October 2015 Issue No: 1.1 IA Developers’ Note CESG's "Sentences" ComputerGenerated Passphrase Scheme IA Developers’ Note No. 16 CESG's "Sentences" Computer-Generated Passphrase Scheme Issue No: 1.1 October 2015 The copyright of this document is reserved and vested in the Crown. CESG’s “Sentences” ComputerGenerated Passphrase Scheme Contents: CONTENTS:............................................................................................................... 1 KEY PRINCIPLES ...................................................................................................... 2 INTRODUCTION .......................................................................................................... 2 OUTLINE OF THE PASSPHRASE SCHEME ...................................................................... 2 USER INTERFACE ...................................................................................................... 4 PASSWORD GENERATION ........................................................................................... 4 PASSWORD STORAGE AND VERIFICATION .................................................................... 6 APPENDIX A – DICTIONARIES ................................................................................ 9 REFERENCES ......................................................................................................... 19 Page 1 CESG’s “Sentences” ComputerGenerated Passphrase Scheme Key Principles A truly random number must be used as a source of randomness because other sources are not guaranteed to be sufficiently random A meaningful structured sentence created from words selected randomly from pre-defined lists is relatively easy to memorise yet still has well-defined entropy Introduction 1. Robust Passwords - as defined in HMG IA Standard No.7, (IS7), Authentication of Internal Users of Government ICT Systems (Ref [a]) - need a well-defined degree of randomness (entropy). The scheme described in this Developers' Note provides well-defined entropy by using a machine-generated truly random number to select words from predefined lists in various categories, which when strung together make a meaningful and easily memorable - albeit rather bizarre - sentence. The amount of entropy can be adjusted by altering the structure of the sentences. Depending on the implementation, it may not be necessary for a user entering a password to enter the whole sentence: the first three letters of each word can be sufficient. 2. The scheme uses a CESG-approved password hashing algorithm (currently LOG FIRE) which is subject to CESG's algorithm release process and is subject to a non-royalty bearing license limiting the purpose of its use. When the scheme is incorporated in a product the implementation will need to be evaluated and approved under CESG's CAPS Scheme. Outline of the Passphrase Scheme 3. Each password consists of between 4 and 7 words that form some sort of sentence when put together. An example is Last year 999 secretive lilac vipers admired the entrance. It is intended that this sentence may be remembered as a picture. 4. Each word in each category can be identified by its first three letters and hence usually the implementation will require users to type in just the first three letters of each of their words1. To make the sentences as easy to enter as possible, users must be able to enter the whole word if they wish. The space character or tab character is used to identify the end of each word. Some implementations may allow the redundant word ‘the’ to be entered as well, which will have to be removed before processing. 5. Words are divided into seven categories as listed below. Sentences of different amounts of entropy may be formed by using only some of the categories. 1 The main reasons for using only 3 letters is to reduce the number of key-strokes needed and also to reduce the effects of typographical errors and spelling mistakes. It also opens up the possibility of users constructing their own easy-to-remember phrases by using words that have the same first three letters as those generated by the random process, thus the phrase 128 noble green ponies photographed the nursery could be remembered as 128 nobbly greek pontiffs phoned the nurses. Page 2 CESG’s “Sentences” ComputerGenerated Passphrase Scheme 6. Table 1 lists the categories, number of words in each category and the entropy (in bits) of a word chosen at random from that category. The lists are in the appendix. Category Time Number Adjective Colour Creature Verb Place Examples Tuesday, April 42, 563 affectionate, excellent orange, yellow badgers, fairies admired, watched arena, farm No. of words No. of bits of entropy 30 998 337 4.9 10.0 (6.6 if 2 digits) 8.4 78 256 358 256 6.3 8.0 8.5 8.0 Table 1 – Categories, category sizes and entropies 7. The total entropy for a scheme is the sum of the entropies for each category used. The entropy levels for typical different sentences are given below. 