0

I loathe passwords with completely random letters and digits. It's so much nicer to have a password made up of proper words. Even if the total length is much longer, it's easier to memorize, transcribe, etc.

So I thought of this password generation scheme:

result = ""

while (result.length < 12)
  result += randomWord()

if (result.length < 16)
  result += shortRandomWord()

result += randomInteger(1000, 9999)

In this example, assume that randomWord() returns an English dictionary word of length 4 to 10, and shortRandomWord() returns one of length 4 to 5. This is sure to give you a password of length 16 to 21, made up of 2 to 5 words, plus the 4 random integers.

Is this a good password generator? How does its entropy compare to a function that generates a password of length 8 with random letters and digits?

TaylanKammer
  • 101
  • 2
  • 2
    Does this answer your question? [Is randomly generating passwords from an assortment of dictionary words cryptographically secure?](https://security.stackexchange.com/questions/151165), [XKCD #936: Short complex password, or long dictionary passphrase?](https://security.stackexchange.com/questions/6095/). – Steffen Ullrich Dec 22 '19 at 18:26
  • you just described the program "[diceware](http://world.std.com/~reinhold/diceware.html)" – schroeder Dec 22 '19 at 18:50
  • Completely random passwords are not meant to be memorised. They are meant to be long, machine-generated, and supplied by a password manager when you need them and not memorised and entered by hand. – schroeder Dec 22 '19 at 18:52

0 Answers0