undefined | Better HN

0 pointsScaevolus11y ago0 comments

You could use the phrase if you liked, but each word is only 10 bits of entropy.

One nice thing about having a mnemonic for the password is that you don't have to remember the words precisely -- you can modify the mnemonic to suit your tastes as long as the prefix remains. I originally wrote it to generate passwords that I have to enter frequently (e.g. sudo), so being short was a goal.

I'm working on making actual passphrases with more entropy per word.

0 comments

1 comments · 1 top-level

x1798DE11y ago

Yeah, I assume that you can just have a non-deterministic expansion which will add some entropy per word to increase the entropy of the passphrase over the abbreviated version, but my point was just that even if there's no increase in security by using the full passphrase, counter-intuitively, using the full phrase would likely be more convenient for me (and probably for many others).

j / k navigate · click thread line to collapse