The word “set” in my dictionary has a definition spanning an entire page. Most other pages have between 20 and 50 words on them. This implies that the word “set” will be chosen about 1 in 1000 times, giving only 10 bits of entropy, whereas choosing completely at random, each word would have about a 1 in 50,000 chance of being chosen, giving about 15 bits of entropy.
In practice, picking 5 random pages of a 1000 page dictionary, then picking your favorite word on each page would still give 50 bits of entropy, which beats the correcthorsebatterystaple standard, and probably a more memorable passphrase.
Take a 100 page book, get 100 random numbers from that, then do an analysis of the numbers.
First of all, how do you decide right page/left? Likely by generating randomity in your head, which may not be so good. First few pages and last few are unlikely. Probably other things also. For one, words with longer definitions are more likely depending on the exact method.
I don’t think using a computer is a very secure solution once your going to that level anyway. Try using dice.
It’s well known in the security industry / compsci that humans are are very bad at generating, and recognizing, random numbers. I can’t recall if there’s a name for this bias; there’s the clustering illusion but that’s about recognizing random numbers, not trying to generate them.
This paper tries to analyze why this is hard for humans to do.
How is a computer more random than flipping pages?
The word “set” in my dictionary has a definition spanning an entire page. Most other pages have between 20 and 50 words on them. This implies that the word “set” will be chosen about 1 in 1000 times, giving only 10 bits of entropy, whereas choosing completely at random, each word would have about a 1 in 50,000 chance of being chosen, giving about 15 bits of entropy.
In practice, picking 5 random pages of a 1000 page dictionary, then picking your favorite word on each page would still give 50 bits of entropy, which beats the correcthorsebatterystaple standard, and probably a more memorable passphrase.
Take a 100 page book, get 100 random numbers from that, then do an analysis of the numbers.
First of all, how do you decide right page/left? Likely by generating randomity in your head, which may not be so good. First few pages and last few are unlikely. Probably other things also. For one, words with longer definitions are more likely depending on the exact method.
I don’t think using a computer is a very secure solution once your going to that level anyway. Try using dice.
It’s well known in the security industry / compsci that humans are are very bad at generating, and recognizing, random numbers. I can’t recall if there’s a name for this bias; there’s the clustering illusion but that’s about recognizing random numbers, not trying to generate them.
This paper tries to analyze why this is hard for humans to do.