Diceware
Daniel Carrera
dcarrera@math.toronto.edu
Tue Jul 30 22:36:02 2002
I think that diceware is better. With this other method there are only 65
distinct sylables to choose from.
A 5-word diceware passphrase like "crust cord cliche gemma thea"
provides better security than a 10-sylable privaria password like
"gezugegekelagegogiro"
Personally, I think that "crust cord cliche gemma thea" is easier to
remember than "gezugegekelagegogiro".
Daniel.
On Tue, 30 Jul 2002, Ryan Malayter wrote:
> Diceware uses 7736 distinct English words of 5 characters or less.
> Choosing one of these words randomly represents 13 bits of entropy. If
> you choose, say 5 of these words at random for your passphrase, you have
> yourself a strong 65-bit passphrase that's easy to remember, if not so
> fun to type.
>
> -----Original Message-----
> From: Daniel Carrera [mailto:dcarrera@math.toronto.edu]
> Sent: Tuesday, July 30, 2002 2:47 PM
> To: Ed Suominen
> Cc: gnupg-users@gnupg.org
> Subject: Re: Diceware
>
>
>
> I notice that there's a lot of repetition. How many distinct sylables
> does the system use?
>
> Could I get a text version of the list of sylables?
> I want to give it a try.
>
> Daniel.
>
>
> On Tue, 30 Jul 2002, Ed Suominen wrote:
>
> > See http://eepatents.com/privaria/worksheet.pdf for a random password
> > selection system that, IMHO, is far easier to use than diceware.
> (That's
> > why I thought it up...)
> >
> > /--- Ed Suominen ------------------------------\
> > |> Registered Patent Agent
> > |> Independent Inventor of EE Technology
> > |> Author, PRIVARIA Secure Networking Suite
> > || Freely available at http://www.privaria.org
> > \--- http://www.eepatents.com -----------------/
> >
> >
> > -----Original Message-----
> > From: Daniel Carrera [mailto:dcarrera@math.toronto.edu]=20
> > Sent: Tuesday, July 23, 2002 11:37 PM
> > To: gnupg-users@gnupg.org
> > Subject: Diceware
> >
> > Thanks for the recommendation of Diceware. It's a very neat system.
> > I'll use it.
> >
> > The website recommends using dice instead of a computer program unless
> > you know what you're doing. I think I know what I'm doing (and I
> don't have
> > the patience for generating several passwords using dice).
> >
> > On a Linux box, I am using /dev/random as a source of random bits,
> which
> > I turn into digits with Perl's unpack(). I chop off all digits
> outside
> > the range [1-6] and use those to get the words.
> >
> > Can anyone detect any error here?
> >
> > Daniel.
> >
> >
> >
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users@gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>