XKCD #936 uses a limited subset of the English language, only 2000 words. I just

Question

XKCD #936 uses a limited subset of the English language, only 2000 words. I just looked it up, and the English language has over a million words, a sizeable subset of those having special characters, numbers and punctuation.

1,000,000 is about 2^20, so 4 random words from that set would have 80 bits of entropy, maybe a bit less. If we want, we can even remove part of the dictionary so we don't have to deal with monstrous words like antidisestablishmentarianism which would break many password inputs.

Would this be a reasonable way of improving on the entropy? Or am I missing a vital point?

Explanation / Answer

You'll "break" many password inputs anyways, since the password scheme won't include numbers or special characters that many sites require, and will likely already be longer than the maximum if the site has a maximum password length allowed.

The real solution isn't to use some trick to memorize a highly entropic password (although if that's what you really want to do, Diceware is the way to go). The real solution is to use password management software that'll remember truly random, unique passwords for each different site you visit. If you're reusing passwords across sites, high entropy isn't going to do you any good when one of those sites is storing your password in plaintext and they get compromised: your accounts on other sites will get compromised too, right alongside everyone who uses letmein for all their accounts.

Related Questions

Navigate

• Browse (All)
• Browse X
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.