[messaging] Passphrase-based key mobility (was: Peerio)

Tony Arcieri bascule at gmail.com
Fri Mar 6 19:02:28 PST 2015


For what it's worth, here's the English wordlist I came up with for my
semi-vaporware project Confusion:

https://github.com/cryptosphere/confusion/blob/master/wordlists/en.txt

4096 words, chosen by frequency of usage (I forget what wordlist I used). I
did a few additional passes to clean it up. I forget the specifics.
Probably should've just scripted its generation ;)

In my UI, I just added a "refresh" button, so while the passwords are
generated by randomly combining words from data out of a CSPRNG, the user
can refresh if they don't like the particular combination they receive
until they find one that's nice and easy to communicate.



On Wed, Mar 4, 2015 at 6:44 AM, Steve Weis <steveweis at gmail.com> wrote:

> The word list is here:
>
> https://github.com/PeerioTechnologies/peerio-client/blob/master/src/chrome/js/miniLock/phrase.js#L41
>
> If my script to count the words is right, it has 32731 entries.
>
> If this phrase is supposed to be memorized, there are a lot of words in
> that list that share prefixes or pronunciation. The Mnemonicode wordlist
> has been curated to be prefix-free, have each word start with a unique
> 5-letters, and to avoid homonyms:
> https://github.com/singpolyma/mnemonicode
> https://github.com/mbrubeck/mnemonic.js
>
> Downside is Mnemonicode only has 1633 words, so your phrases will be 50%
> longer.
>
> On Mon, Mar 2, 2015 at 11:08 PM, Tao Effect <contact at taoeffect.com> wrote:
>
>> Cool! Great improvement. :)
>>
>> Sorry if this was mentioned somewhere already (I searched but can't find
>> it): how big is the dictionary that you're using?
>>
>> Meaning, how many words are you picking from for each word?
>>
>> Cheers,
>> Greg
>>
>> --
>> Please do not email me anything that you are not comfortable also sharing with
>> the NSA.
>>
>> On Mar 2, 2015, at 12:30 PM, Nadim Kobeissi <nadim at nadim.computer> wrote:
>>
>> It's now live, pushed to users! Mentioned in this blog post:
>>
>> http://blog.peerio.com/post/112534441334/the-new-peerio-simpler-more-secure
>>
>> Thanks, everyone, for this great discussion. You've all contributed to
>> improving Peerio. :-)
>>
>> On Mon, Mar 2, 2015 at 8:27 PM, Trevor Perrin <trevp at trevp.net> wrote:
>>
>>> On Mon, Mar 2, 2015 at 1:04 AM, Nadim Kobeissi <nadim at nadim.computer>
>>> wrote:
>>> >
>>> > We have decided to forego with user-chosen passphrases entirely, and to
>>> > stick uniquely to the miniLock model of having a CSPRNG pick a
>>> high-entropy
>>> > (112-bit) passphrase for users.
>>>
>>> Cool, sounds like a good improvement.
>>>
>>> Trevor
>>>
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>


-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150306/cc3a9b1d/attachment.html>


More information about the Messaging mailing list