Good design for a Algorithmically Derived Passphrase for FDE (?!)

[ManInWhite <maninwhite () tpg com au>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi List,

I have been tasked with deploying partition based encryption for our
fleet of laptops.

It has been suggested that we use an
algorithm derived passphrase based on some unique hardware number.
[ HDD Serial# / Laptop Serial# ]
(Is this the correct terminology?)

Does anybody have any suggestions or corrections on what kind of
function I should use to generate the passphrase?

I was thinking something like:

- -- Generate Pseudo Hash --
Unique Serial# = x
f(x) = Ax^3 + Bx^2+ Cx + D (mod p)
A, B, C, D are 'magic' numbers and p is prime

- -- Translate Pseudo Hash into Passphrase --
num1 = f(x) mod 239
num2 = f(x) mod 241
num3 = f(x) mod 251

Look up num1, num2, num3 in word table, output passphrase


Example:
nb: Mathematica syntax, from testing
A=34, B=12, C=-10, D=40, p=Prime[106+105], serial#=5864353

fhash = Mod[(34 #^3 + 12 #^2 - 10 # + 40), Prime[106+105]] &
Table[Mod[fhash[5864353], p], {p, {Prime[52], Prime[53], Prime[54]}}]

{9, 128, 160} -> "angry red kangaroo"


Sample Runs:
In= Table[Table[
  Mod[fhash[n], p], {p, {Prime[52], Prime[53], Prime[54]}}], {n,
  433565, 433610}]

Out=
{{188, 228, 178}, {134, 208, 95}, {108, 234, 133}, {188, 48,
  126}, {163, 85, 212}, {237, 67, 93}, {136, 198, 224}, {1, 210,
  122}, {162, 46, 110}, {219, 171, 22}, {200, 56, 247}, {70, 146,
  236}, {33, 163, 193}, {230, 80, 137}, {35, 81, 140}, {4, 149,
  36}, {165, 237, 214}, {5, 67, 125}, {206, 84, 224}, {16, 10,
  213}, {54, 59, 111}, {172, 174, 241}, {209, 97, 186}, {193, 22,
  84}, {89, 153, 139}, {101, 212, 53}, {131, 172, 96}, {31, 217,
  89}, {118, 89, 117}, {181, 223, 67}, {185, 100, 143}, {95, 165,
  47}, {52, 150, 49}, {147, 239, 221}, {219, 174, 146}, {57, 149,
  213}, {104, 127, 124}, {86, 71, 83}, {207, 185, 43}, {130, 201,
  23}, {185, 62, 95}, {211, 233, 93}, {236, 185, 155}, {225, 122,
  234}, {80, 17, 98}, {131, 54, 70}}

These triples appear to be (pseudo)random.

Running it on a large range of possible serial numbers:

In= Sort[Tally[
  Flatten[Table[
    Table[Mod[fhash[n],
      p], {p, {Prime[52], Prime[53], Prime[54]}}], {n, 433565,
     500000}]]]]

