Thursday 9 February 2017

Correct Horse Battery Staple: The Book


XKCD 936, the comic that introduced the phrase, ‘correct horse battery staple’ into both the lexicon and password dictionaries, is the best way to generate a password. Your passwords should be random phrases of random words, hopefully with a few random numbers or symbols sprinkled about. It’s the most entropy you can get that’s also easy to remember.

However, generating your own ‘correct horse’ password is generally a bad idea. Humans are terrible at coming up with random bits of information. Thankfully, the EFF has come up with a wordlist containing 7,776 random words (65, or five rolls of a six-sided die.) ready for the next time you reset a password.

[m145mcc] thought the EFF’s word list should be a book, so he made it a book. With the clever application of a laser printer, glue, thread, and some card stock, [m145mcc] has a handy password generator that fits in his pocket. All that’s needed to build a password is a single die, a pen, and some patience.

The EFF’s random passphrase list is based off [Arnold Reinhold]’s Diceware list from 1995, but has a few changes to make the list easier to use and more palatable for the audience they’re going for. Most significantly, vulgar words were removed from the Diceware list, as the netsec crowd doesn’t swear as a rule. Additionally, numbers were removed, along with rare and unusual words. The passwords generated by the EFF’s list are longer, but they are arguably more memorable.

Despite the idea of a random dice-based password list being around for two decades, there are few if any examples of this list in dead tree format. The idea of a bound version of this list is a great idea, and we’re glad [m145mcc] could bring it to the table.



Read the full article here by Hack a Day

No comments: