The most popular is Arnold Reinhold’s Diceware list, first published in This list contains 7, words, equal to the number of possible. We’ll walk you through how to use EFF’s Long Wordlist [.txt] to generate a You can also use Arnold G. Reinhold’s Diceware word list, the original and still very. Diceware is a method for creating passphrases, passwords, and other cryptographic variables The original diceware word list consists of a line for each of the 7, possible five-die combinations. One excerpt: mulct mule.
|Published (Last):||22 July 2009|
|PDF File Size:||14.75 Mb|
|ePub File Size:||9.13 Mb|
|Price:||Free* [*Free Regsitration Required]|
I use Wotd to generate passphrases, and am very happy with the ease of the process and the security of the results. Of course, you can re-run the generation process if you get a bad passphrase, but that reduces entropy. Since rejecting unsuitable passphrases reduces the entropy, are there alternative word lists available, or is there some other strategy to ensure Diceware only generates useful passphrases?
Diceware – Wikipedia
While the Diceware passphrase generation system is sound, you aren’t the first person to express concerns about the default wordlist. The nice thing is that you can create your own wordlist that works with Arnold’s system. That gives you flexibility in eliminating sord words and replacing words deemed too short or obscure. In fact, several organizations have already created their own word lists for use with Diceware. The most recent was Joseph Bonneau’s work for the EFF to develop several wordlist variations that focus on improving usability of the resulting passphrases.
This is really great work and is the first place Lst point you when considering an alternative to the default wordlist. As far as the possibility of generating short passphrases with the original word list, I estimated that sord. So while it’s not ideal to reduce overall system entropy, this has a very small impact on security.
Arnold also recommends separating words with spaces, so that should pad even a 6 word passphrase composed of single letter words to 11 characters. The creator of Diceware addresses some of these issues in the FAQ. These have been analyzed enough that you can probably find usage frequencies for them to narrow down your word list to common words only. That leads to a couple other ideas. If you want common words, why not find lists of words for teaching language to non-native speakers, such as the New General Service List?
Or maybe you can find a list of words taught to children on a teaching resources site of some kind I was not able to find a long enough list for free. You may be able to find frequency analysis of a kind in spell checker lists to obtain and focus a list from there. Some dictionaries may have this information available, especially for a fee; for a free option, wiktionary has frequency lists in addition to their full index. Unfortunately this sort of information is not all that easy to come by, as evidenced by the fact that people are apparently still doing active research to find frequent or memorable words.
That’s about all I could find while looking for word lists for a keepass plugin to which I contribute.
Diceware Word List Comparisons
Home Questions Tags Users Unanswered. Is there a better Diceware word list? Where I have an issue is with the word list itself. It contains problematic words like “rape” and “negro” that I can’t reasonably use in a passphrase I want to send to a third party. It contains many obscure words like “eagan” and “scurry” that are hard to remember how to spell.
It contains many very short words, so it is possible for a strong six-word Diceware password to only be 6 characters long. Oct 23 ’17 at NH The classic example would be creating a new user account and setting a temporary password which you provide the user so they can log on for the first time before changing the password to one they generate themselves. Jan 9 at I would argue that temporary passwords should meet your password strength policy just the same as permanent ones.
For one thing they actually are the password during the brief time before they are reset. More importantly, you are showing the user an example of what a password looks like. Show them a weak one and they’ll think its OK for them to use a weak one. PwdRsch 7, 1 23 Look up the obscure words in a dictionary; this will help you remember them.
The short ljst are there to keep the passphrase short for the convenience of people who have to type their passphrase in many times a day If your passphrase is under 14 characters long throw it away and roll a new one; the reduction in entropy is small enough not to worry about. Ben 2, 6 Sign up or log in Sign up using Google. Sign up using Facebook.