burdges
commented
9 years ago Another option I considered was using aspell dictionaries, which supports other languages, but that adds dependencies to the CLI. It's still probably a good idea.
Open burdges opened 9 years ago
burdges
commented
9 years ago Another option I considered was using aspell dictionaries, which supports other languages, but that adds dependencies to the CLI. It's still probably a good idea.
burdges
commented
9 years ago Actually the cleanest approach might be to use /usr/share/dict/words or /usr/dict/words if they exist. And generate an older hex password if they do not. So drop diceware all together. Any thoughts on those wordlists?
Diceware passwords are easier to remember and communicate. See https://github.com/holizz/diceware/ or https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
We could improve the entropy per character by removing numbers and symbols from the wordlist, and adding them as random delimiters instead. I went with dicewords as a first pass though.