I highly encourage people to use something like a favorite movie quote or a line from a book. Something like "Alas, poor Yorick! I knew him Horatio;" is both harder to crack and easier for a human to remember than something like "v3$bk:j".

You're essentially taking natural language, which is something humans are pretty adept at remembering, and turning it into a direct mnemonic for a more complicated passphrase.

The precomputed tables that make cracking WPA2 feasible have to not only target passwords, but password+SSID combinations as a result.

I think you're grossly overstating the relative weakness of a longer passphrase. The more obscure, the better, obviously, but the chances of any given quote or phrase of any length appearing in a precomputed table are relatively minimal.

More importantly, any variations in punctuation, capitalization, spacing, etc would make a precomputed table worthless while still making the passphrase far easier for a human to remember than a random string of 8 characters.

Alternatively, exact spacing, punctuation, etc. limits the human advantage of remembering phrases ("Wait, was that a capital A before the comma? Do you use two spaces between the sentences?").

This is the exact reason I've had a hard time with long pass-phrases and often generate a unique string and rely on physical protection.

It's worth noting that if we stripped whitespaces (and possibly some other common "could go both ways" features), we may be able to encourage people to choose higher entropy passwords.

Then append a random character at the end.

The point is that any variation whatsoever from what's included in the precomputed table renders the table useless while being easier to remember than a purely random string of characters.

... have the same problem as a random string of characters. You have to remember which letter it was you capitalized, where you put the semicolon in place of the comma, and so on.

From a human-memorable standpoint, that's no better than using an actually randomly generated passphrase. It's no better from a computer-guessable standpoint, either. So instead of trying to create a new scheme for generating passwords like "mangle a movie quote", you're better off just using the xkcd method / passphra.se

Not to derail your point, but who needs their WiFi password to human-memorable? Tape it to the bottom of the router like the rest of us.

Are you seriously arguing that "The quick brown fox Jumps over the lazy dog!" is less human-memorable than "dlLejs$sAgkCnzklS%9sxckAAnvk"?

Any variation from what a precomputed table expects renders the table useless.

>It's no better from a computer-guessable standpoint, either.

Besides the increased key space that has to be attacked?

I didn't say "password", I said "passphrase". Something like "breath red long provide" or "itself even willing establish".

If you're using memorable movie quotes or Shakespeare quotes or anything else that you could find on wikiquote, your keyspace is going to be smaller than what you get from stringing 4 random words together. You can try to grow that keyspace by adding in variations, each of which will get you a few bits of entropy, but those variations come at the cost of memorability.

It's counterproductive to start with a non-random phrase like a quote, and then try to add randomness on top of it. If you want both entropy and memorability, use a randomly generated passphrase (via http://passphra.se or by using dice and a dictionary) instead of piecemeal randomness-on-top-of-non-random-quotes strategies.

The primary attack vector against WPA2 keys is via precomputed tables. If your concern is about your SSID+passphrase combination appearing in one of these tables, any variation whatsoever from the "canonical" version somebody might pull from, say, a database of quotes is negated and they're forced back to square one of a pure brute force attack which the increased key space makes more expensive.

The xkcd-style passphrase is simply better than ad-hoc solutions.

The xkcd approach certainly works, but the arbitrary, random nature of it is going to make it difficult for some people to remember. The quotation approach is just leveraging the fact that people spend their entire lives using language as a logical framework to simplify remembering things.

Either is going to be vastly more secure than a random string of characters.

- if you do not include "unique elements" (that is, you quote straight from wikiquote or similar), a quote is less secure than 4 random dictionary words due to being subject to wikiquote-driven dictionary-style attacks.

- if you include intentional and unique modifications, a quote from a public work like a movie or play is not particularly easier to remember than something from passphra.se or similar. Once you have to remember what you spelled/capitalized/punctuated in a nonstandard way, what have you really gained?

