About Diceware
Weak passwords are a big flaw in computer security due to a lack of "entropy"
or randomness. For example, how many times have you used the name of a pet or relative or street
in a password, or perhaps the number "1". Not very random, is it? :-)
Worse still, if
passwords are reused between services,
that increases your security risk.
Fact is, humans are terrible at remembering random combiations of letters and
numbers, but we are great at remembering phrases of words. That's where Diceware comes in.
Diceware is based on the proposal at
http://world.std.com/~reinhold/diceware.html
wherein virtual dice are roled 5 times, and the 5 digit number used against a lookup table of words.
4 dice rolls gives you 4 random words which are easy for a human being to remember, yet have
a high amount of entropy which makes them hard to crack.
For more information on Diceware:
FAQ: Why not use LastPass or a similar product?
By all means, feel free to do so. LastPass is an excellent product and I highly recommend it.
If, on the other hand, you prefer to be able to actually remember your
passwords, I recommend Diceware or a similar system.
FAQ: Are these dice roles cryptographically secure?
Yes, insofar as we're using the getRandomValues() function in Javascript, and you trust that your
browser and computer have not been compromised or otherwise tampered with. Keep in mind that a not-so-theoretical attack
would be for an attacker to compromise the random number generator on your computer so that
anything that is encrypted (or passkeys generated) would be suspectible to less intense cryptoanalysis.
FAQ: Is the source available?
Yep! You can grab a copy at
https://github.com/dmuth/diceware
Who built this? / Contact
My name is
Douglas Muth, and I am a software engineer in Philadelphia, PA.
There are several ways to get in touch with me:
Feel free to reach out to me if you have any comments, suggestions, or bug reports.