<div dir="ltr">Also check out the Confusion video if you haven't seen it already (although you may have to mute unless you like intense synthesizers in your face):<div><br></div><div><a href="https://www.youtube.com/watch?v=BAeJsskGHsQ">https://www.youtube.com/watch?v=BAeJsskGHsQ</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 6, 2015 at 7:02 PM, Tony Arcieri <span dir="ltr"><<a href="mailto:bascule@gmail.com" target="_blank">bascule@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">For what it's worth, here's the English wordlist I came up with for my semi-vaporware project Confusion:<div><br></div><div><a href="https://github.com/cryptosphere/confusion/blob/master/wordlists/en.txt" target="_blank">https://github.com/cryptosphere/confusion/blob/master/wordlists/en.txt</a><br></div><div><br></div><div>4096 words, chosen by frequency of usage (I forget what wordlist I used). I did a few additional passes to clean it up. I forget the specifics. Probably should've just scripted its generation ;)</div><div><br></div><div>In my UI, I just added a "refresh" button, so while the passwords are generated by randomly combining words from data out of a CSPRNG, the user can refresh if they don't like the particular combination they receive until they find one that's nice and easy to communicate.</div><div><br></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Wed, Mar 4, 2015 at 6:44 AM, Steve Weis <span dir="ltr"><<a href="mailto:steveweis@gmail.com" target="_blank">steveweis@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>The word list is here:</div><div><a href="https://github.com/PeerioTechnologies/peerio-client/blob/master/src/chrome/js/miniLock/phrase.js#L41" target="_blank">https://github.com/PeerioTechnologies/peerio-client/blob/master/src/chrome/js/miniLock/phrase.js#L41</a><br></div><div><br></div><div>If my script to count the words is right, it has 32731 entries.<br></div></div><div><div><br></div></div><div>If this phrase is supposed to be memorized, there are a lot of words in that list that share prefixes or pronunciation. The Mnemonicode wordlist has been curated to be prefix-free, have each word start with a unique 5-letters, and to avoid homonyms:</div><div><a href="https://github.com/singpolyma/mnemonicode" target="_blank">https://github.com/singpolyma/mnemonicode</a><br></div><div><a href="https://github.com/mbrubeck/mnemonic.js" target="_blank">https://github.com/mbrubeck/mnemonic.js</a><br></div><div><br></div><div>Downside is Mnemonicode only has 1633 words, so your phrases will be 50% longer.</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 2, 2015 at 11:08 PM, Tao Effect <span dir="ltr"><<a href="mailto:contact@taoeffect.com" target="_blank">contact@taoeffect.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Cool! Great improvement. :)<div><br></div><div>Sorry if this was mentioned somewhere already (I searched but can't find it): how big is the dictionary that you're using?</div><div><br></div><div>Meaning, how many words are you picking from for each word?</div><div><br></div><div>Cheers,</div><div>Greg<br><div>
<br><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">--</span><br style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">Please do not email me anything that you are not comfortable also sharing</span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none"> with the NSA.</span>
</div>
<br><div><div><div><div>On Mar 2, 2015, at 12:30 PM, Nadim Kobeissi <<a href="mailto:nadim@nadim.computer" target="_blank">nadim@nadim.computer</a>> wrote:</div><br></div></div><blockquote type="cite"><div><div><div dir="ltr">It's now live, pushed to users! Mentioned in this blog post:<div><a href="http://blog.peerio.com/post/112534441334/the-new-peerio-simpler-more-secure" target="_blank">http://blog.peerio.com/post/112534441334/the-new-peerio-simpler-more-secure</a><br></div><div><br></div><div>Thanks, everyone, for this great discussion. You've all contributed to improving Peerio. :-)</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 2, 2015 at 8:27 PM, Trevor Perrin <span dir="ltr"><<a href="mailto:trevp@trevp.net" target="_blank">trevp@trevp.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Mon, Mar 2, 2015 at 1:04 AM, Nadim Kobeissi <<a href="mailto:nadim@nadim.computer" target="_blank">nadim@nadim.computer</a>> wrote:<br>
><br>
> We have decided to forego with user-chosen passphrases entirely, and to<br>
> stick uniquely to the miniLock model of having a CSPRNG pick a high-entropy<br>
> (112-bit) passphrase for users.<br>
<br>
</span>Cool, sounds like a good improvement.<br>
<span><font color="#888888"><br>
Trevor<br>
</font></span></blockquote></div><br></div></div></div><span>
_______________________________________________<br>Messaging mailing list<br><a href="mailto:Messaging@moderncrypto.org" target="_blank">Messaging@moderncrypto.org</a><br><a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br></span></blockquote></div><br></div></div><br>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org" target="_blank">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org" target="_blank">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div>Tony Arcieri<br></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div>