- if you include unintentionally unique elements (a word you always misspell), or elements that aren't really unique (you always append the same character), then your passphrase is vulnerable to a dictionary-like attack by an attacker who has some knowledge of you, particularly one who you've told your scheme to.

The key to the xkcd-style passphrase is that it remains secure even against an attacker who knows how you generated it, and who knows your personal tendencies. It's a completely universal, memorable, secure scheme.

Movie quotes are secure and memorable enough the majority of the time -- vastly more secure than using your kid's name, vastly more memorable than a string of random characters. But it seems to me like you're advocating a second-best security practice when we already have a best one.

That's the thing right there: the difference in practical vulnerability all but requires an attacker to have a certain level of omniscience and access to a massive database of any conceivable permutation of any fragment you might choose of a huge number of works.

>But it seems to me like you're advocating a second-best security practice when we already have a best one.

I'm advocating what can be efficiently communicated to a non-technical user that gets them to use something better than the short keys they'll tend to use otherwise.

What's more likely to stick with a 40 year old office coworker that asks how to secure their wireless network? A scheme that seems nonsensical on surface that requires a comic and basic grasp of what a keyspace is to understand, or the suggestion to "use a sentence from something you like that you'll easily remember?"

Either one is going to stop all but the most determined of attackers. I don't see the point in confusing the issue for them.

On the other hand, you're telling people "use a sentence from something you like", which is likely to result in only the smallest exploration of that keyspace -- the most popular lines out of the most popular shows or movies, with only a small number of capitalization or punctuation variants. If people are going to pick things like "to be or not to be" or "I can kill you with my brain", then you're suggesting something that's not particularly secure (and may already be contained in many dictionary attacks).

So the approach you advocate is fundamentally insecure, which you've argued can be made secure by adding exactly the sort of measures that confuse the issue for the people you say will benefit from the approach.

Here's an easier approach: tell people "anything you can find in a dictionary or on a list of quotes, hackers already have on their computers. To make a password hackers don't already know about, you need to put some random words together." Then point them to passphra.se and tell them to hit "generate another" until they get something they like. They can even add in more words to make it more memorable, or mix their random words into a movie quote ("I can melt you with my smoky vegetable universe", in River Tam's voice... creepy and memorable.)

In other words, instead of starting with "memorable" and then trying (and probably failing) to add enough entropy without sacrificing memorability, start with enough entropy and then make it memorable.

There is a very serious tendency to overestimate how clever and creative you can be in the 90 seconds you spend thinking about a password. Odds are, the "random" thing you're doing is the same random thing that a lot of other people are doing. And it's in someone's script somewhere.

If you roll dice, instead of trusting your brain to be clever, you know what you have is random and hence secure.

How do you define common? The person has the entirety of literature, movies, music, etc to draw from. They might select any given fragment of a work, and the attacker has no way of knowing where the fragment begins or ends.

Is a purely random key strictly more secure? Sure.

But my goal isn't to get the purest possible level of security; it's to get normal people to use something more complex than the 8-14 character passwords they generally use now. I'm certainly not claiming it's perfect, but it's a simple to understand scheme that most non-technical users will be able to understand and use that will protect them from all but the most dedicated of attackers.

Just like someone told to select an arbitrary password might select any sequence of characters. They might theoretically select anything, but most of them will choose something like 'password'.

So with your users. Star Trek fans are going to choose "makeitso". And a database of famous quotes will catch them.

Just roll dice. That way your choice is provably random.

shuf -n4 /usr/share/dict/words | tr -d '\n'; echo

echo $(shuf -n4 /usr/share/dict/words)

will do the trick. Though it does have some weird words in there. A trimmed "4000 common words" dictionary is what I use.

- Their address (sometimes with numerals spelled out)

- Their last name

- Their child's name

- single (common) dictionary word

- single (common) dictionary word + one or two digits.

I'm sure it cuts down their support, but it usually means brute forcing only need worry about the last four digits.