Diceware

TL;DR

Diceware is an interesting implementation of the principle explained by xkcd 936.

Implementing the hint in xkcd 936 is relatively straightforward:

  • come up with a list of words
  • come up with a way to extract words from them with uniform randomness.

If our list contains $N$ words, drawing $k$ words randomly means that there are $N^k$ possible passphrases. In XKCD’s example, the list is comprised of $N = 2048$ words, but that’s hypothetical.

It turns out that somebody took the time to write their own list, and chose to put $6^5 = 7776$ different words inside (not all of them are real words, but they are assumed to be easily remembered things).

Why that number? This has to do with the second thing we need to implement the system, i.e. come out with random words for each choice. In this case, if we roll 5 dice in sequence, we end up with 1 in 7776 possible values, each mapped onto one of those words. So if we do this four times… we end up with four words.

Enter Diceware. They suggest to generate six words, not four, but this does not change the generation, just how strong the final result will be (which should be part of a personal assessment of how many bits of entropy we need in our case).

One interesting thing about the project is that it has been translated into many languages. As an example, there is a list suitable for Italians.

I’m not too enthusiastic about the specific word list (including the Italian one), because it contains too many numbers and strange sequences of letters, so I’m a bit skeptical that many people I know will be happy about them.

It seems that I’m in good company as the EFF decided to generate a different list for Diceware. Alas, this is an English-based list and I can’t see anything like that in Italian. Still a good start though, especially for native English speakers (or for people who are good with English-only passphrases).

Stay safe and use strong passwords/passphrases!


Comments? Octodon, , GitHub, Reddit, or drop me a line!