Monday, December 14, 2009

Secure Passwords with Diceware

Good passwords or passphrases are crucial. They are used as login to protect your computer or e-mail accounts, to encrypt files or to verify that you are who you say you are, and above all, to protect your privacy. It is obvious that no one should be able to guess your password or devise an automated attack, fast enough to go through all possible combinations.

Picking a good password isn't that easy. It should be easy to remember (but not for the bad guys) and at the same time be strong enough. You could use the commonly suggested combinations of lower and upper case letters, punctuations and symbols. This isn't the most convenient solution.

Diceware is another way to compose strong password phrase. A Dice passphrases is a combination of words, selected from a list of 7776 words. No fancy software, on-line generated stuff or complicated algorithms. Each word is selected randomly by throwing a dice five times (65=7776). A combination of five words gives 28.418 possible combinations, comparable with a 64 bit key, which is pretty strong and sufficient for general use. Six words provide a 77 bit strength and seven words 90 bits, which is more than sufficient for today's and future computer power. Since all combinations are completely random, there's no other way to find the passphrase, other than searching trough all possible combinations, which is an infeasible task.

All you need is the Diceware word list and a dice, and to memorize five or more words. And it's all for free! All about Diceware is found on Arnold Reinhold's Diceware website. Meanwhile, the Dice word list is available in many different languages. It's the perfect method to select mathematically strong and secure passwords.

1 comment:

dougsko said...

Now you can create diceware pass phrases using an Android device!

https://market.android.com/details?id=com.dougsko.diceware&feature=search_result