22.7 bits 29.3 bits 30.8 bits 32.9 bits 37.4 bits 39.2 bits 39.5 bits 40.8 bits 42.9 bits 45.8 bits 49.2 bits 54.1 bits 8. adjective colour creature secretive lilac vipers. 2-digit -number adjective colour creature 99 secretive lilac vipers. colour creature verb place lilac vipers admired the entrance. adjective creature verb place secretive vipers admired the entrance. 2-digit-number colour creature verb place 99 lilac vipers admired the entrance. adjective colour creature verb place secretive lilac vipers admired the entrance. 2-digit-number adjective creature verb place 99 secretive vipers admired the entrance. 3-digit-number colour creature verb place 999 lilac vipers admired the entrance. 3-digit-number adjective creature verb place 999 secretive vipers admired the entrance. 2-digit-number adjective colour creature verb place 99 secretive lilac vipers admired the entrance. 3-digit-number adjective colour creature verb place 999 secretive lilac vipers admired the entrance. Time 3-digit-number adjective colour creature verb place Last year 999 secretive lilac vipers admired the entrance. Note that higher entropy levels do not necessarily mean that fewer people can remember their password. Research showed that the most successful schemes contained a number and the scheme with 49.2 bits of entropy was remembered the most. Page 3 CESG’s “Sentences” ComputerGenerated Passphrase Scheme User Interface 9. Where possible, users should be presented with a logon screen similar to the one of the examples below. If separate boxes are used for each category then space bar as well as tab must move between the boxes to allow users to enter the password fluently. Where it is not possible to have separate boxes, it is important that the category headings are still given since these act as a reminder to the password. Note that only the categories used for the particular entropy level should be listed. The words must still be separated by a space when entered, in order to identify the end of each word. Username Please enter your password - you only need to enter the first three letters of each word. time number adjective colour creature verb Last place the Username Please enter your password - you only need to enter the first three letters of each word. Last time number adjective colour creature verb the place Password Generation Outline 10. In outline the process is: First use a CESG approved random number generator to generate a random number. Second, use this random number to give a word index number for each of the categories in the sentence, in such a way that each word in the category is equally likely. Third use the word index number for each category to determine the actual word from the dictionary for that category to be included in the sentence. 11. Each user should have a choice of three sentences passwords; therefore, the above steps must be repeated three times in order to obtain three different sentences passwords. 12. In order to ensure that all sentences passwords are equally likely, the random number may be mapped to the word index numbers in the preferred way as described below. However there are other methods of ensuring that all the passwords are equally likely. If a developer wishes to propose another method, Page 4 CESG’s “Sentences” ComputerGenerated Passphrase Scheme which ensures that all passwords are equally likely, CESG will consider the proposed method during the evaluation. Detail 13. As indicated above, there are three steps to generating a single "sentences" password, and the three steps will need to be repeated three times to give the user a choice of passwords. 14. Step 1: Generate an 80 bit random number, Y, using a CESG-approved method of generating random numbers2. Note that this random number must contain at least the amount of entropy of the chosen password scheme. Split the 80 bits of Y into 10 bytes V1, V2,…,V10, where V1 contains the most significant bits. 15. Step 2: Map these bytes of the random number to the word index numbers in such a way that each word in the category is equally likely. One possible method is to use the following bytes for each of the categories: Category 1 Category 2 Category 3 Category 4 Category 5 Category 6 Category 7 Time Number Adjective Colour Creature Verb Place V1 V2 | V 3 V4 | V 5 V6 V7 V8 | V 9 V10 where | denotes that the bytes are concatenated. If a category is not used for a particular entropy level, then the corresponding bytes may be ignored. 