Consider using one of the EFF's short wordlists

[garrettr]

Thanks to #1452, the next release of SecureDrop will use the EFF's new "long" wordlist instead of the current "SecureDrop wordlist", which is just the original Diceware wordlist modified to remove words with punctuation and some vulgar words. At the end of the EFF's blog post announcing their new Diceware wordlists, there is a nice analysis of the usability/security tradeoffs for the different lists that they generated:

Different lists might be preferable in different situations, and that's perfectly fine. For example, you might consider using one of the short lists when you are prioritizing ease of remembering, or when you know that the highest level of passphrase strength is not necessary. This might cover a website login that offers additional protections, like two-factor authentication, and that rate-limits guesses to protect against brute force.

If you are typing the passphrase frequently (as opposed to using a passphrase database), you might prioritize reducing the length of the words. Our long list has an average length of 7.0 characters per word, and 12.9 bits of entropy per word, yielding an efficiency of 1.8 bits of entropy per character. Our short list has an average length of 4.5 characters per word, and 10.3 bits of entropy per word, yielding 2.3 bits of entropy per character.

"Typing the passphrase frequently (as opposed to using a passphrase database)" is a good description of the situation that sources find themselves in if they follow our best practices for managing their secret passphrase (as discussed in #1136). We should consider comparing the usability of passphrases generated from either the "long" or the "short 1" wordlist within this context.

Long wordlist

• Minimum length: 6 words
• Entropy: 77 bits

10 examples:

sandstorm atonable scuff unwitting estimator lunacy
unlaced fetal spoilage nickname unwrapped trekker
gigolo mortuary fragment entrap regulator fax
appease scabby zesty crumpled cage upstream
curliness doodle botch tightrope monsoon scowling
roundup untouched possible favoring slogan penniless
shelving livestock flashily playgroup outpost elevate
unthread revered monetize snitch robotics unscathed
mortified morbidly approval luminous affix delirious
blazer autopilot neon encore crescent endanger

Short wordlist

Note that passphrases generated from the short wordlist have to have a longer minimum length in order to maintain the current security level achieved by passphrases generated from the long wordlist.

• Minimum length: 8 words
• Entropy: 82 bits

10 examples:

busy motor brook crop award wagon alike stout
debit skies bolt yield pork crate dean baton
mulch dude scary bring gills class gown quill
decor shrug brick sepia kept panda mule doing
dress crowd lent cash rug rigid comma musky
trace snuff hut buck said fruit scam coma
half ditzy buggy rebel kick rock crook quack
puppy bud yodel coral affix city tweak exit
glad flint eel slab icon oat dwarf coach
oasis poppy rover elk owl awake donor chop

[psivesely]

The short list seems to contain fewer words that may be considered difficult to spell or that users, especially non-native English speakers, may not be familiar with and would find harder to remember. Combined with the shorter codename length on average for the same entropy requirement, I would say I'm in favor of this change.