Hack to generate easy-to-remember (sorta) passwords with a similar amount of entropy as a typical 12-character randomly generated password. In this case, that means four english words. Based on the idea from the popular xkcd.
Why not? Passwords are nice, and I was toying with the idea of making passwords easier to remember but still hard to guess. I thought of the relevant xkcd, and tried working out the math of it.
A typical password generated by LastPass is 12 characters, each using uppercase and lowercase letters, numbers, and symbols, for a total character set of 70 characters. This gives a space of 70^12, or roughly 1.384e22, possibilities. Using this dataset of roughly 355k words, and assuming your attacker knows your system for generating passwords, we can generate a similar amount of entropy with just four words (355k^4 ≈ 1.588e22). Both of these passwords would take a computer over 237 billion years to bruteforce on average, at a rate of 1000 tries per second. Yet, one is much easier to remember than the other.
Even if we cut it down to the 100k simplest words (since this dataset has a bunch of obscure words in it), we only need five words to make an even stronger password (1e25 possibilities). I haven't found such a dataset though.
Yes, I know this has been done before. I just wanted to work it out myself. After all, writing this readme took longer than the rest of it.
The words dataset is from here.