https://moderncrypto.org/mailman/listinfo/messaging
>>>
>>>
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>
>
>
> --
> Tony Arcieri
>
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150306/bda15459/attachment.html>
More information about the Messaging
mailing list