Passphrase generator using German word list and Python’s "secrets.choice()" to select from the list. Are those strong passphrases?
There are a numerous passprase generators out there, but all (I have found) use English words to build the passphrase. I'd rather use German words, so I wrote a generator in Python that selects words from a large list of German words. I wonder if these passphrases can be considered strong (enough).
The word list is based on the dictonary found here https://sourceforge.net/projects/germandict/. It is described to be A free word list of contemporary German, for spell-checking and other purposes, and it contains "over 2 million entries (including inflected forms)". The list starts with:
Aachen
Aachener
Aachenerin
Aachenerinnen
Aachenern
Aacheners
Aachenfahrt
Aachenfahrten
Aachenreise
Aachenreisen
Aachens
Aadorf
Aadorfs
Aal
aalaehnlich
aalaehnliche
aalaehnlichem
aalaehnlichen
aalaehnlicher
aalaehnliches
The list is sorted alphabetically. In the original list, the words contain Umlauts (ä, ö, ü, etc.), which I replaced with the corresponding two-character string (ae, oe, ue, etc.).
The code loads the complete 2+ million lines into memory, then selects words using Python's secrets.choice()
function to randomly select a number of words from the list to build a passhrase.
The Python doc describes the secrets
module as "The secrets module is used for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets." (see https://docs.python.org/3/library/secrets.html. The secrets.choice(sequence)
function does "Return a randomly chosen element from a non-empty sequence."
Before generating a passphrase, the code asks the user for the number of words it shall be composed of, and also the minimum and maximum length of the words. It uses secrets.choice(sequence)
repeatedly, until the number of words in the desired length are found. The words are then concatenated with a dash ("-
") to form the passphrase. (I did not include the complete code, since this is not a coding forum. Will do so, if requested)
Is this process appropriate to generate strong passhprases?