16. For each category, map the value of the bytes to a number between 0 and the number of words in the dictionary for that category. This mapping can be done as described below. In order to ensure that each word in a dictionary is equally likely, if the corresponding bytes of the random number for a particular category are above a set value, then discard the random number and repeat the whole process. 17. For each category , use the formulae below to obtain the word index number Pi. Time: If V1 ≥ 240 then discard the random number, return to Step 1 and repeat the process. Otherwise P1 = V1 modulo 30 Number (3 digits):3 If V2 | V3 ≥ 64870 then discard the random number, return to Step 1 and repeat the process. 2 Contact CESG for advice about entropy collection and generation of random numbers from this entropy. 3 For clarity the function returns a word index in the range 0-997 and may not always contain 3 digits e.g. 9, 55. Page 5 CESG’s “Sentences” ComputerGenerated Passphrase Scheme Otherwise P2 = V2 | V3 modulo 998 Number (2 digits): If V2 | V3 ≥ 65464 then discard the random number, return to Step 1 and repeat the process. Otherwise P2 = V2 | V3 modulo 98 Adjective: If V4 | V5 ≥ 65378 then discard the random number, return to Step 1 and repeat the process. Otherwise P3 = V4 | V5 modulo 337 Colour: if V6 ≥ 234 then discard the random number, return to Step 1 and repeat the process. Otherwise P4 = V6 modulo 78 Creature: P5 = V 7 Verb: If V8 | V9 ≥ 65514 then discard the random number, return to Step 1 and repeat the process. Otherwise P6 = V8 | V9 modulo 358 Place: P7 = V10 18. Note that the values above are dependent on the size of the dictionaries to be used for each category. If the number of words in any category dictionary were to change, then the formulae above would have to change accordingly. 19. Step 3: Once the value of the word index number, Pi , has been determined for all categories, take the corresponding word for each category from the category dictionary. These dictionaries are available in soft copy from CESG to people implementing the scheme. Password Storage and Verification 20. Once a user has chosen one of three passwords generated by the process above, a shortened version of the chosen password must be hashed using a CESG approved hashing algorithm and the hash value stored. The shortened Password is created by converting all the letters to lower-case, then taking the whole number and the first three (or four if the implementation requires it) letters of each word and concatenating them together. 21. A CESG approved hashing algorithm (currently LOG FIRE, reference [b]), must be used to hash the password, possibly concatenated with some additional information, as defined by the algorithm and password system requirements. Page 6 CESG’s “Sentences” ComputerGenerated Passphrase Scheme (E.g., a system designer may decide to concatenate the userid or other information with the password before hashing, as described in IS7 and its associated implementation guide.) 22. In order to create a new entry in the password file or verify an input password: Firstly all the letters are converted to lower-case characters. Secondly, spaces or tabs are used to identify the beginning and end of each word. Thirdly the whole number and the first three (or four) letters of each word entered are concatenated together and this string is then concatenated with any other information required by the hashing algorithm as described in IS7 or its accompanying Implementation Guide, Lastly the whole combination is hashed, and the resultant value stored. 22. When verifying an input the entered password is hashed, along with other information as described above, and the hash is compared against the entry in the password file to determine whether the verification is successful or not. 23. Suppose we have generated the 80 bit random number Y. Let Y = V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 where the Vi are all single bytes and | denotes that the bytes are concatenated Suppose the values of these are as follows; V1 = V2 = V3 = V4 = V5 = V6 = V7 = V8 = V9 = V10 = 10111010 11100001 00100001 00110101 00010001 11010010 00101000 10010110 00010111 10001001 Time V1 = 186 Number V2 | V3 = 57633 Adjective Colour Creature V4 | V5 = 13585 V6 = 210 V7 = 40 Verb V8 | V9 =38423 Place V10 = 137 Further, suppose the requirement is to use these values to form and store a sentence with 39.5 bits of entropy i.e 2-digit-number adjective creature verb place. Time: V1 not used Number (2 digits) Check that 57633 < 65464. It is so P2 = 57633 modulo 98, so P2 = 9 Adjective: Check that 13585 < 65378. It is so P3 = 13585 modulo 337, so P3 = 105 Page 7 CESG’s “Sentences” ComputerGenerated Passphrase Scheme Colour: V6 not used. Creature: P5 = V7 = 40 Verb: Check that 38423 < 65514. It is so P6 = 38423 modulo 358, so P6 = 117 Place: P7 = V10 = 137 Using the word index numbers with the dictionaries gives the password 11 frosty cats increased the gym To store this password, it is shortened to 11frocatincgym before being concatenated with other information and hashed using an approved algorithm. Page 8 CESG’s “Sentences” ComputerGenerated Passphrase Scheme Appendix A – Dictionaries TIME 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 NUMBER 0 1 2 . N . 