Skip to main content

To address security flaws that were created by insecure password practices, Arnold Reinhold made a password generation game called Diceware. The game was to roll a 6-sided die 5 times, which generates 65 = 7,556 unique permutaions which correspond to a unique dictionary word.

When you create a Diceware passphrase, it is recommended that you roll for a series of 6 words. Assuming the worst case scenario, that the person who is trying to crack your password knows exactly what wordlist was used, each word added log2(7556) = 12.9 bits of entropy to the passphrase. A 6 word passphrase is considered secure because it has a minimum of 77 bits of entropy.

In the example that was ran at the Expo table, we used updated wordlists released by the Electronic Frontier Foundation. These lists use 3 rolls of 20-sided die, so less rolls are required to get roughly the same entropy.

As an exercise create a Diceware-generated password to see how much stronger each additional word makes the passphrase! UCF InfoSec does not encourage the testing of any valid passwords on such sites.