Sample Diceware Passphrase: rawhiti-hohu-kaparu-pume-pirika-owhiro-taropo
Diceware
It's about securing your digital life.
(from WikipediA) Diceware is a method for a picking passphrase that uses ordinary dice to select words at random from a special list called the Diceware Word List . Each word in the list is preceded by a five digit number. All the digits are between one and six, allowing you to use the outcomes of five dice rolls to select a word from the list.
The original diceware word list consists of a line for each of the 7,776 possible five-die combinations.
And, Thanks to Donald J. Trump Person-Woman-Man-Camera-TV
is no longer a good passphrase.
The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bits of entropy to the passphrase. Originally, in 1995, Diceware creator Arnold Reinhold considered five words (64 bits) the minimal length needed by average users. However, starting in 2014, Reinhold recommends that at least six words (77 bits) should be used.
“Please confirm that no one has ever had a copy of your private key and that it uses a strong passphrase. Assume your adversary is capable of one trillion guesses per second.” — Edward Snowden, January 2013
Resources & Links
- (wikiwand) Diceware
- martbock/laravel-diceware
- Electronic Frontier Foundation
- Diceware - EFF
- Diceware Password Generator • Douglas Muth , and I am a software engineer in Philadelphia, PA.
- Diceware Password Generator • Stephen Ostermiller
- Mira Modi. A tenth grader in New York City, sells strong, secure passwords.
FAQ: What are some BAD use cases for Diceware?
You should not use Diceware in any cases where it is highly likely an attacker can get a copy of your encrypted password and use high-volume cracking attempts against it. A bad case--possibly the worst case--for using Diceware would be to secure your BitCoin wallet, because all BitCoin nodes have a copy of the BitCoin Ledger, and an attacker could attempt password cracking your wallet. (source: https://diceware.dmuth.org/)