Surveillance and Paranoia in a New Public: The irregular fires of Mrs. Dalloway| Prevent Default
The first time I read Virginia Woolf’s Mrs. Dalloway, in the spring of 2023, I admit that I don’t think I quite understood it. Wanting another shot at it, I attended a seminar to learn more about the classic tale of Woolf’s famous hostess. Luckily, the edition that the seminar...| Prevent Default
I recently learned about a secrets manager called Passbolt. Given my interest in word lists, I asked them on Mastodon if they use one. They promptly replied that, yes, they do, and provided me with the GitHub URL to their word list. As is common, they seem to be using...| Prevent Default
I wrote a random passphrase generator command-line tool! I’m calling it Phraze. $ phraze northern-ruined-recruited-profound-vectors-drive-bringing If you have Rust installed, you can install Phraze with cargo install phraze. If you don’t have Rust installed, check the latest releases. See the project’s README for more information on installation and usage. Why...| Prevent Default
Note: This post is now slightly out-of-date. The names of the relevant Orchard Street Wordlists have since changed. Check the repo for the latest lists and their corresponding names. Exciting news! One of my Orchard Street Wordlists in now available to users of the Strongbox password manager. Since Strongbox is...| Prevent Default
The SecureDrop project uses a few different (English) word lists. One of them is located in their public repo at securedrop/wordlists/en.txt. Since its initial publication to GitHub in October of 2017, the list has been changed twice. Below, I make some observations about these changes that I think are of...| Prevent Default
I recently pushed to GitHub a set of word lists intended to be used to generate secure passphrases called the Orchard Street Wordlists. I’m pretty proud of them – you can read more about the lists here. The words on the list come from two sources: Google Ngram data and...| Prevent Default
I’m (still) thinking a bit more about software licenses (previously). In order to learn more, I read Open (Source) for Business: A Practical Guide to Open Source Software Licensing by Heather Meeker, which was pretty close to the more thorough explanation of key concepts that I was looking for. (Tired...| Prevent Default
About five years ago I started thinking about passphrases and the word lists used to generate them. At first, I just built tools to audit, and later create, word lists rather than actually create word lists myself. In 2020, I finally started working on making lists. My work building word...| Prevent Default
As you may know, there is a method for using dice to create strong passphrases. If users have 6-sided dice, this means the wordlists used in conjunction with this method usually must be 7,776-words long. This means that each additional word chosen gives the resulting passphrase 12.925 bits of entropy....| Prevent Default
I recently learned about Cyber, a very new scripting language written in Zig. Intrigued, I decided to try to write a tic-tac-toe game with it. I’ve written this same little tic-tac-toe game before in Go, Rust and Zig. Cyber resources Cyber only had its first commit last month! For such...| Prevent Default
One of the more basic things my wordlist-manipulating program, Tidy, does is to sort words alphabetically. By that I mean: given a wordlist, two of the few things it does by default is to (a) remove duplicate words and (b) alphabetize them. Removing duplicate words is critical to the security...| Prevent Default
I’ve been thinking about software licenses this month for two reasons. First, I saw this blog post from Daniel Stenberg, who created curl, about whether developers really have to update the years in their copies of software licenses. He concludes “I don’t think we risk much by” removing the years...| Prevent Default