97 997 ADJECTIVE 0 1 2 3 april august autumn christmas december easter february friday january july june march may monday night november october saturday semester september spring summer sunday term thursday tuesday wednesday week winter year 2 3 4 . n+2 . 99 999 abandoned able abnormal academic 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 adaptable admiring adventurous affectionate aged aggressive albino aloof amazing amiable ancient angry antisocial apologetic argumentative arrogant articulate attentive baby backward bad baptized battered beautiful bedraggled befuddled bellowing bemused bendy bewildered big bitter bland boastful bold boring bouncy brave brilliant bruised burnt calm camp capable challenging cheerful chirpy Page 9 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 civil clever clumsy cockney colourful comical conscientious cool cowardly coy crazy creative cruel cultural curious cute damp dangerous daring decorative demented devoted dirty distinguished divine domesticated dreary dripping drunk dull earnest eccentric edible elegant embarrassed enchanting enormous evasive evil excitable fabulous fair fake famous fantastic fat fearless CESG’s “Sentences” ComputerGenerated Passphrase Scheme 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 ferocious fiery fine flexible flippant forgetful friendly frosty funny generous ghostly gifted gigantic glamorous gleaming glittery glowing good graceful greasy guilty gullible handsome happy hardy hateful headstrong helpful historic holy homely honest horrible hostile hot humorous hygienic hypnotised hysterical idiotic idle impressive inactive inflexible innocent inquisitive intelligent invisible irritable 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 itchy jealous jocular jogging joking jolly jovial joyful jubilant juggling jumpy juvenile keen kicking kind kneeling knowledgeable lame large laughing lazy legendary likeable little lively logical lonely lost loud loveable loyal lucky luxurious mad magnificent malicious marching materialistic mean mechanical merry messy migrant mild miniature mischievous modest moody musical Page 10 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 mythical nagging nameless naughty neglected nervous nice nimble noble nocturnal nomadic normal nosey notorious nutty obese objectable oblivious obnoxious observant obvious old opaque ordinary original outgoing pained paranoid passionate patient peaceful perfect photogenic picturesque pitiful poetic polite poor practical pretty professional pungent purposeful qualified questionable quiet radiant ragged rampaging CESG’s “Sentences” ComputerGenerated Passphrase Scheme 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 rare ravenous reasonable reflective reliable repetitive resourceful retiring revengeful rich ridiculous righteous romantic rubbery sad sarcastic saucy savage scornful seated secretive selfish sensible serene severe shabby sheepish shirty short shy silent simple skilful sleeping small sober sociable solitary sombre sophisticated spirited stern tactful talking tame tasteful tatty temperamental tense 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 terrible thankful theatrical thoughtful thrifty tidy timid tormented transparent triumphal truthful ugly unassuming unconscious undercover uneasy unfortunate unhappy unkind unscrupulous useless vain wandering wary washable watchful wayward weak weepy weighty wet whimsical wicked wilful wiry wise withdrawn worried wretched yelping young zany zealous COLOUR 0 1 2 3 amber apricot apple aqua Page 11 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 auburn azure baby-pink bamboo beige biscuit black blonde blue brick brown burgundy buttermilk calico cerise charcoal cherry chocolate claret coral cream crimson cyan daffodil emerald forest-green fuchsia ginger gold green hessian indigo ivory jade jasmine khaki lavender lemon lilac lime magnolia mercury mint mustard navy olive orange paprika peach CESG’s “Sentences” ComputerGenerated Passphrase Scheme 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 CREATURE 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 pink pistachio platinum plum primrose purple