My Diceware method
My Diceware method
Posted November 25, 2018
Last updated February 24, 2019 | 8ec2bc9
4 minute read
In my journey down the rabbit hole of security, at some point I came across Diceware, probably in some discussion about xkcd #936. If this is the first time you’re hearing of Diceware, I will summarize it as a way of using the natural random entropy generated by rolling five dice to generate a secure passphrase for keeping your most valuable digital items secure. I just thought it was the coolest thing, and it made so much sense to create a long passphrase that is easy to remember, but hard to crack.
In my infinite overdoing of things that I fall victim to sometimes, I have modified the original Diceware method a bit. And in the spirit of open source, I thought I’d share my modifications!
What you will need 🔗
To travel down my same path, you’ll need to grab: 1. a trusty set of polyhedral dice 2. five of your favorite casino dice and we can generate a great passphrase. Oh wait…you’ll also need a 3. wordlist!
The standard wordlist (or any of the EFF or other variations) should work just fine, but I’m using a special wordlist (which is the EFF wordlist plus some extra characters at the end) that I can only attribute to “Dr. October”. The original post I found the wordlist a part of was (but archived by archive.org) at Hackaday.io. With the instructions on that page, I was able to create myself a pocket sized version using the other PDF linked on that page, but that’s another story.
So now that we have all of our materials, we can finally generate our passphrase.
The steps 🔗
You could definitely just roll five dice five (or more) times to get a passphrase that should be able to stand on its own, but I have come up with some ways to generate more randomness through analog means.
Generating the phrase 🔗
- Roll 8-sided die to choose number of words (
N
) (re-roll if less than 4)- I’ll pretend I rolled a 5
- Roll your five dice
N
times (5 for my example) to come up with a random phrase, such as:
carnage
manager
ahoy
disprove
tiger
Spicing it up 🔗
Now, to make it more secure, do the following:
- Roll 4-sided die to see how many words to capitalize (
R
)- I’ll pretend I rolled a 2
- Roll the 8-sided die
R
times to see which word to capitalize (re-rolling if the number is higher thanN
)- I’ll pretend I rolled a 4 and a 1
- Roll the D6 die to see how many extra symbols to add to the end (
Z
)- I’ll pretend I rolled a 2
- I’ve rolled twice to get 5-1-1 (
!
) and 4-3-1 (c
)
- Roll the 20-sided die to see if words are separated by spaces (even number) or a symbol (odd number)
- if an odd number is rolled in step 6, roll three D6 dice to find the delimiting symbol
- I’ll pretend I rolled a 19
- I will roll three D6 dice to determine the symbol from the same symbols on the last three pages of the EFF wordlist
- I have rolled 5-1-3 (
+
)
And that is how I have modified Diceware to generate even more secure passphrases. I highly suggest this method if you have a spare set of polyhedral dice and you like complex passphrases.