Diceware
Diceware ( English dice : cube ) is a simple method to generate secure and easily remembered passwords and passphrases with the help of a cube .
To generate a passphrase, several words are selected from a special word list and attached to one another. The words are determined by means of a dice, which here serves as a random number generator . Five dice rolls are used for each word, the eyes of which serve as digits of a five-digit senary number , for example 43142 . The corresponding word is selected from the word list on the basis of this number. In the German word list, 43142 corresponds to the word remember .
Despite the great length of the passphrases, they are easy to remember because the individual words can be memorized as units. The number of words in a passphrase depends on the security you want. The inventor of the method, Arnold G. Reinhold, has recommended 6 words or 5 words for normal users since 2014 and an additional character that is placed randomly.
Example of a six-word passphrase
1. A die is rolled five times. The numbers in our example are 4, 3, 1, 4 and 2.
2. The corresponding word is looked up in the word list. In our example it is memorize the word .
3. Steps 1 and 2 are repeated five times. In total, the following number-word pairs result in our example:
43142 merken 15613 boom 22543 ekd 66445 zonen 51615 ragt 32644 hurra
4. The passphrase for our example is remembering boom ekd zonen rags hurray .
It is important that the meaning of the individual words is known or that they are linked by an improvised story.
Safety calculation
One advantage of the Diceware method is that the predictability of passphrases can be easily calculated. With other methods of generating passwords, the security of the generated passphrases often cannot be determined. Every Diceware word adds bit entropy to a passphrase . Six words make a little more than 77 bits.
Numbers and special characters
Online services often require passwords with digits and special characters that cannot be created using the diceware method. But even then you can simply append the missing digits and special characters to the group of words you roll. This makes the password stronger.
Word lists
Word lists currently exist for the languages German, English, Esperanto, Finnish, French, Italian, Japanese, Catalan, Maori, Dutch, Norwegian, Polish, Russian, Swedish, Spanish and Turkish.
In July 2016, the EFF published new English-language word lists based on data from the University of Ghent . A short version of the word list with particularly memorable words and a lower entropy was developed. This works with only four dice, it is recommended to roll more often.
Web links
- English Diceware website
- German diceware word list
- English diceware word list
- Instructions for creating new lists
Individual evidence
- ↑ Jon Brodkin: Diceware passwords now need six random words to thwart hackers. (English); Ars Technica , March 27th 2014 (viewed December 22nd 2016)
- ^ Arnold G. Reinhold: Time to add a word. (English); The Diceware Security Blog , March 5, 2014 (viewed December 22, 2016)
- ^ Arnold G. Reinhold: The Diceware Passphrase Home Page. Diceware in Other Languages. January 10, 2016, accessed March 21, 2016 .
- ↑ EFF's New Word Lists for random passphrases. July 19, 2016, accessed on September 23, 2016 .