$ shuf /usr/share/dict/words | head -4 | tr '\n' ' '; echo
blotches rarity's unwieldier disarrange
If I got the math right, I believe we have here an easy MEMORABLE passphrase generator that should be relatively secure even against a distributed botnet password crack attack. Specifically, the password should resist a 1K botnet attack for 39 years, or a 1M botnet attack for 14 days.
Note that this is more secure than, say, a passphrase based on a lyric from a favorite song or some snip of text from a blog post, because the passphrase here is random.
Still a lot more memorable than a string of gobbledygook text.
Source / Explanation from my bashrc file:
thartman@pampasgrass:~/shellenv/shared>type thartman_password_gen
thartman_password_gen is a function
thartman_password_gen ()
{
echo ' comic explaining password strength in an intuitive way: http://xkcd.com/936
wc -l /usr/dict/words => ~ 100k
log 2 100k => ~ 16
echo 16 * 4 -> 64
distributed password cracking with a botnet: http://www.turnkeylinux.org/blog/tklbam-backup-passphrase
echo search 42 bits with 1000 computers => ~ 5 minutes
echo 64 - 42 => 22
echo search 64 bits with 1k botnet => (2^22 * 5) / (60*24 * 365) => ~ 39 years
secure password: ';
shuf /usr/share/dict/words | head -4 | tr '\n' ' '; echo
}