red rose royal-blue sapphire salmon sand scarlet sea-green silver sky-blue slate tan teal terracotta turquoise vanilla violet white yellow aardvarks adders albatrosses alligators angels animals ants apes aphids armadillos asses baboons badgers barracudas basilisks bats bears beetles bighorns billy-goats bison blackbirds 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 bloodhounds bluebottles boars bookworms boxers brontosauruses bucks budgerigars buffalos bugs bulls bunnies bustards butterflies buzzard calves camels canaries cats cave-men chameleons cheetahs chickens clowns cobras cockroaches condors coots cows coyotes crabs crickets crocodiles cubs cuckoos cygnets dalmatians damselflies deer dinosaurs dodos does dogs dolphins donkeys dormice doves dragonflies ducks Page 12 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 dukes dwarfs eagles earwigs eels elephants elks elves emus fairies ferrets field-mice fireflies fish flamingos flies foals foxes frogs gazelles geese gerbils ghosts giants gingerbread-men giraffes gladiators gnus goats goblins goldfish gorillas grasshoppers greenfly grouse guinea-pigs hamsters hares hawks hens herons hobbits horses hounds hyenas ibexes iguanas jackdaws jaguars CESG’s “Sentences” ComputerGenerated Passphrase Scheme 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 jellyfish kangaroos kestrels kings kittens kiwis knights koalas labradors ladybirds lambs leeches lemmings lice lions lizards llamas lobsters locusts lords lynx mammals marmosets mayflies meercats mice minks monkeys moorhens mosquitoes moths mules newts ocelots octopuses orang-utans ostriches otters owls oysters pandas partridges peacocks pelicans penguins perch pheasants phoenixes pigs 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 pixies platypuses polar-bears ponies porpoises possums princes pumas puppies pythons quails queens rabbits raccoons rams rats ravens rays reindeer reptiles retrievers rhinos robins rooks salamanders sardines scarecrows scorpions seals sharks sheep shire-horses skunks sloth slugs snakes snowmen soldiers spaniels spiders squirrels stags storks swans swine tadpoles tarantulas teals teddy-bears Page 13 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 terrapins things thrushes ticks tigers toads tom-cats tortoises toucans toys triffids turkeys unicorns vampires vipers vixens voles vultures wagtails wallabies wapiti warthogs wasps weasels werewolves whales wildebeest witches wizards wolves wombats woodlice worms wrens yaks yetis zebras zombies VERB 0 1 2 3 4 5 6 7 8 absorbed accepted acquired adapted addressed admired adopted advertised affected CESG’s “Sentences” ComputerGenerated Passphrase Scheme 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 altered analysed approached arranged assessed ate attacked auctioned audited authorised avoided awarded balanced bit blamed boiled borrowed bought boycotted broke built burnt captured ceded centralised changed checked circled classified cleaned coached completed controlled cooked corrected countered coveted crashed created damaged decorated defined delivered demonstrated denied destroyed detested developed directed 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 discovered diversified documented doubled drank drew effaced elevated eliminated employed enabled enclosed endured energised enfolded engineered enhanced enjoyed enlarged enrolled enshrined entered eradicated erected established evaluated examined exceeded exempted explored extended faced fed filmed finished formed fostered found fried funded furnished generated governed graded guarded guided halved handled headed Page 14 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 held henpecked hid highlighted hired identified ignored illustrated imagined improved increased indicated influenced inherited initiated injected inspected introduced investigated jailed jammed jiggled jinxed jogged joined jolted judged juggled juiced junked justified kept kicked kindled kissed knew knighted knocked lambasted launched learned lectured led lent lessened lightened liked liquidated loaned CESG’s “Sentences” ComputerGenerated Passphrase Scheme 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 logged loved lowered machined made magnetised maintained malformed managed mapped marked mastered matched mauled maximised measured medicated met milked mimed minimised mirrored misused mixed modified monitored moored mopped motivated moulded muddled muffled mushed nagged nailed named nationalized navigated neared necessitated needed neglected netted neutralised nicked nipped nominated noticed observed 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 obtained occupied offered oiled omitted opened optimised ordered organised