adam/passgen
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
passgen/wordlist.credit
ADAM David Alan Martin cbc4b52526 Initial commit of a word-based password generator. 
The diceware algorithm is a password generation algorithm
where users roll dice several times (around 7) to generate
a random number.  This random number is then used to index into
a word list and select a word.  This process is repeated until
between 3 and 12 words are selected.  With dozens to hundreds of
dice rolls, this can get very tedious.

The passgen program performs this work in C++.  It uses the /dev/urandom
device on all modern UNIX systems to get randomness.  This randomness
is used to index into a word list.  It uses 18 bits of randomness per
word.  The word list is more than 262144 words long and thus is suitable
for this use.

Before running a random sample of the words are discarded from the list.
The list is also randomly reshuffled before beginning the process to
ensure that a random selection of words are removed.  The reshuffling
also means that the same stream of bits from /dev/urandom will not
generate the same password.  It will, however, be slightly dependent
upon the randomness in the pre-shuffle.  This randomness does not
improve the security of those passwords.

Words smaller than 4 letters are also removed.  18 bits requires
3 bytes to store cleanly, and more than 3 bytes in base32 (which is
kind of like what we're generating these passwords in).  Thus
those shorter words represent a compression -- this lowers the
minimum number of bytes necessary to encode the password and reduces
the search surface slightly.  (The worst case would be 4 words having
two letters -- 8 bytes, at 5 bits per byte is 40 bits of search
space.  4 words at 18 bits per word is 72 bits of search space.
You lose 32 bits of total search space there, alone!)

(Note: This is a commit of the latest passgen, but using sha256 object store.)
2025-12-27 15:24:38 -05:00

9 lines
373 B
Plaintext
Raw Permalink Blame History

The file `dictionary` used by `passgen` is a slightly modified form of the wordlist found at:
https://www.wordgamedictionary.com/sowpods/download/sowpods.txt
The same exact list of words can be found in the following git repository under the MIT license:
https://github.com/jesstess/Scrabble
Thus I conclude it is safe to include this list in a BSD licensed repository.
Reference in New Issue View Git Blame Copy Permalink