Diceware
Ryan Malayter
rmalayter@bai.org
Tue Jul 30 22:50:02 2002
From: Ed Suominen [mailto:general@eepatents.com]=20
>a random password selection system that, IMHO,=20
>is far easier to use than diceware
Easier to use, maybe, but probably less secure. You only have 65
distinct syllables in your chart. That means there's about 6 bits of
entropy per syllable. So you need 11(!) syllables to match the strength
of a 5-word diceware password. If you're only using 4 syllables as in
your example, you have a mere 24 bits of entropy in your passphrase -
which means it can be brute-forced in seconds on a single modern PC.
Here are some 11-syllable example passwords I produced with your system:
gotalamudanarezilohora
dihubebumahagizipipisi
kubamosanugobabodupibu
runolotomugabadibinedo
dehimihakinitusubimahe
gelisekokutunumidehara
I'd hardly call those easy to remember, even if it is shorter to type
than a diceware password. Have you considered adding more syllables to
your system, using digraphs and trigraphs for consonants?
Regards,
:::Ryan Malayter
:::Sr. Network & Database Administrator
:::Bank Administration Institute
:::Chicago, Illinois, USA
:::PGP Key: http://www.malayter.com/pgp-public.txt