Passphrases
The word passphrase is used deliberately throughout this series. A single word is never a good passphrase. A short string of random characters looks secure but is harder to remember and type than something genuinely strong. The goal is secrets that are both resistant to attack and actually usable in practice, and those two things are less in tension than the conventional wisdom suggests.
The three you actually need to remember
Most passphrases in this setup live in KeePassXC and never need to leave it. Your browser, mail client, and KWallet will handle credential entry on your behalf the vast majority of the time. That said, there are exactly three passphrases that need to live in your head rather than a database:
- Your KeePassXC database passphrase
- Your Kubuntu user login
- The passphrase for your encrypted storage (full disk encryption, encrypted USB drives, etc.)
Everything else can be as long and complicated as you like, because you will never need to type it from memory. Use the KeePassXC generator for those and do not give them a second thought.
Strong and memorable: Diceware
For the three passphrases that do need to live in your head, the best approach currently available is Diceware. The idea is simple: pick words at random from a large word list, string them together, and the result is both highly resistant to brute force and genuinely possible to remember.
A Diceware passphrase looks something like this:
timid bingle heath js duck
That looks unassuming. It is not. Five random words from the Diceware list gives you around 64 bits of entropy, which puts it comfortably out of reach of anything short of a serious government-level attack. Seven words gets you to 90 bits, which is effectively uncrackable with current technology.
The tool to generate these on Kubuntu is xkcdpass, which is available in the standard repositories:
sudo apt install xkcdpass
Run it without arguments and it will generate a passphrase. Run it with --numwords 7 for a seven-word passphrase for your highest-security uses.
When you generate a new passphrase for something critical, write it down and keep it with you. Every time you need it, try to recall it from memory before looking. Within a few days you will not need the note. After a week, burn it.
Strong and typeable: still Diceware
There is a second scenario where Diceware is the right choice even when memorability is not the goal: passphrases you might need to type on someone else’s device.
KeePassXC’s built-in generator produces things like:
qvkUj]jw?Ud_E&3 Y4/'H;-RYD)vb ?R
That is cryptographically excellent. It is also nearly impossible to read off a phone screen and type onto a keyboard without making errors. The l versus 1 problem. The 0 versus O problem. The question of how many spaces versus underscores you are looking at.
Diceware passphrases sidestep this entirely. Five random words are easy to read, easy to dictate to yourself, and easy to type even on an unfamiliar keyboard. For credentials you might realistically need to enter manually in a pinch, Diceware is the better choice even if you never intend to memorise them.
Credentials that fall into this category include your personal mail account accessed via webmail, cloud storage for quick downloads, your NAS user account for backup access, and your server administrator login. Also worth considering: the passphrase for your home wireless network, since you will end up typing that on phones, tablets, and other people’s devices more often than you expect.
How many words?
The table below is based on estimates of computing power available to well-resourced adversaries. The specifics will shift as hardware improves, but the general shape of it is stable enough to be useful for planning.
| Words | Entropy | Time to crack |
|---|---|---|
| 4 | 51.6 bits | Less than a day |
| 5 | 64.6 bits | Less than 6 months |
| 6 | 77.5 bits | ~3,500 years |
| 7 | 90.4 bits | ~27 million years |
| 8 | 103.0 bits | Effectively unlimited |
For practical purposes, the recommended word counts by use case are:
| Use | Level | Words |
|---|---|---|
| KeePassXC database | Highest | 7 |
| GPG private key | Highest | 7 |
| Administrator login | Highest | 7 |
| CA root key | Highest | 7 |
| CA intermediate key | High | 6 |
| Storage encryption | High | 6 |
| SSH private key | High | 6 |
| TLS client certificates | High | 6 |
| User login | Medium | 5 |
| Mail and IM accounts | Medium | 5 |
| Cloud storage | Medium | 5 |
| Wireless network | Moderate | 4 |
Higher is always better. These are minimums, not targets. If seven words feels as easy as six for a given use case, use seven.
A note on entropy
The comparison between timid bingle heath js duck and qvkUj]jw?Ud_E&3 Y4/'H;-RYD)vb ?R is not just illustrative. Both examples carry approximately 208 bits of entropy. The Diceware version is not a weaker choice dressed up to look friendlier. It is a genuinely equivalent choice that happens to be usable by a human being under pressure.
That is the point. Security that is too painful to use correctly gets used incorrectly. Diceware removes the friction without removing the protection.
A passphrase you actually use properly is always stronger than a theoretically superior one you work around.