Diceware
Encyclopedia
Diceware is a method for creating passphrase
s, password
s, and other cryptographic variables using ordinary dice
as a hardware random number generator
. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g. 43146. That number is then used to look up a word in a word list. In the English list 43146 corresponds to munch. Lists have been compiled for several languages, including English
, Finnish
, German
, Italian
, Polish
, Russian
, Spanish
and Swedish
. A Diceware word list is any list of unique words, preferably ones the user will find easy to spell and to remember. The contents of the word list do not have to be protected or concealed in any way, as the security of a Diceware passphrase is in the number of words selected, and the number of words each selected word could be taken from.
The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bit
s of entropy to the passphrase (that is, bits). Five words (slightly over 64 bits) are considered a minimum length.
This level of unpredictability assumes that a potential attacker knows both that Diceware has been used to generate the passphrase, the particular word list used, and exactly how many words make up the passphrase. If the attacker has less information, the entropy can be greater than 12.9 bits per word.
Diceware passphrases can be difficult to remember and some may prefer other methods, such as using the initial letters of a memorable phrase (for instance, "To be or not to be, that is the question
" becomes "Tbontb,titq"). Estimating the entropy of the phrase using the latter approach is more difficult. In this example, the phrase used is very well known (being from Shakespeare) and so is easily guessed, as for instance by using a phrase dictionary. Thus, the entropy of this example is low. Higher entropy can be had from user chosen phrases handled this way, if the user is careful to avoid guessable phrases.
If the length of Diceware passphrases are assumed to be known to an attacker, then the passphrases yield less entropy than the ideal 64.62 bits when used with dictionaries containing variable-length words. This is because the length of the resulting passphrases "leak" information about their composition.
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
s, password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s, and other cryptographic variables using ordinary dice
Dice
A die is a small throwable object with multiple resting positions, used for generating random numbers...
as a hardware random number generator
Hardware random number generator
In computing, a hardware random number generator is an apparatus that generates random numbers from a physical process. Such devices are often based on microscopic phenomena that generate a low-level, statistically random "noise" signal, such as thermal noise or the photoelectric effect or other...
. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g. 43146. That number is then used to look up a word in a word list. In the English list 43146 corresponds to munch. Lists have been compiled for several languages, including English
English language
English is a West Germanic language that arose in the Anglo-Saxon kingdoms of England and spread into what was to become south-east Scotland under the influence of the Anglian medieval kingdom of Northumbria...
, Finnish
Finnish language
Finnish is the language spoken by the majority of the population in Finland Primarily for use by restaurant menus and by ethnic Finns outside Finland. It is one of the two official languages of Finland and an official minority language in Sweden. In Sweden, both standard Finnish and Meänkieli, a...
, German
German language
German is a West Germanic language, related to and classified alongside English and Dutch. With an estimated 90 – 98 million native speakers, German is one of the world's major languages and is the most widely-spoken first language in the European Union....
, Italian
Italian language
Italian is a Romance language spoken mainly in Europe: Italy, Switzerland, San Marino, Vatican City, by minorities in Malta, Monaco, Croatia, Slovenia, France, Libya, Eritrea, and Somalia, and by immigrant communities in the Americas and Australia...
, Polish
Polish language
Polish is a language of the Lechitic subgroup of West Slavic languages, used throughout Poland and by Polish minorities in other countries...
, Russian
Russian language
Russian is a Slavic language used primarily in Russia, Belarus, Uzbekistan, Kazakhstan, Tajikistan and Kyrgyzstan. It is an unofficial but widely spoken language in Ukraine, Moldova, Latvia, Turkmenistan and Estonia and, to a lesser extent, the other countries that were once constituent republics...
, Spanish
Spanish language
Spanish , also known as Castilian , is a Romance language in the Ibero-Romance group that evolved from several languages and dialects in central-northern Iberia around the 9th century and gradually spread with the expansion of the Kingdom of Castile into central and southern Iberia during the...
and Swedish
Swedish language
Swedish is a North Germanic language, spoken by approximately 10 million people, predominantly in Sweden and parts of Finland, especially along its coast and on the Åland islands. It is largely mutually intelligible with Norwegian and Danish...
. A Diceware word list is any list of unique words, preferably ones the user will find easy to spell and to remember. The contents of the word list do not have to be protected or concealed in any way, as the security of a Diceware passphrase is in the number of words selected, and the number of words each selected word could be taken from.
The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s of entropy to the passphrase (that is, bits). Five words (slightly over 64 bits) are considered a minimum length.
This level of unpredictability assumes that a potential attacker knows both that Diceware has been used to generate the passphrase, the particular word list used, and exactly how many words make up the passphrase. If the attacker has less information, the entropy can be greater than 12.9 bits per word.
Diceware passphrases can be difficult to remember and some may prefer other methods, such as using the initial letters of a memorable phrase (for instance, "To be or not to be, that is the question
To be, or not to be
"To be, or not to be" is the opening phrase of a soliloquy from William Shakespeare's play Hamlet , Act III, Scene 1. It is the best-known quotation from the play and probably the most famous in world literature but there is disagreement on its meaning, as there is of the whole speech.- Text :This...
" becomes "Tbontb,titq"). Estimating the entropy of the phrase using the latter approach is more difficult. In this example, the phrase used is very well known (being from Shakespeare) and so is easily guessed, as for instance by using a phrase dictionary. Thus, the entropy of this example is low. Higher entropy can be had from user chosen phrases handled this way, if the user is careful to avoid guessable phrases.
If the length of Diceware passphrases are assumed to be known to an attacker, then the passphrases yield less entropy than the ideal 64.62 bits when used with dictionaries containing variable-length words. This is because the length of the resulting passphrases "leak" information about their composition.
See also
- Brute force attackBrute force attackIn cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
- Key sizeKey sizeIn cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
discusses how many bits of key are considered "secure". - The PGP biometric word list uses two lists of 256 words, each word representing 8 bits.
- S/KEYS/KEYS/KEY is a one-time password system developed for authentication to Unix-like operating systems, especially from dumb terminals or untrusted public computers on which one does not want to type a long-term password. A user's real password is combined in an offline device with a short set of...
uses a list of 2048 words to encode 64-bit numbers as 6 English words - Bubble Babble uses a list of 6 vowels and a list of 17 consonants to encode binary data into pronounceable pseudowords.
External links
- English diceware page has the complete description and a word list.
- Dialdice has a nicely formatted word list.