Diceware

cube

Diceware ( English dice : cube ) is a simple method to generate secure and easily remembered passwords and passphrases with the help of a cube .

To generate a passphrase, several words are selected from a special word list and attached to one another. The words are determined by means of a dice, which here serves as a random number generator . Five dice rolls are used for each word, the eyes of which serve as digits of a five-digit senary number , for example 43142 . The corresponding word is selected from the word list on the basis of this number. In the German word list, 43142 corresponds to the word remember .

Despite the great length of the passphrases, they are easy to remember because the individual words can be memorized as units. The number of words in a passphrase depends on the security you want. The inventor of the method, Arnold G. Reinhold, has recommended 6 words or 5 words for normal users since 2014 and an additional character that is placed randomly.

Example of a six-word passphrase

1. A die is rolled five times. The numbers in our example are 4, 3, 1, 4 and 2.

2. The corresponding word is looked up in the word list. In our example it is memorize the word .

3. Steps 1 and 2 are repeated five times. In total, the following number-word pairs result in our example:

43142 merken
15613 boom
22543 ekd
66445 zonen
51615 ragt
32644 hurra

4. The passphrase for our example is remembering boom ekd zonen rags hurray .

It is important that the meaning of the individual words is known or that they are linked by an improvised story.

Safety calculation

One advantage of the Diceware method is that the predictability of passphrases can be easily calculated. With other methods of generating passwords, the security of the generated passphrases often cannot be determined. Every Diceware word adds bit entropy to a passphrase . Six words make a little more than 77 bits. ${\ displaystyle 5 \ cdot \ log _ {2} 6 \ approx 12 {,} 92}$

Numbers and special characters

Online services often require passwords with digits and special characters that cannot be created using the diceware method. But even then you can simply append the missing digits and special characters to the group of words you roll. This makes the password stronger.

Word lists

Word lists currently exist for the languages German, English, Esperanto, Finnish, French, Italian, Japanese, Catalan, Maori, Dutch, Norwegian, Polish, Russian, Swedish, Spanish and Turkish.

In July 2016, the EFF published new English-language word lists based on data from the University of Ghent . A short version of the word list with particularly memorable words and a lower entropy was developed. This works with only four dice, it is recommended to roll more often.

Web links

Individual evidence

↑ Jon Brodkin: Diceware passwords now need six random words to thwart hackers. (English); Ars Technica , March 27th 2014 (viewed December 22nd 2016)
^ Arnold G. Reinhold: Time to add a word. (English); The Diceware Security Blog , March 5, 2014 (viewed December 22, 2016)
^ Arnold G. Reinhold: The Diceware Passphrase Home Page. Diceware in Other Languages. January 10, 2016, accessed March 21, 2016 .
↑ EFF's New Word Lists for random passphrases. July 19, 2016, accessed on September 23, 2016 .

[1] Jon Brodkin: Diceware passwords now need six random words to thwart hackers. (English); Ars Technica , March 27th 2014 (viewed December 22nd 2016)

[2] Arnold G. Reinhold: Time to add a word. (English); The Diceware Security Blog , March 5, 2014 (viewed December 22, 2016)

[3] Arnold G. Reinhold: The Diceware Passphrase Home Page. Diceware in Other Languages. January 10, 2016, accessed March 21, 2016 .

[4] EFF's New Word Lists for random passphrases. July 19, 2016, accessed on September 23, 2016 .