orientated ostracised outlined overlooked painted partitioned passed paved pecked peeled peppered perfected photographed pictured pinpointed pirated pitied planned pleased plugged poached pocketed pointed poked polished popularised positioned powered prepared priced promoted psychoanalysed publicised pulled purchased quartered questioned quit quoted raced Page 15 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 radioed raised ramified ran rattled ravaged razed rearranged rebuilt recommended redesigned refined regulated rehabilitated reinforced rejected relished remembered renamed reorganised repaired restored retained revealed ribbed ridiculed rifled rigged rinsed ripped risked rivalled roasted rode rotated rounded ruffled ruined rumbled ruptured rushed salvaged satisfied saved saw scheduled scratched searched secured CESG’s “Sentences” ComputerGenerated Passphrase Scheme 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 selected separated serviced settled shared shortened simplified sketched slandered smelt sold specified spurred staffed steamed stopped strengthened studied submitted succeeded suggested summarised supervised surrounded symbolised synthesised tailored taught tended terminated tested tightened transformed treated trimmed tutored uncovered united unravelled updated upgraded urged used utilised verified videoed vilified visited vitalised 352 353 354 355 356 357 PLACE 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 watched weighed widened won worked wrote abbey academy adventure-playground aeroplane airfield allotment amphitheatre annexe apartment aqueduct arboretum arch arena ark asylum attic auditorium autobahn avenue backyard bakery balcony bank barn base battlefield bay bazaar beach belfry berth bicycle biplane blacksmiths boat bog bonfire bookshop border boulevard box Page 16 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 branch breakwater bridge brook building bullring bus butchers bypass cabin cafe cage cairn camp canal capital car castle causeway cave cellar cemetery centre chapel chemist chimney church cinema circus city classroom clearing cliff clubhouse coach coffee-shop college common concourse copse corridor cottage county cove crater crematorium croft cruiser dairy CESG’s “Sentences” ComputerGenerated Passphrase Scheme 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 dam deck den depot district ditch dock doorstep dormitory drawbridge driveway dump dungeon dwelling elevator embankment enclosure entrance equator escarpment exhibition factory fairway farm fell ferry field fishmongers flat folly footpath fort fountain freeway fun-fair gallery gaol garden gatehouse glacier golf-course gorge graveyard greenhouse grocery guest-house guildhall gym hall 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 hamlet hanger harbour heath helicopter highway hill hippodrome homestead hovercraft hospital hotel house hypermarket iceberg igloo jail jobcentre jungle kennel kindergarten kiosk kitchen knoll laboratory lair lake lane larder launderette lawn lay-by leisure-centre library lido lighthouse loch lodge maisonette mall mansion marina maze meadow metropolis mine moat monastery moon Page 17 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 mosque motel mountain museum nail-bar newsagent nunnery nursery oasis ocean office palace park path playground pond pool port pub pyramid racecourse railway ranch refinery restaurant river road room rotunda ruins school scrubland sea shed ship shop spaceship square stable street studio supermarket swimming-pool temple theatre town train tree tube CESG’s “Sentences” ComputerGenerated Passphrase Scheme 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 underground university viaduct vicarage village volcano wagon wall warehouse wasteland waterfall wharf windmill woods workshop wreckage yacht yard zoo Page 18 CESG’s “Sentences” ComputerGenerated Passphrase Scheme References [a] HMG IA Standard No.7, Authentication of Internal Users of ICT Systems, Handling Government Information (UNCLASSIFIED) – latest issue available from the CESG website. [b] The LOG FIRE hashing algorithm, 13th June 2005, X/21663/1300/41 available from CESG enquiries. Page 19 CESG provides advice and assistance on information security in support of UK Government. Unless otherwise stated, all material published on this website has been produced by CESG and is considered general guidance only. It is not intended to cover all scenarios or to be tailored to particular organisations or individuals. It is not a substitute for seeking appropriate tailored advice. CESG Enquiries Hubble Road Cheltenham Gloucestershire GL51 0EX Tel: +44 (0)1242 709141 Email: [email protected] © Crown Copyright 2015
© Copyright 2026 Paperzz