swipe to navigate

What about passphrases?

Some security practitioners recommend the use of passphrases instead of passwords. Technologically, pass-phrases are not much different than passwords -- they are simply longer and in exchange for that, drop the requirement for mixed-case letters, punctuation marks, digits, etc.

The underlying idea of passphrases is for users to type a sentence instead of a string of apparently random characters. The argument is that this is easier to remember, not much harder to type and more secure (due to length), despite users being allowed to only use characters from a small set (say 26 letters plus space).

Passphrases are described at https://en.wikipedia.org/wiki/Passphrase.

The cryptographic strength of passphrases is discussed in some depth at https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc512609(v=technet.10).

When considering the strength of a passphrase, it is important to realize that it is humans who will choose them, not random number generators. Humans will typically:

  1. Type words in all lowercase.
  2. Choose words from a small vocabulary (say 20,000 words).
  3. Compose short sentences of 4-5 words.
  4. Compose sentences that are sensible (grammatically correct) rather than random.

The 100 most popular words account for about 50% of normal English text, so the real entropy of a 5-word sentence is something like 100 x 100 x 1400 x 20000 x 20000 = 5.6 x 1015.

That looks great, but it doesn't take into account grammar, which makes some word pairs much more likely than others. This means that the upper bound on the likely number of combinations of 5 word sentences is much lower -- more like: 100 x 500 x 100 x 500 x 20000 = 50 trillion.

The effect of grammar on passphrase complexity is discussed at:


Another way to estimate the security of passphrases is to estimate how many bits of entropy there are per letter in English. Linguists estimate about 1.75 bits per letter -- if it were higher, English would be too hard for us to learn. If the average word is 5 letters long, then a 5-word sentence has an entropy of 21.75 x 25 or about 17 trillion.

In contrast, consider an 8 character password, with mixed case, digits and 3 possible punctuation marks. Assume it's really random -- password choice is subject to policy enforcement which prevents the use of dictionary words, etc. Such passwords should have an entropy of about (26+26+10+3)8 or 3.2 * 1014.

This analysis shows that passphrases -- as chosen by real-world users, as opposed to more sophisticated security people (who might add mixed case, digits, punctuation marks, etc.) -- are actually likely to be less secure than passwords!


Comment via LinkedIn