Create strong passphrases with EFF's new random number generators! This page includes information about passwords, different wordlists, and EFF's suggested method for passphrase generation. Use the directions below with EFF's random number generator dice or your own set. For most applications, we suggest making a six-word passphrase.
|Published (Last):||21 March 2011|
|PDF File Size:||9.73 Mb|
|ePub File Size:||3.72 Mb|
|Price:||Free* [*Free Regsitration Required]|
Diceware is a highly secure system for generate passwords. I recommend it to anyone for password generation. Strictly speaking these are "passphrases," not passwords. But it's what you're going to enter into the little box labeled "password," so close enough. But, once you've decided to use Diceware, which list do you use? So long as the list is entirely filled with unique entries, just about any list is secure. So what matters is how easy is it to remember. Unfortunately, it's not a matter of just rolling up a password, and if you don't like it, just rolling up another.
Doing so means you're filtering out some possible passwords, which reduces your security. For maximum security, you want to commit to using whatever it rolled, exactly as it appears. To help myself decide, I had a computer program roll up a bunch of passwords for each system so I could get a sense of how memorable they were before doing my real roll. Warning: Do not use the passwords below. That is, the word long phrases, not the individual words.
They're published, therefore you have to assume password crackers are testing them. Also, do not use my program to generate your own password; it's good enough for examples, but has serious security flaws for real world use. Do like Reinhold says and break out some actual dice to roll. Per Reinhold's suggestion, I'm working with 6 word phrases as a reasonable default. For the EFF short lists, I'm using 8 words to reach the same level of security.
In includes memorable non-words, punctuation, and the occasionally offensive word. Examples: fi byrd sold ul nay scowl farce car gap ts slab heavy float bowl vivo heine link cumin siege daze haley norway croon ul wf croft 74th inter nit loath stole were sheaf jq 66 alamo ww envy chink clung madam flaw rj bx ecole spun til cockle parr altar scala acton dd grail rand wilkes work sprue song rink pence void hymnal claus dobson sinh swoop dub dead gimpy icky talk pine mush plain fuzz ogden she'd rouse autumn talus remus cutlet knee aj gad neuron walton rupee seep pqr sam arab yawn 39th lawson ifni muffin buggy salad swoop stout boost eta nasty howl land lice book peale bugle missy bunt addis gnaw acton decker roar arlen Beale's List Word List: original local mirror Website Average length: 4.
Examples: karol byte wnw shrug ascend lover easel kept diary creole nacl hail malice spry aeiou beryl pose lye wait dorm mops canvas gv convoy edict forms semen spade elude b nab 10 boris nag wharf pawns ever liars reef eve karol chief tgif pinup spoof manna aches vases hhh 44 mx um tusks medley eve bores tugs arena entry lj give inept zn chord more come katie blown betray layer pipe period abel climb sand lz along adios foamy heckle juicy bevy era front louse tabu baal stars ivory totem tbsp tank curry omits soapy debit finn eave epsom sobs punks knots gui aryan tier purge mulch metro reset er topple rocket arrive pie soak naked rafts iris xiii bleed EFF Long Word List: original local mirror Website Average length: 7.
They attempted to remove homonyms, hard-to-spell words, and potentially offensive words. As a result, the average word length is much longer. However, the shorter list means you need more words for the same security.
To achieve the same security as 6 words from the long list, you need 8 words. Examples: keg skies faced gray perch dish tarot lilac rice sport yeast musky volt drive good gloss bony basil petri radar drone chili shade clear email twirl same king cried bless puppy judge thus salsa fit harm deck lair mom slam vixen cover lily shore scrub sharp data ditch slob thorn both vegan stoop cure fifth theme skip pest couch ripen icing yo-yo train koala elf track visa boss same pager derby saved dance water tint ruby cheer gray grunt taste pluck evoke poet liver hash emu swell steep trash slept hush rake wise shown rail sway equal bride alibi stump civil heave spied party dry sax echo cross swim boots tummy chest ebay late pry trick skies saint lift judge grief many bud golf glove sepia dove year book clump cargo duct whiff skip throb dash nacho shun lion crook ranch sling sip undo blend fax sharp large edge twice iron dance silly knee dodge bony growl shown stall coat EFF Short Variant Word List: original local mirror Website Average length: 7.
The result is that software could hypothetically autocomplete or correct spelling to help the user.
Subscribe to RSS
Diceware is a method for creating passphrases , passwords , and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five rolls of the dice are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five-digit number, e. That number is then used to look up a word in a word list. In the English list corresponds to munch. By generating several words in sequence, a lengthy passphrase can be constructed.
Deep Dive: EFF's New Wordlists for Random Passphrases
Diceware is used to generate cryptographically strong passphrases. Don't let that frighten you away though, a passphrase is just a password made of words you can remember. It is based on the principle that truly random selection of words from a wordlist , can result in easily memorable passwords that are also extremely resistant to attack. Traditional Diceware uses rolls of physical dice, this application uses a strong random number generator in place of the dice. Passwords that are six words or longer are thought to be safe for any very high security applications.
Diceware Word List Comparisons
This page offers a better way to create a strong, yet easy to remember, passphrase for use with encryption and security programs. Weak passwords and passphrases are one of the most common flaws in computer security. Take a few minutes and learn how to do it right. The information presented here can be used by anyone. No background in cryptography or mathematics is required. Just follow the simple steps below. Try our free Big Number Calculator Java applet.
Diceware Password Generator
Diceware Password Generator Generate high-entropy passwords the easy way! Error: Whoa there! Your browser doesn't have the getRandomValues function. This means that dice rolls you make will not be cryptogrpahically secure! Please try another browser.