@TheKoala73 - eviltoast
  • 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 24th, 2023

help-circle

  • afaik it’s not uncommon for software to generate mnemonic passcodes at least that long. Brave browser uses a 25 word phrase for its sync chain, e.g. But I guess you’re right: if I had to think of a mnemonic passcode, I probably wouldn’t use more than 4 or 5 words either…

    If I did the maths right, you would need a mnemonic passcode of 9 words out of our dictionary of 5000 words to be at least as strong as our password with 18 characters out of 60 possible unique characters. (It’s closer to 8.6 words, but we obviously can’t allow fractions of words…)

    Using our 5000 words dictionary, a 4-word mnemonic passcode would be equivalent to a password with between 8-9 characters and a 5-word mnemonic passcode would be equivalent to a password with between 10-11 characters.

    As far as I know, the character used to separate the words/symbols is irrelevant, so whether you use “word-word-word” or “word word word” or “word.word,word” would be the same. Also, if you slightly modify a word (e.g. by replacing al letter with a digit), that shouldn’t make a difference. Correct me if I’m wrong. What I don’t know is what happens if you add a number as an extra symbol.

    I also did some calculations using English words as dictionary (although the number of English words is quite difficult to determine because it makes a huge difference what dictionary you use). To get a rough estimate of the numbers I have tried to stick to the rule that a word should be in the official Scrabble dictionary for my web search. These are the rough numbers I found: 1000 3-letter words, 4000 4-letter words, 15000 5-letter words, 23000 6-letter words, 35000 7-letter words and 42000 8-letter words. That would give us a dictionary of about 20000 English words with up to 5 letters and about 120000 English words with up to 8 letters.

    Based on that, the mnemonic passcode would have to have 8 words (out of the 20000) and 7 words (out of the 120000) to be at least as strong as our 18 character password. Or, based on the 120000 English words with up to 8 letters, a 4-word passcode would be equivalent to a password with 11-12 characters and a 5-word passcode would be equivalent to a password with 14-15 characters.

    Edit: spelling