Diceware is a method for creating passphrases, passwords, and other cryptographic variables using an ordinary die from a pair of dice as a hardware random number generator. For each word in the passphrase, five rolls of the dice are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five digit number, e.g. 43146. That number is then used to look up a word in a word list. In the English list 43146 corresponds to munch. Lists have been compiled for several languages, including English, Finnish, German, Italian, Polish, Romanian, Russian, Spanish and Swedish. A Diceware word list is any list of unique words, preferably ones the user will find easy to spell and to remember. The contents of the word list do not have to be protected or concealed in any way, as the security of a Diceware passphrase is in the number of words selected, and the number of words each selected word could be taken from.
The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bits of entropy to the passphrase (that is, bits). Five words (slightly over 64 bits) was considered the minimum length when the system was introduced in 1995, but in 2014 it was recommended that at least six words should be used.
This level of unpredictability assumes that a potential attacker knows both that Diceware has been used to generate the passphrase, the particular word list used, and exactly how many words make up the passphrase. If the attacker has less information, the entropy can be greater than 12.9 bits per word.
On the other hand, the construction of passphrases from thusly selected words needs consideration. Simply concatenating randomly chosen words may form words that are already in the word list, e.g., "in" and "put" form "input"; all three words can be found in the above mentioned word list. This decreases the entropy. A simple remedy could be to put spaces or other characters between the words, with the added benefit of increasing the entropy.
- Brute force attack
- Key size discusses how many bits of key are considered "secure".
- The PGP biometric word list uses two lists of 256 words, each word representing 8 bits.
- S/KEY uses a list of 2048 words to encode 64-bit numbers as 6 English words
- Password strength
- Random password generator
- Combinator attack
- Brodkin, Jon (2014-03-27). "Diceware passwords now need six random words to thwart hackers". Ars Technica.
- Internet Secrets, 2nd Edition, John R. Levine, Editor, Chapter 37, IDG Books, 2000, ISBN 0-7645-3239-1
JP Goldberg warns against using computer programs to generate passwords, including diceware passwords. "People shouldn't use passwords that have been generated by a remote service unless they have very very good reasons to trust the tool and the transmission of the data."
Goldberg added, "What makes diceware stronger is that the words (real or otherwise) are chosen completely at random (from the list). It is crucial that they be chosen at random. Using a list of real words, just means that the random password will be easier to remember than a random password generated otherwise."