Out = {{0, 811}, {1, 847}, {2, 805}, {3, 796}, {4, 827}, {5, 803}, {6,
  793}, {7, 849}, {8, 838}, {9, 836}, {10, 828}, {11, 835}, {12,
  823}, {13, 806}, {14, 828}, {15, 820}, {16, 819}, {17, 858}, {18,
  819}, {19, 771}, {20, 834}, {21, 849}, {22, 869}, {23, 822}, {24,
  834}, {25, 815}, {26, 798}, {27, 848}, {28, 815}, {29, 853}, {30,
  839}, {31, 802}, {32, 818}, {33, 824}, {34, 846}, {35, 830}, {36,
  812}, {37, 790}, {38, 834}, {39, 825}, {40, 789}, {41, 857}, {42,
  846}, {43, 850}, {44, 780}, {45, 766}, {46, 788}, {47, 787}, {48,
  819}, {49, 799}, {50, 776}, {51, 815}, {52, 867}, {53, 871}, {54,
  838}, {55, 796}, {56, 841}, {57, 791}, {58, 772}, {59, 814}, {60,
  834}, {61, 838}, {62, 777}, {63, 761}, {64, 831}, {65, 813}, {66,
  790}, {67, 738}, {68, 803}, {69, 830}, {70, 851}, {71, 824}, {72,
  822}, {73, 811}, {74, 873}, {75, 797}, {76, 807}, {77, 859}, {78,
  783}, {79, 791}, {80, 810}, {81, 781}, {82, 815}, {83, 818}, {84,
  795}, {85, 797}, {86, 786}, {87, 839}, {88, 813}, {89, 799}, {90,
  768}, {91, 825}, {92, 844}, {93, 799}, {94, 829}, {95, 835}, {96,
  826}, {97, 812}, {98, 802}, {99, 773}, {100, 815}, {101, 800}, {102,
   831}, {103, 849}, {104, 738}, {105, 831}, {106, 805}, {107,
  820}, {108, 721}, {109, 818}, {110, 852}, {111, 845}, {112,
  826}, {113, 806}, {114, 813}, {115, 809}, {116, 809}, {117,
  823}, {118, 842}, {119, 825}, {120, 873}, {121, 800}, {122,
  853}, {123, 806}, {124, 824}, {125, 788}, {126, 831}, {127,
  802}, {128, 800}, {129, 827}, {130, 833}, {131, 810}, {132,
  843}, {133, 837}, {134, 820}, {135, 818}, {136, 825}, {137,
  791}, {138, 850}, {139, 807}, {140, 875}, {141, 796}, {142,
  799}, {143, 845}, {144, 861}, {145, 767}, {146, 834}, {147,
  834}, {148, 825}, {149, 852}, {150, 805}, {151, 826}, {152,
  883}, {153, 804}, {154, 818}, {155, 817}, {156, 807}, {157,
  805}, {158, 831}, {159, 856}, {160, 801}, {161, 812}, {162,
  779}, {163, 845}, {164, 858}, {165, 802}, {166, 804}, {167,
  772}, {168, 808}, {169, 829}, {170, 780}, {171, 828}, {172,
  821}, {173, 811}, {174, 813}, {175, 824}, {176, 787}, {177,
  789}, {178, 814}, {179, 851}, {180, 778}, {181, 820}, {182,
  792}, {183, 850}, {184, 838}, {185, 792}, {186, 799}, {187,
  837}, {188, 823}, {189, 848}, {190, 778}, {191, 861}, {192,
  806}, {193, 833}, {194, 772}, {195, 829}, {196, 853}, {197,
  868}, {198, 807}, {199, 823}, {200, 805}, {201, 820}, {202,
  828}, {203, 796}, {204, 782}, {205, 837}, {206, 821}, {207,
  790}, {208, 839}, {209, 808}, {210, 831}, {211, 805}, {212,
  826}, {213, 842}, {214, 821}, {215, 859}, {216, 838}, {217,
  841}, {218, 840}, {219, 818}, {220, 836}, {221, 848}, {222,
  840}, {223, 817}, {224, 795}, {225, 848}, {226, 781}, {227,
  907}, {228, 824}, {229, 825}, {230, 783}, {231, 818}, {232,
  813}, {233, 819}, {234, 850}, {235, 822}, {236, 805}, {237,
  835}, {238, 769}, {239, 540}, {240, 535}, {241, 285}, {242,
  257}, {243, 271}, {244, 258}, {245, 266}, {246, 241}, {247,
  293}, {248, 263}, {249, 246}, {250, 250}}


Except for the final few values (239 to 250), the distribution of
numbers is appears to be uniform.

Is this a good way of doing this? Are there any fundamental mathematical
flaws in this?

I do realise that the three word passphrase may be the weak part, but
there are issues with the end users remembering complex passwords or
long passphrases. Ideas on strengthening this would be appreciated.

If I have any gaping holes in my logic please tell me...

MiW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHP8TfmDNChCFC3rwRAoVsAJ9+SwJXEBtgcOtdAMwe0cbPjeM04QCgic7o
XDkN52AvQZHe8GqlRWJQfFI=
=28jn
-----END PGP SIGNATURE-----