How safe is a password generated from words?

Question

I loathe passwords with completely random letters and digits. It's so much nicer to have a password made up of proper words. Even if the total length is much longer, it's easier to memorize, transcribe, etc.

So I thought of this password generation scheme:

result = ""

while (result.length < 12)
  result += randomWord()

if (result.length < 16)
  result += shortRandomWord()

result += randomInteger(1000, 9999)

In this example, assume that randomWord() returns an English dictionary word of length 4 to 10, and shortRandomWord() returns one of length 4 to 5. This is sure to give you a password of length 16 to 21, made up of 2 to 5 words, plus the 4 random integers.

Is this a good password generator? How does its entropy compare to a function that generates a password of length 8 with random letters and digits?

Does this answer your question? Is randomly generating passwords from an assortment of dictionary words cryptographically secure?, XKCD #936: Short complex password, or long dictionary passphrase?. — Steffen Ullrich, Dec 22 '19 at 18:26
Completely random passwords are not meant to be memorised. They are meant to be long, machine-generated, and supplied by a password manager when you need them and not memorised and entered by hand. — schroeder, Dec 22 '19 at 18:52

How safe is a password generated from words?

0 Answers0