wordpass

Wordpass: Dictionary-based Password Generator

Passwords are the simple basic protection mechanism for your data, and account access. Since it is essentially the primary and foremost of the access control mechanisms, a potential hacker or intruder will first try to crack your password before anything else. Many of us are yet to realize the importance of strong and unbreakable passwords. There are many reasons for this and the prominent one is that we always prefer to remember our passwords rather than writing it down somewhere and access when needed. So we make passwords that are easy to remember and guess for us, but unfortunately that makes the hacker’s job much easier. A password that is easy to remember may be easier to decipher for the hacker. He may try with common words and combinations that people usually use as passwords, and most often gets a match. The solution is to use passwords that are strong and unbreakable, because they are random and unpredictable. WordPass, a program that uses language dictionaries to generate strong passwords, is a reliable mechanism for building strong passwords. Basically it is a dictionary-based random password generator that uses information entropy, which is a measure for the quality and randomness of the password. The passwords generated by WordPass are not meaningless words or strings stuffed with special characters and numbers. Instead it provides us with a number of easy to remember passwords that are generated using entropy based random password generator. We can select one as our password and it will be a completely random word with upper case, lower case letters and numbers and also one that is easy to remember. The advantage behind this approach is that we ourselves build our password and nobody else has any role in it.

How it Works

A good, non-breakable password is a random word with numbers, special characters, lowercase and uppercase letters intermingled and at the same time represent a meaningful dictionary word. Such a word will be easy to remember and use and WordPass is designed to produce such strong passwords. The strength and quality of WordPass passwords are determined by their entropy and the number of bits in the entropy is the measurement of their randomness and strength. ‘n’ bits of entropy means 2n password combinations and we can generate that much random passwords. Deriving from the rules of entropy, using just four words from default English dictionary of 50k words will give approximately 90 bits of entropy and thus 290 combinations are available. WordPass first reads specified number of words from the provided dictionaries, outputs number of words read and then estimates and tells the password strength in bits of entropy. Then it produces a sequence of words-based passwords that has the specified amount of entropy. We can select a suitable password from this list that contains strong passwords comprised of letters, numbers, lower case and upper case characters.

The Wordpass Project

The Wordpass project Git is maintained at Github and project is hosted at Haskell.

Haskell project page: http://hackage.haskell.org/package/wordpass

Github project page: https://github.com/mgajda/wordpass

Why do we have to use passwords in the 21st century?

Having a strong password is essential to protect your security and identity. Not only does it keep your traffic secure from hackers, but it also safeguards your privacy. That’s why passwords should be generated carefully. Using passwords is the simplest technique to protect personal or company information from being shared with another party.

The idea of a password is to prevent unauthorized users from accessing secured data. Yet, how do hackers still manage to get access? The answer is simple. If the password is not difficult enough; then it is prone to be hacked or guessed. Cracklib database contains thousands of commonly used passwords that consist of a single word. That is too easy to guess. This would let intruders to effortlessly gain access to sensitive information. Thus, a password that is difficult to guess makes it excessively difficult for common hackers to decipher.

Moreover, passwords should be easy to remember because a hard-to-remember password will have to be written down. It should be difficult to read and guess by computers or other users. Following this approach, it will minimize the probability of hacking into your online or offline traffic.

Have you ever heard of WordPass program before? If no, this article is written especially for you. WordPass program, it is a dictionary-based password generator. The program uses information theoretic concepts. The first one is information entropy, which measures the quality of the password. The higher entropy, the harder is the password to guess. We measure entropy in the number of bits which indicates the amount of randomness. The number of password combinations is $2^bits$ so password with just 10 bits of entropy can have one of 1024 combinations. The idea behind such security is not to let anyone but yourself generate your most important passwords. WordPass uses random number generator to generate a number of easy-to-remember passwords, and you may choose one which suits you the best.

How does WordPass solve your security problem? How does the program work?

The program detects how many words have been read from the dictionary, and it indicates in turn the estimated size of password space in bits of entropy. We see a sample program run on the screenshot below:

Wordpass run

First, it reads options from the list of words available. Second, it reads the English dictionary. Afterwards, it tells how many words are in the set of English words it could fine. Then, it computes how many bits of entropy the generated password will have in reference to the English dictionary list of words. Finally, it makes numbered passwords that have so many bits of entropy. As a result, the password will be strongly generated containing letters, numbers, lowercase and uppercase characters. See code for yourself:

main = do Options {..} <- execParser parseOptions
          dictWords <- (V.fromList . Set.toList) <$> selectWordList optWordlist
          putStrLn  $ "Read " ++ show (V.length dictWords) ++ " words from dictionaries."
          putStr "Estimated password strength (bits): "
          print $ randomPasswordStrength dictWords optWords
          replicateM_ optCount $ do
            let rand = randomPassword dictWords optWords
            rv <- generate rand
            Text.putStrLn rv

What are you waiting for? Secure your data now. Start with WordPass program and generate a strong secure password.