Generating High-Entropy Passphrases
Your Root CA passphrase protects everything. This guide shows you how to generate one using only physical objects โ no software, no trust required.
Understanding Entropy
Entropy measures the randomness in your passphrase. It's expressed in bits. Each bit doubles the number of possible passphrases an attacker must try.
| Bits of Entropy | Possible Combinations | Brute-Force Time (1B guesses/sec) | Rating |
|---|---|---|---|
| 40 | ~1 trillion | ~18 minutes | โ ๏ธ Weak |
| 64 | ~18 quintillion | ~585 years | ๐ Acceptable |
| 80 | ~1.2 ร 10ยฒโด | ~38 million years | ๐ Strong |
| 128 | ~3.4 ร 10ยณโธ | ~10ยฒยฒ years | ๐ก๏ธ Military-grade |
Method 1: Diceware (Dice)
Diceware uses standard six-sided dice to select words from a public word list. Each word adds approximately 12.9 bits of entropy.
What You Need
- 5 six-sided dice (standard board game dice)
- The EFF Diceware word list (printable PDF)
- Pen and paper (to be destroyed after memorization)
Step-by-Step
Step 1: Roll 5 dice
Roll all 5 dice at once. Read them left-to-right to form a 5-digit number.
Roll: โ โ โ โ
โ
Result: 3 5 2 6 4 โ 35264Step 2: Look up the word
Find the number 35264 in the EFF word list. Let's say it maps to the word "kidney".
Step 3: Repeat for each word
Repeat the process to generate as many words as you need:
| Words | Entropy | Use Case |
|---|---|---|
| 5 words | ~64 bits | Personal / Developer use |
| 6 words | ~77 bits | Team / Organizational CA |
| 7 words | ~90 bits | Production Root CA |
| 10 words | ~128 bits | Air-gapped / Critical infrastructure |
Step 4: Assemble the passphrase
Join the words with spaces (or dashes, or no separator โ the entropy is the same).
kidney-atlas-flame-oyster-gutter-flint-widowkidney atlas flame or kidneyatlasflame, the entropy is identical โ the attacker knows the word list, not your specific rolls.
Method 2: Coin Flip (Binary)
A coin is a 1-bit random number generator. Heads = 1, Tails = 0. You can build any random value from coin flips.
What You Need
- 1 coin (any fair coin)
- The EFF short word list (~1,296 words, indexed 1โ1296)
- Pen and paper
Approach A: Binary-to-Word
Each word on the EFF short list has an index from 1 to 1296. You need 11 coin flips to generate a number in range (2ยนยน = 2048, reject if > 1296).
Step 1: Flip 11 coins
Flips: H T T H H T H T H H T
Binary: 1 0 0 1 1 0 1 0 1 1 0
Decimal: 1 + 0 + 0 + 128 + 64 + 0 + 16 + 0 + 4 + 2 + 0 = 622Read the binary number from left to right. The leftmost flip is the most significant bit (1024), and the rightmost is the least (1).
Position values: 1024 512 256 128 64 32 16 8 4 2 1
Flips: 1 0 0 1 1 0 1 0 1 1 0
1024 + 0 + 0 + 128 + 64 + 0 + 16 + 0 + 4 + 2 + 0 = 1238Step 2: Reject if out of range
If the number is greater than 1296, discard it and flip again. This happens about 37% of the time with 11 flips, so you'll occasionally need to re-do a set.
Step 3: Look up and repeat
Look up word #1238 in the short list. Repeat for 6โ10 words.
Approach B: Direct Binary Passphrase
For the technically inclined, you can skip the word list entirely and generate a raw binary passphrase encoded as hexadecimal.
Generate 128 bits
Flip a coin 128 times. Record each flip as 1 (heads) or 0 (tails). Group into nibbles (4 bits) and convert to hex:
Flips: 1001 1010 1100 0011 ...
Hex: 9 A C 3 ...
Result: 9AC3... (32 hex characters = 128 bits)Best Practices
Do
- โ Use physical randomness (dice, coins) for Root CA passphrases
- โ Write the passphrase on paper until memorized, then destroy the paper
- โ Store a backup in a fireproof safe or split with Shamir's Secret Sharing
- โ Use at least 7 Diceware words (90 bits) for production Root CAs
- โ Practice typing your passphrase daily until it becomes muscle memory
Don't
- โ Never use a passphrase generated by software for air-gapped Root CAs โ you can't verify the entropy source
- โ Never use song lyrics, book quotes, or personal information
- โ Never store your passphrase digitally alongside the key file
- โ Never reuse a passphrase across different CAs or systems
- โ Never use "common substitutions" (e.g.,
p@ssw0rd) โ attackers model these
Entropy Comparison
| Method | Example | Entropy |
|---|---|---|
| User-chosen password | MyDog2024! | ~28 bits |
| Random 12-char alphanumeric | kX9mPq2vBn4R | ~71 bits |
| 5 Diceware words | atlas flame oyster gutter flint | ~64 bits |
| 7 Diceware words | kidney atlas flame oyster gutter flint widow | ~90 bits |
| 128 coin-flip hex | 9ac3e7f1...4b2d (32 chars) | 128 bits |
logโ(7776) ร number_of_words โ 12.9 ร words. Coin flip entropy = exactly 1 bit per flip. No estimation, no guesswork โ pure mathematics.
Where Trinity Uses Your Passphrase
Trinity prompts for a passphrase during two critical operations:
| Command | What's Protected | Encryption |
|---|---|---|
trinity init | Root CA private key (root.key) | AES-256 (PEM-encrypted) |
trinity init | Transport private key (transport.key) | AES-256 (PEM-encrypted) |
trinity sign | Decrypts Root CA key for signing | Passphrase โ AES โ Key |
Both keys are encrypted with the same passphrase during trinity init. You only need to remember one passphrase, but it protects both your Root CA signing key and your Kyber transport key.
trinity sign in Ghost Mode, the decrypted keys are automatically wiped from memory if the watchdog detects network connectivity. Your passphrase is your last line of defense โ make it strong.
Next Steps
- Getting Started โ Use your new passphrase to initialize a Root CA
- Authority Reference โ Full CLI command reference
- Blind Drops Protocol โ How post-quantum encryption protects your CSRs