diceware
{{short description|Method for generating passphrases using dice}}
File:Dice_-_1-2-4-5-6.jpg "monogram" on an updated EFF cryptographic word list]]
Diceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five rolls of a six-sided die are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five-digit number, e.g. 43146. That number is then used to look up a word in a cryptographic word list. In the original Diceware list 43146 corresponds to munch. By generating several words in sequence, a lengthy passphrase can thus be constructed randomly.
A Diceware word list is any list of {{math|6{{sup|5}} {{=}} {{val|7776|fmt=gaps}}}} unique words, preferably ones the user will find easy to spell and to remember. The contents of the word list do not have to be protected or concealed in any way, as the security of a Diceware passphrase is in the number of words selected, and the number of words each selected word could be taken from. Lists have been compiled for several languages, including Basque, Bulgarian, Catalan, Chinese, Czech, Danish, Dutch, English, Esperanto, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Latin, Māori, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish and Turkish.{{Cite web |last=Reinhold |first=Arnolod G. |title=The Diceware Passphrase Home Page |url=https://theworld.com/~reinhold/diceware.html |access-date=2024-10-31 |website=}}
The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bits of entropy to the passphrase (that is, bits). Originally, in 1995, Diceware creator Arnold Reinhold considered five words ({{val|64.6|u=bits}}) the minimal length needed by average users. However, in 2014 Reinhold started recommending that at least six words ({{val|77.5|u=bits}}) be used.{{cite web | url = https://arstechnica.com/information-technology/2014/03/diceware-passwords-now-need-six-random-words-to-thwart-hackers/ | title = Diceware passwords now need six random words to thwart hackers | first = Jon | last = Brodkin | date = 27 March 2014 | work = Ars Technica | access-date = 14 June 2017 | archive-date = 30 September 2017 | archive-url = https://web.archive.org/web/20170930002657/https://arstechnica.com/information-technology/2014/03/diceware-passwords-now-need-six-random-words-to-thwart-hackers/ | url-status = live }}
This level of unpredictability assumes that potential attackers know three things: that Diceware has been used to generate the passphrase, the particular word list used, and exactly how many words make up the passphrase. If the attacker has less information, the entropy can be greater than {{val|12.9|u=bits|up=word}}.{{Cite journal |last1=Antonov |first1=Petar |last2=Georgieva |first2=Nikoleta |date=2020 |title=Security Analysis of Diceware Passphrases |journal=Information & Security|volume=47 |issue=2 |pages=276–282 |doi=10.11610/isij.4719 |s2cid=222234719 |issn=0861-5160 |doi-access=free }}
The above calculations of the Diceware algorithm's entropy assume that, as recommended by Diceware's author, each word is separated by a space. If, instead, words are simply concatenated, the calculated entropy is slightly reduced due to redundancy; for example, the three-word Diceware phrases "in put clammy" and "input clam my" become identical if the spaces are removed.
EFF wordlists
The Electronic Frontier Foundation published three alternative English diceware word lists in 2016, further emphasizing ease-of-memorization with a bias against obscure, abstract or otherwise problematic words; one tradeoff is that typical EFF-style passphrases require typing a larger number of characters.{{cite news|title=Change Your Password: This New Word List Makes the Diceware Method User Friendly|url=http://observer.com/2016/09/eff-diceware-passwords/|access-date=4 December 2016|work=Observer|date=22 September 2016|archive-date=6 October 2022|archive-url=https://web.archive.org/web/20221006143014/https://observer.com/2016/09/eff-diceware-passwords/|url-status=live}}{{cite web|title=EFF's New Wordlists for Random Passphrases|url=https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases|website=Electronic Frontier Foundation|access-date=4 December 2016|date=19 July 2016|archive-date=28 June 2023|archive-url=https://web.archive.org/web/20230628180925/https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases|url-status=live}}
Snippet
The original diceware word list consists of a line for each of the {{val|7776|fmt=commas}} possible five-die combinations. One excerpt:{{cite web|url=https://world.std.com/~reinhold/diceware.wordlist.asc|title=Diceware wordlist|access-date=4 December 2016|website=world.std.com |archive-url=https://web.archive.org/web/20161205210511/http://world.std.com/~reinhold/diceware.wordlist.asc|archive-date=5 December 2016|url-status=dead}}
...
43136 mulct
43141 mule
43142 mull
43143 multi
43144 mum
43145 mummy
43146 munch
43151 mung
...
Examples
Diceware wordlist passphrase examples:
- dobbs bella bump flash begin ansi
- easel venom aver flung jon call
EFF wordlist passphrase examples:
- conjoined sterling securely chitchat spinout pelvis
- rice immorally worrisome shopping traverse recharger
The [https://xkcd.com/936/ XKCD #936 strip] shows a password similar to a Diceware generated one, even if the used wordlist is shorter than the regular {{val|7776|fmt=commas}}-words list used for Diceware.{{cite web|title=explanation of the webcomic and the differences with regular diceware|url=https://explainxkcd.com/wiki/index.php/936:_Password_Strength|url-status=live|access-date=2021-12-19|website=explainxkcd.com|archive-url=https://web.archive.org/web/20140125052043/http://www.explainxkcd.com:80/wiki/index.php/936:_Password_Strength |archive-date=2014-01-25 }}
See also
- Brute-force attack
- Key size discusses how many bits of key are considered "secure".
- The PGP biometric word list uses two lists of 256 words, each word representing 8 bits.
- S/KEY uses a list of 2,048 words to encode 64-bit numbers as six English words
- Password strength
- Random password generator
- Hashcat
- What3Words
Notes
{{reflist}}
References
- Internet Secrets, 2nd Edition, John R. Levine, Editor, Chapter 37, IDG Books, 2000, {{ISBN|0-7645-3239-1}}
External links
- [http://world.std.com/~reinhold/diceware.html English diceware page] has the complete description and word lists in several languages.
- [https://web.archive.org/web/20161005122020/http://password.diet/ A client-side diceware multi-wordlist password generator with complete source code]
- [https://diceware.dmuth.org/ Web-based diceware app that uses the cryptographically secure getRandomValues() function]
- [https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases English Diceware wordlist] from the Electronic Frontier Foundation
- {{GitHub|https://github.com/dmuth/diceware}}