Bash project for Linux.
Generate a set of pseudo-random words.
- The user is prompted for the number of words required.
- Words are obtained by using a random value sourced from
/dev/urandom
- The entropy of the pseudo-random words is computed
- Results are output on stdout.
The index value used to select a word from the wordlist pseudo-randomly is computed by taking the remainder of the random number modulo the size of the keyspace (i.e. the number of words selected from).
This will introduce a bias if the maximum random number + 1 (mod keyspace) is not congruent to zero.
We correct for this by calculating the maximum random value that fulfills these requirements, and discarding any random numbers that exceed this.
Once we have a random number free from modulo bias, this is used to index a line number in the wordlist.
This project is for Ubuntu, which ships with a wordlist file /usr/share/dict/cracklib-small
.
I have ignored all lines in this file that do not contain characters [A-Za-z]
in order to discount words with apostrophes and numbers. This still provides 49138 words.
When calculating the entropy of a password or passphrase, entropy is defined as log₂ of the number of characters/words that the password has been randomly selected from to the power of the password/passphrase length.
For a 24 word selection, this provides an entropy of 374:
⌊log₂(4913824)⌋ = 374
For a 12 word passphrase, entropy is 187.
I suspect this level of entropy is massive overkill.