[Q] Diceware password size

Denis McCauley DenisMcCauley@ifrance.com
Tue May 27 21:07:02 2003

Hash: SHA1

On Mon, 26 May 2003 17:40:52 -0400
Daniel Carrera <dcarrera@math.umd.edu> wrote:
> I'd like some help figuring out the security of a diceware passphrase.
>  The diceware word list contains 7776 words.
>  => There are (7776)^5 possible 5-word passphrases.
>  => There is a probability 'p' that the passphrase will be discovered
>     within the first  p*(7776)^5 trials.
>   If I knew the number of trials 'n' that can be performed each minute I 
>   could estimate the security of a diceware passphrase.  Of course, the 
>   value of 'n' depends on the attacker.
In reality it's not that simple, I think. 

First, an attacker must know that Diceware was used. Otherwise he would
try a dictionary attack with a much large word base.

Second, there are two Diceware word lists (in English), which would mean
combining the two and having more than 7776 possibilities.

Third, you can include spaces between the words, or not, which would
double the search time.

- --
Denis McCauley
GPG/PGP keys at http://www.djmccauley.tk

Version: GnuPG v1.2.2-nr1 (Windows 2000) - GPGshell v2.70
Comment: Key ID: 0x578247B4 (using signature subkey 0x4980C4F7)
Comment: 3C0A D97D 5FC5 A250 20BC EBC6 EB0E 9716 5782 47B4


Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France