Readable Passphrase Generator

The Readable Passphrase Generator generates passphrases which are (mostly) grammatically correct but nonsensical. These are easy to remember (for humans) but difficult to guess (for humans and computers).

Developed in C# with a KeePass plugin, console app and public API. Runs wherever the .NET Framework, .NET Core or Mono are available.

---

See MakeMeAPassword to generate readable passphrases online (without KeePass). Or Steven Zeck's Javascript port (runs entirely in your browser).

Click here for step-by-step instructions to install the KeePass plugin.

Download KeePass plugin or console app

Developers can install from NuGet (and see the API)

Use Scoop to install (from scoop-extras):

PS> scoop install keepass
PS> scoop install keepass-plugin-readable-passphrase

---

If you like the Readable Passphrase Generator you can donate to support development, or just say thanks.

Recent Changes

• Version 1.4.2
  • Fix console app --nongrammar option throws exception (issue 24)
  • NuGet and KeePass plugins updated for consistency.
• Version 1.4.1
  • Mini update for NuGet packages only; no changes to binaries.
  • PGP keys and signatures now published on id.ligos.net.
• Version 1.4.0
  • 18,505 words in the default dictionary (~1,000 more than 1.3.0)
  • Support .NET Framework 4.5.2, .NET 6.0, .NET 8.0.
• Version 1.3.0
  • 17,548 words in the default dictionary (~2,200 more than 1.2.0)
  • 1,455 fake words (from ThisWordDoesNotExist.com) with option to exclude fake words
  • Backend word scraper supporting ThisWordDoesNotExist.com and Dictionary.com. Thanks to drventure.
  • Add option to count length by words and letters.
  • Support .NET Framework 4.5.2, .NET Core 3.1, .NET 6.0.
• Version 1.2.1
  • Fix possible IndexOutOfRangeException with combination of Numeric and Custom mutators (GitHub issue 3)
  • Fix Numeric and Constant mutators not applied if Upper mutator is disabled (GitHub issue 2)
• Version 1.2.0
  • Add constant mutator to improve chances of meeting password requirements.
  • Fix issue with some custom phrase definitions (BitBucket issue 15)
  • 15,346 words in the default dictionary (~300 more than 1.0.0)
  • Add support for .NET Core 3.1.
  • Migration from BitBucket to GitHub.
  • Add support for C# 8 nullable reference types (for developers).

User Documentation

• Step By Step Instructions for Installing KeePass Plugin
• Generate Readable Passphrases Online Without KeePass
• KeePass Plugin Details
• Generate Readable Passphrases By Default in KeePass
• Complying with Complexity Rules (Mutators)
• How to Use the Console App
• What Passphrase Should I Use?
• Combination Counting
• Running Under Linux
• Dictionary Totals
• Academic Papers on Passphrases
• Version 0.17 Fix for Non-Random Passphrases
• Donate
• Verify Downloads (PGP and KeyBase signatures + file hashes)
• Contact Murray

Programmer Documentation

• Public API
• Make Your Own Dictionary
• Pluggable Dictionary Loader
• Custom Phrase Description

License

Readable Passphrase Generator is licensed under the Apache License, copyright Murray Grant.

It may be used freely under the terms of the above license.

Summary: it may be used in any project (commercial or otherwise) as long as you attribute copyright to me somewhere and indicate its licensed under the Apache License.

Why use it?

Because you can make passphrases which are as strong as traditional "strong" passwords (8 letters long, upper, lower, numbers, etc) which you can memorise in 5 minutes instead of 5 days. (And its fun to read the phrases it generates!)

Use this passphrase to protect:

• Your KeePass, 1Password, LastPass or favourite password manager database.
• You computer login at home or work.
• Your eBay, Facebook, Google, OpenID or other high value account.
• Your Internet banking account.

Some examples passphrases:

• a wound rebuffs an incline
• the statesman will burgle amidst lucid sunlamps
• plaid foresails repel ashamedly upon the birdbath
• 234 readers affably build the untouched athlete
• Sydney reasoned "an edible sleeve fumbles the argumentative float"

Why Bother At All?

(Warning: geek stuff follows)

Because XKCD wrote a cool comic about password strength! And when Jeff Atwood and Ars Technica kick up a stink, well you listen.

More seriously, we're told the best password is at least 8 characters 12 characters long, contains upper and lower case letters, numbers and punctuation symbols. Unfortunately, this makes the "best" password something which looks like gibberish and is, frankly, quite hard for ordinary people to remember.

Perhaps something like: 3h4o.%\vJACj

I used to generate 12-16 character passwords like this and memorise them. It would commonly take up to two weeks of typing them in multiple times per day. All told, I've memorised perhaps 10 of these in my life. They get used for my KeePass database, Windows logons (at work and home) and Truecrypt volume, but nothing else because I can't afford to memorise any more (lest I memorise a password and my address falls out of my brain!).

That is all too hard!

So we resort to taking a some word from the dictionary, capitalise a few letters, turn an o into a 0 and stick some punctuation at the end: like our friend Tr0ubador&3. Only problem is, while that is easy to remember (well, easier according to XKCD), its also trivially easy for a computer to guess.

I memorised the statesman will burgle amidst lucid sunlamps after typing it twice. And, even if some evil hacker knows my dictionary (which it will, because its included with this project), that passphrase is still equivalent to an 11 letter password with upper, lower, numbers and symbols (using the 13k word dictionary from version 0.13).

Much, much easier, I think. (So does my wife!)