[Suggestion] Modification to allow shorter wordlists like https://www.eff.org/files/2016/09/08/eff_short_wordlist_2_0.txt

[Wikinaut]

On EFF page https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases three EFF wordlists are published, and the short list https://www.eff.org/files/2016/09/08/eff_short_wordlist_2_0.txt offers some nice features, however this list contains only 1296 words

Finally, we're publishing one more short list [.txt] which with a few additional features making the words easy to type: Each word has a unique three-character prefix. This means that future software could auto-complete words in the passphrase after the user has typed the first three characters All words are at least an edit distance of 3 apart. This means that future software could correct any single typo in the user's passphrase (and in many cases more than one typo).

Please allow me to suggest a modification of niceware which would allow to make use of such a short wordlist.

[diracdeltas]

You might be interested in https://www.npmjs.com/package/diceware-wordlist-en-eff by @grempe

[Wikinaut]

@diracdeltas I do know. The problem with your software is, that (in my view) it requires some additional logic, when shorter than 2**16 wordlists are used.

[grempe]

Hi, just chiming in here. The package @diracdeltas referred to is just an EFF word list for the https://github.com/grempe/diceware-generator (that's my fork, there is an upstream repo). It currently supports only full size Diceware word lists (7776 words). The EFF wordlist linked is therefore the long EFF list.

That software does not currently support shorter lists and I don't have an immediate plan to add that support. While there are potential benefits to the shorter words (including the 3 char uniqueness) that make that list interesting, it also comes with security tradeoffs since you have to use more words to gain the same security level as diceware (which itself requires more words than Niceware). Also, the EFF short list is only in English and one of the nice features of the diceware-generator is easy support for lots of languages.

That being said, I really like the feature that @diracdeltas implemented to convert hex to a list of words (and vice-versa), so I may port her work over to the Diceware generator (along with other significant changes which are in progress and will land on my fork soon and will move upstream if the upstream maintainer @lgaticaq wants them),

[Wikinaut]

It's a kind of mapping current n niceware16 (one of 2^16 words) <=> m niceware10 words (one out of 2^10 words).

I also think, that a smaller list (with the mentioned properties!) can much easier be "translated" to other languages, I will help.

[grempe]

I also think, that a smaller list can much easier be "translated" to other languages,

Getting off-topic but I don't think you understand how the words in those lists were chosen. I don't believe those lists can be 'translated' and achieve the same goals (certainly not machine translated). To acheive the same goals new research would need to be done for each language supported to choose words that are:

• max 5 characters
• very memorable and distinct in that specific language
• each word with unique 3 letter prefix
• each word an edit distance of 3 apart

This is not a technology problem to solve, it is a linguistics problem, and represents the value that the EFF has offered in creating these lists.

[atoponce]

This passphrase generator provides the feature of deterministically converting your passphrase into a hexadecimal string and vice versa. This list is 16⁴ words long. The only shorter lists of value would be 16³ = 4,096, 16² = 256, and 16¹ = 16 words, which don't make sense.

This issue should be closed IMO, based on that design feature.