[cryptography] PGP word list

Jon Callas jon at callas.org
Thu Feb 19 10:49:05 EST 2015

Hash: SHA256

> I just realised one barrier -- language.  It uses the English language, and PGP might be stronger in Europe than in the anglo world.
> So perhaps the wordset should be retuned to being some form of internationalised english, words that are recognisable by a wide set of cultures?
> Things like: weekend, manyana, angst, perestroika, bollywood, ...
> just a thought.

We're using the PGP world list for verifying short authentication strings.

You're bringing up a great point, and it's one we're dealing with. 

Ultimately, the problem is that any given word is going to be unpronounceable gibberish to *someone* and you want that set of words and someones to be small enough.

The alternative is to use something like base32 and the ICAO/NATO word list (alpha, bravo, charlie, delta, echo, etc.) or even bare letters and numbers to get base32.

The PGP word list is a set of two-syllable and three-syllable words that are eight bits long, each. You can either alternate two-syllable and three-syllable words for error correction, or combine them. That gives you either eight or nine bits per word, versus five bits for ICAO.

At the end of the day, you're either taking a hit on intelligibility with bare letters and numbers, or using "English" words. You have to pick the way in which you want to have suck.

The advantage of the PGP word list is that you get a large number of bits per word, but the cost is a high chance of a word that's baffling to someone. ICAO words have fewer words, but at least there's only 32 of them. Bare letters have some of the worst of all of these -- they're easily misunderstood (which is why the ICAO list exists), and even more cross-language.

So pick your poison.


Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii


More information about the cryptography mailing list