Spike

Spike

Seasoned Software Engineer and Problem Solver

Diceware for Passwords

2 minute read

Making up passwords is hard. You want something you can remember which is and you need something difficult to guess or brute force.

For countless years, I have been a fan of Diceware for generating memorable passwords, really pass-phrases, and you should be too. (Purely coincidentally, it lives on a server, the first version of which I setup in 1989!)

At its heart Diceware is simple, it’s a list of 7,776 words that looks like:

13243   bale
13244   bali
13245   balk
13246   balkan
13251   balky
13252   ball
13253   balled
13254   ballot
13255   balm
13256   balmy

Why 7,776? Because each word has a 5 digit identifier and each digit of that identifier is a number from 1-6. ‘6**5 = 7776’. That may seem strange, but it means that each a random word can be selected by rolling 5 (6-sided, you nerd) dice.

If I roll five dice and get 1, 3, 2, 5, and 1, I would find 13251 and get balky from the standard English Diceware list. Repeat five more times and I would get something like

balky lobar stall shim lowry fuse

It’s a strange bit of prose, but it’s also something you can actually remember if you put you mind to it.

The absolutely safest way to generate these passwords is to use actual, physical dice. Roll five of them six times and use those numbers. But… You’re not going to do that are you?

OK, if you want some code, it might look like:

#!/usr/bin/env ruby
DICEWARE_LIST = '/path/to/diceware.wordlist.asc.asc'

count = (ARGV[0] || 6).to_i

def roll_dice # Roll a 6 sided di(c)e
  1 + rand(6)
end

rolls = count.to_i.times.collect do # Collect up count rolls
  5.times.collect{ roll_dice }.join
end

password = []
File.open(DICEWARE_LIST) do |f|
  f.each_line do |line|
    next unless (line =~ /^\d\d\d\d\d/) # Not all lines are words
    key,word = line.split
    if index = rolls.index(key) # Is the key something we rolled?
      password[index] = word
    end
  end
end

puts password.join(' ')

Running the script will spit out six, randomly selected words. If six is not you thing, it optionally takes a numeric argument for the number of words you want.

A six word Diceware pass-phrase has 77 bits of entropy which is strong. Need numbers or symbols in your pass-phrase? Visit the Diceware page for a technique using dice to add numbers and symbols to the words you generate. You’ll also find word lists in Dutch, Esperanto, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish and Turkish.

There are no perfect passwords, but with Diceware in your toolbox yours will be better.

Tags:

Updated:

Comments

You May Also Enjoy

Building Emacs 27.1 on macOS Big Sur

1 minute read

It’s been a while since I posted a Emacs build walk-through, one version of macOS has come and gone and a new major version of Emacs has arrived, let’s get t...

Not Stupid SSH Tricks: Automatic ssh-add

less than 1 minute read

If you password protect your SSH keys (and you should) and you don’t store those passwords in your macOS keychain or Linux equivalent (slightly paranoid, but...