Abbrase – Abbreviated Passphrase Password Generator


Abbrase is an abbreviated passphrase password generator. An ‘abbrase’ is one of the passwords it produces. It generates a password and a phrase like “phyeigdolrejutt” and “physical eight dollars rejected utterly”.

Abbrase - Abbreviated Passphrase Password Generator

Creating secure passwords is easy. Remembering them is hard. Pwgen makes them memorable though pronounceability. XKCD suggests using a series of random common words, but memorising series of unrelated words can be difficult, and typing long phrases can be tedious.

Abbrase is an experiment in generating probable phrases using Markov chains and abbreviating each word to the first few letters. This strikes a balance between excessive password length and excessive mnemonic length. Passwords generated by Abbrase are as secure as a number with the same length. “122079103” and “toldulbal” (tolerably dull ball) are equally hard to attack.


Theory

Language is the most information-dense thing people memorise. Brains don’t operate on bits.

Pi recitation record-holders don’t have thousands of digits in their minds. They map clusters of digits to far more mentally palatable words, memorising a long story instead of a sequence of digits.

Memorising a grammatically sensible sentence fragment is easier than a sequence of randomly chosen words.

Picking a favourite phrase from the ones generated by Abbrase could make them very slightly easier to attack. A sophisticated attacker could check passwords that are likely to be picked before others. If the attacker can perfectly model which passwords you would prefer, this reduces the security of your password in a proportional amount to the number of passwords you selected it from — if you picked from 32 passwords generated by Abbrase, it makes your password 32x easier to attack (5 bits of security lost).

You can download Abbrase via Github here:

Or read more here.

Posted in: Password Cracking, Security Software

,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


2 Responses to Abbrase – Abbreviated Passphrase Password Generator

  1. firuz February 8, 2017 at 12:08 am #

    “122079103” and “toldulbal” (tolerably dull ball) are equally hard to attack.
    Don’t 9 digit only number passwords have much lower entrophy and easier to come accross to in dictionaries???

    • Darknet February 8, 2017 at 9:08 pm #

      In theory yah, but a dictionary attack would rarely do just numbers or just letters, they’d go through all [0-9,a-z, A-Z] all at once usually. So in practical sense there’s no real difference.