The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember.
I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password.
My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words.
For example lets say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to.
pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy.
51.70 bits of entropy.
What does that mean, you might ask.
The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well:
A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker’s task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.
Ok, so how good is 51.70 bits of entropy?
Wikipedia, same article again:
The minimum number of bits of entropy needed for a password depends on the threat model for the given application. […] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn’t applicable.
So let’s say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let’s generate one.
pgen -l -n 4 plastic case refocus demise
Pretty memorable right? :)
Oh yeah, and about the claim that it’s fast. Just how fast is it? Have a look.
time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s
That’s 5 milliseconds.
But hey, let’s say we wanted to generate a bunch of passphrases at once.
How much time does it take to generate 10.000 passphrases and dump them into a text file?
time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s
About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^
Source and instructions on how to install it are on GitHub.