FAQ+A

Frequently Asked Questions + Answers

What is Diceware?

Diceware is a technique that uses dice to produce random text for passphrases and other uses. The Diceware method provides an easy way to create strong passphrase that are easy to remember, for example: alger klm curry blond puck

To build your passphrase, you pick short words from a list that is indexed in a special way that makes it easy to select the words randomly using ordinary dice.

How long should my passphrase be?

I now recommend six words for most users, or five words with one extra character added at random. (This is a change from my previous advice. I had previously written that longer Diceware might be vulnerable by about 2014. Well it's 2014. Today criminal gangs probably have access to more computing power than the NSA did when this page first appeared. So I am upping my passphrase length advice by one word.)

  • Five words are breakable with a thousand or so PCs equipped with high-end graphics processors. (Criminal gangs with botnets of infected PCs can marshal such resources.)
  • Six words may be breakable by an organization with a very large budget, such as a large country's security agency.
  • Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030.
  • Eight words should be completely secure through 2050.

Pick your passphrase size based on the level of security you want.

Should I write down my passphrase?

This is a very important question. Much advice says never write down your passphrase under any circumstances. I disagree.

I believe most people are more afraid of forgetting their own passphrase than they are of having it stolen. As a result they tend to pick passphrases that are far too weak. I actually did a small survey on this question and the results support my view. See http://world.std.com/~reinhold/passphrase.survey.asc

Also many people need multiple passphrases for different programs and needs. Remembering them all can be difficult, particularly those that are used infrequently. For most people it is better to pick strong passphrases, write them down and keep them in a very safe place. There may be legal advantages to memorizing your key, however.

If someone knows that I am using Diceware, can't they just use the word list to search for my passphrase?

The Diceware method is secure even if an attacker knows that you used Diceware to pick your passphrase, knows how many words are in your passphrase and knows the word list you used. The security of Diceware comes from the huge number of combinations that an attacker must search through even with that knowledge . The Diceware word list contains 7776 words, so if you pick a five-word passphrase, there are 7776 x 7776 x 7776 x 7776 x 7776 combinations. That is over 264, 2 to the 64 power or 2.6 X 1019 possibilities. A six word Diceware passphrase confronts an attacker with 277, 2 X 1023 combinations; seven words 290, 1.5 X 1027.

Any suggestions on how to memorize my Diceware passphrase?

Try making a mnemonic. First, make sure you know what each word means. Look it up if you have to. Then try to make up a story that uses those words. For example, here is a five word Diceware passphrase selected at random:

strop 17 aw tete karp
My dictionary defines strop as a strip of leather used to sharpen a razor. Tete, as in tete-a-tete comes from the French word for "head." So I imagine myself sharpening my razor knife seventeen times before cutting off the all wet head of a fish. It may sound hokey, but it works!

Why are there so many meaningless words like abc, du, rrrr or 456 in the Diceware list?

An important goal of Diceware is to keep passphrases short. Based on the limited survey I did, I concluded that most people simply will not accept a 50 character passphrase that they have to type in several times a day to read, send or sign e-mail. Peter Kwangjun Suk had the clever idea that short non-words like abc, 456, or dn are about as easy to remember as regular words and reduce the average length of a randomly selected password.

Should I include spaces between words in my passphrase?

It is best to include the spaces. If you don't, your passphrase could be weaker than you expect. For example, without the spaces the six word passphrase “stray clam my aloof micro judo” is the same as the five word “stray clammy aloof micro judo”. I used to say no, because of the risk of acoustic monitoring. The space bar on many keyboards has a distinctive sound. Someone overhearing you could determine the length of each word you typed, which would aid significantly in an attack. But someone that close to you or who is bugging your workspace has many other ways to recover your passphrase. If you'd rather remove spaces, look for combinations that form a word you did not expect, like “clammy” in the example, and add a space or punctuation character just between them, e.g. “calm?my.” Or just add another word to your passphrase.

Whichever way you choose -- spaces or no spaces -- you must decide before you use your passphrase for the first time. After that, always enter your passphrase the same way.

How often should I change my passphrase?

You should change your passphrase whenever you change your PGP key or you think it may have been compromised. There is little advantage in changing it more often.

What should I do if I think someone else may know my passphrase?

Change your PGP key and your passphrase.

What is "salt"?

Salt is a block of non-secret data that is appended to the passphrase before it is hashed. The salt data is transmitted in the clear along with the message. Salt prevents certain attack strategies, such as a dictionary attack.

A dictionary attack involves building a list of possible passphrases along with precomputed cryptographic information that lets the attacker check that passphrase faster. Salt prevents this by requiring a separate entry for each salt value. If you use 30 bits of random salt an attacker will need a billion dictionary entries for each passphrase.

Also, without salt, an exhaustive search attack could attack a large number of target keys at once. An attacker hashes each trial passphrase and sees if it works for any of the keys she is attacking. Salt prevents this because it is unlikely that two users will have the same salt.

If you can use passphrases of arbitrary length, you can compensate for any lack of salt by adding your own. If you are using a security program that you aren't sure uses salt, pick the longest Diceware passphrase you feel comfortable remembering (preferably six words) and then add on something that is not secret but is unique to you, such as a familiar telephone number or the name of a favorite character or celebrity. So your final passphrase might look like this:

hera steam slop aim join del 5552368

Question 2?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent nec massa tristique arcu fermentum dapibus.

Question 2?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent nec massa tristique arcu fermentum dapibus.

Question 2?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent nec massa tristique arcu fermentum dapibus.

Question 2?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent nec massa tristique arcu fermentum dapibus.