ykankaya / abbrase Goto Github PK

#Abbrase#

Abbrase is an abbreviated passphrase generator. An abbrase is one of the passwords it produces. It generates a password and a phrase like "phyeigdolrejutt" and "physical eight dollars rejected utterly".

Try the web version.

Creating secure passwords is easy. Remembering them is hard. Pwgen makes them memorable though prounouncability. XKCD suggests using a series of random common words, but memorizing series of unrelated words can be difficult, and typing long phrases can be tedious.

Abbrase is an experiment in generating probable phrases using markov chains, and abbreviating each word to the first few letters. This strikes a balance between excessive password length and excessive mnemonic length. Passwords generated by Abbrase are as secure as a number with the same length. "122079103" and "toldulbal" (tolerably dull ball) are equally hard to attack.

The wordlist and bigram graph are generated with data from Google NGrams dataset, used under the Creative Commons Attribution 3.0 Unported License.

##Theory##

Language is the most information-dense thing people memorize. Brains don't operate on bits.

Pi recitation record-holders don't have thousands of digits in their minds. They map clusters of digits to far more mentally palatable words, memorizing a long story instead of a sequence of digits.

Memorizing a grammatically-sensible sentence fragment is easier than a sequence of randomly chosen words.

Picking a favorite phrase from the ones generated by Abbrase could make them very slightly easier to attack. A sophisticated attacker could check passwords that are likely to be picked before others. If the attacker can perfectly model which passwords you would prefer, this reduces the security of your password in a proportioanl amount to the number of passwords you selected it from -- if you picked from 32 passwords generated by abbrase, it makes your password 32x easier to attack (5 bits of security lost).

##Building##

git clone https://github.com/rmmh/abbrase.git
cd abbrase
make
./abbrase

The abbrase executable can optionally be supplied with length (a number), count (a number), and hook (a word).

##FAQ##

Q: Isn't using a phrase more secure than abbreviating it?

A: Not at all for phrases Abbrase generates. Displayed phrases are generated deterministically from the password, so they have no added security. Otherwise yes, 4 words have more security than 4 abbreviated words, but they're less convenient to type, and the added characters aren't as valuable as the first few characters.

##Sample output##

(don't actually use any of these passwords!)

Generating 32 passwords with 50 bits of entropy
Password           Phrase
---------------    --------------------
fibpsygotetemol    fibres psychology got eternal molecules
crohismacwrosiz    cross his machine wrong size
haswrigooalsarm    has written good also army
livfoctelduerow    living focus telescope due row
achtexmeaimiela    achieved text means imitation elaborate
poiatmengdocpea    point atmospheric engine doctor pearson
phosinwayladpha    photographs since way laden phagocytes
henraptopsawgif    henry rapidly top saw gifford
sednaravameaago    sed narrative available means agony
roomecgammedgoo    room mechanical game medical good
iniglouncmomkey    initial gloomy uncomfortable moment key
taswirhalpetgue    task wire hall peter guessed
nutdauliemesaba    nutrition daughter lie messenians abandoned
vanashairnumedi    van ashamed air number edited
groiniyarcampec    group initial yards came peculiarly
putmetvilburbor    put methodist village burnt borax
iniporadaneradh    initial portion adapted nerves adhere
liqpriproreapeo    liquid principle process reason people
nodnotmanpetedi    nodded not man peters edition
negfaslawelsbec    negative fashion law else because
nosyesroosoiask    nose yes room soissons asked
somextdiestumea    some extent die study means
vietumunrenapop    view tumultuous unrest enable popular
phyeigdolrejutt    physical eight dollars rejected utterly
somtoptexguibri    some top text guides bring
beyhabtoldulbal    beyond habit tolerably dull ball
timsirskyeldske    time sir sky elder sketch
bigownupoavolak    big own upon avon lake
phinowdirunalac    philosophy now direction unavoidable lack
darexppotegggat    dark experience potential eggs gathered
floalibadwhyour    flow alike bad why our
darmanfirpopnoi    dark man first popular noise