Diceware Passphrases

Diceware is a method of easy-to-remember, easy-to-type, secure passphrase and password generation. It works completely off-line and requires no computer whatsoever, apart from retrieving the Diceware list. By taking the passphrase generation off-line there is less room for mistakes to be made.

The reason these password are easy to remember is that they are simply a series of words in your native language. This also tends makes them easier to type without lots of practice as you should already be used to typing words.

You can grab the word lists directly,

Diceware Word List
Beale's Diceware Word List

The lists are cryptographically signed by Arnold G. Reinhold so you can verify that I have not tampered with it. I must also note that, unfortunately, the author requires that this list only be distributed non-commercially, which limits its usefulness but allows me to distribute it here.

I also came across another list called DialDice, which I have mirrored here and signed with my own key,

DialDice Word List

Diceware works by rolling five 6-sided dice (or rolling one 6-sided die five times, etc.) and using the result to look up the word in one of the above lists of 6^5, or 7776, words. Each word is worth about 12.9 bits of entropy,

log2(7776) =~ 12.9248

So if you want a password worth about 40 bits — which is about 7 letters of a random alphanumeric password — you would generate three Diceware words. They can be concatenated in any order and in any fashion. When I use Diceware, I just mash them together, like "lancealertgrow". Note that the space bar makes a distinctive sound when pressed, so if you put spaces between your words a listener will be able to tell how many words you use.

If you don't like what you rolled the first time, DO NOT generate a new one as an attempt to get someting "better". If you do this, you will greatly weaken your passwords because you are selecting passwords from a much smaller pool of possibilities (a very small pool that contains only passwords you like).

The number of possible three-word passwords is 470,184,984,576. That's right: 470 billion. Because you are selecting passwords with dice, each password is as equally likely as the next. Even if an attacker knew you used Diceware and knew what word list you used, that still leaves a handful of guesses out of that 470 billion possibilities.

At first it may be confusing, but it actually doesn't matter what the words are or how long they are. It doesn't matter that there are no capitals or special characters. It is the simple fact that there are 7776 words, and one was selected three times.

7776 * 7776 * 7776 = 470184984576

The Diceware website goes into a bit more detail on this.

If the computer system you use annoyingly requires passwords to contain special characters (which is done to increase entropy in passwords that actually are poor), Diceware also provides a method of adding some of those, which adds a couple more bits worth of entropy. If you don't care about those extra bits, you can throw your own in.

For passphrases, Diceware recommends 6 words, about 77.5 bits, which it claims should be out of range of brute-force attacks from anyone for at least the next 20 years. If you really think you need more than 6 words, you should consider hiring guards for all your computer equipment.

I was working on my own Diceware word list to release into the public domain. The purpose was to provide a word list without any distribution restrictions, unlike all the Diceware lists I have found. But making word lists is hard! I wrote a number a little filters — word length, no sub-words, spell checking, no special characters, etc — to pull out good words from a large word list, then used some sample English text from Wikipedia to get some frequency information so that I am was selecting common words over less common words. I still need to go over the final list by hand to make sure it all looks good. This is a long tedious process. Carefully examining 7776 words is quite a lot of work. Someday I will finish it.

In the event that you don't have any dice available, or you want to be able to generate Diceware passwords on the fly automatically, I have written a little program that will use /dev/random, assuming there is a true RNG behind it, to roll virtual dice. It can use a Diceware word list or your local dictionary word list which contains many more words (usually found at /usr/share/dict/words). Grab it here,

passgen.pl

To get help, just run it with --help. So, to generate a two word password using the local dictionary,

$ ./passgen.pl -w2
Bits per word: 14.4421011596755
Key length: 28.8842023193511
grisly cog

It also tells you how many bits the password is worth.

I highly recommend Diceware for your password and passphrase generation.

Have a comment on this article? Start a discussion in my public inbox by sending an email to ~skeeto/public-inbox@lists.sr.ht [mailing list etiquette] , or see existing discussions.

This post has archived comments.

null program

Chris Wellons

wellons@nullprogram.com (PGP)
~skeeto/public-inbox@lists.sr.ht (view)