Following up on let’s month’s post about passwords, this article will cover how to create good passphrases. Specifically, creating them using a technique called diceware. I’ll go over what it is, why to use it, and how to generate one.
What is diceware?
Diceware is a method of randomly choosing words to use in a passphrase via ‘dice rolls’. Hence the name. Basically, every word is assigned a number, and numbers are chosen by rolling dice.
If you’ve ever seen the XKCD cartoon about password strength (https://xkcd.com/936/) you can easily generate a strong password, like ‘Horse-Battery-Staple’ (don’t use this one) using diceware. And, that’s much easier to remember than ”Tr0ub4dor&3″.
Why use dicware?
Longer passwords are stronger than shorter ones. We won’t dive into all the reasons here, but if you want to learn more, check out this article: https://www.betterbuys.com/estimating-password-cracking-times/.
Basically, just adding one more character to your password increases it’s strength exponentially. But, longer passwords are often harder to remember.
Diceware let’s you quickly and easily generate a long password that is easy to remember.
Creating a diceware passphrase
While the are lots of websites to generate a diceware password online, that’s a whole other trust concern that we won’t get into here. Keep reading to learn about how to generate a passphrse on your own computer.
If you’re a Windows user, there’s a PowerShell script derived from Tim Evan’s blog: https://www.betterbuys.com/estimating-password-cracking-times/ that will use the official diceware wordlist to generate a diceware passphrase.
You can download the modified script here: https://www.cassidys.biz/wp-content/uploads/2019/11/diceware.ps1.
Linux users can install a package to quickly generate diceware passphrases. On Ubuntu, install the diceware package via apt:
apt-get install diceware
Then, use bash to quickly generate 10 passwords to choose from with a for loop:
for i in 1..10; do diceware -n 3 -d - ; done