Diceware Passphrases

Diceware passphrases are super secure passwords you can create yourself with just dice, a pen, and paper.

"Passphrases" are used just like "passwords." They consist of everyday words, with spaces between — making them easy to remember and easy to type. And most importantly, by rolling dice to select the words, Diceware passphrases are secure and created without any bias. In other words, they're almost certainly more secure than any password you come up with on your own.

For an example, here we have a regular password, and below it a Diceware passphrase. They both provide the same security.

/8zSRK%)Bzdh$P
observant repossess audience unpeeled uncounted swooned safari

The Diceware passphrase above looks longer, but it is almost certainly easier to remember and type.

Before we begin, note that Diceware™ is a trademark of Arnold G. Reinhold, and for more information you can visit his Diceware page.

Creating a Diceware Passphrase

Grab an pen and paper, and pick a wordlist. I recommend my wordlist here (if you're creating a passphrase for Paper Password Splitting, use the "2019" version of my wordlist). Here's a few lines from the wordlist:

...
56231   stable
56232   stack
56233   stadium
56234   staff
56235   stage
...

You can see 5-digit numbers which correspond to all possible values of 5 thrown dice, in order, with one unique word apiece. It's all straightforward — no tricks or complexity are needed. Passphrases are chosen by simple randomness. Now let's create a Diceware passphrase.

1. Roll five dice. Read their values left-to-right and write them down.

For example, say we roll ⚃⚅⚀⚃⚀. We write down 46141.

2. Repeat the above step until you've recorded the result of at least seven rolls.

At this point, we may have something like this.

46141  43234  33314  32355  26362  46135  41514

3. Find the words alongside each 5-digit sequence in the wordlist and write them down, separated by spaces.

We look up 46141 in the wordlist

...
46135   pumice
46136   pummel
46141   pumpkin
46142   punch
46143   punctual
...

and find pumpkin, then write it down. Then we find 43234 is overcook, and write that down.

46141  43234  33314  32355  26362  46135  41514
pumpkin overcook

And so on. After finding the rest of the words in the wordlist, our complete Diceware passphrase becomes

pumpkin overcook handcraft glove facility pumice moving

That’s all there is to it. It’s just seven words separated by spaces — very secure, and after typing it a few times, quite easy to remember. If you just want to know the basics you can stop reading now. (Destroy the paper you wrote the password on once you've memorized it!)

Wordlists

My preferred wordlist is my own carefully modified list based on a list published by the Electronic Frontier Foundation. Details about my wordlist can be found on my GitHub repository page.

The original Diceware wordlist is available as well.

Dice

Any 6-sided dice you have on hand will work fine. Even one die will work with a little patience. The pretty dice in the picture above are from a Chessex set I bought on Amazon. You can support this site by checking them out.

Where to use Diceware Passphrases

It’s not practical, or even possible, to use Diceware passphrases everywhere. They are long, and many websites won’t accept them. And they are a bit slow and tedious to create.

One of the best uses for Diceware passphrases is in securing a password manager. After remembering just one super secure Diceware passphrase, you can store the rest of your passwords in a password manager and forget them! The password manager can then easily generate and store long impossible-to-remember and difficult-to-type passwords for use on websites and elsewhere.

As for all of your passwords, Diceware passphrases should never be reused.

If you want more complexity in your Diceware passphrase there are some suggested methods below. Note that if you really don’t need capital letters, numbers, or symbols, it’s easier and more secure to just add another word to your passphrase. Each additional word makes your passphrase 7,776 times harder to guess!

Capitalizing Words

Roll a die to select a word in our passphrase, and a second die to select how to capitalize: 1-3 to capitalize the first letter, and 4-6 to capitalize the entire word. Say we roll ⚄⚅ (5 and 6). We'll capitalize the 5th word entirely.

pumpkin overcook handcraft glove FACILITY pumice moving

Once more, we roll ⚅⚀ (6 and 1), so therefore we capitalize the 6th word, first letter only.

pumpkin overcook handcraft glove FACILITY Pumice moving

Using Numbers or Symbols

Roll a die to select a row from the table below, then roll another die to select a column.

                123456 ← second die
first die → 1-2 123456
          → 3-4 789.+?
          → 5-6 !@#$%*

Roll a third die to select the word to insert the number/symbol after. For example we roll ⚁⚂⚃ (2, 3, and 4). The row "1-2" and column "3" gives us 3, which we insert after the 4th word.

pumpkin overcook handcraft glove3FACILITY Pumice moving

Again, we roll ⚂⚄⚁ (3, 5, and 2), giving us + after the 2nd word.

pumpkin overcook+handcraft glove3FACILITY Pumice moving

How Secure are Diceware Passphrases?

For any password, security comes from both length and "randomness." Diceware passphrases are chosen purely at random, using dice. So "randomness" is guaranteed. Let's look at Diceware passphrase length.

A one-word Diceware passphrase is weak, to say the least. For example, the terrible passphrase

observant

is one of 7,776 possible one-word Diceware passphrases. If an attacker knows which wordlist you've used, they will only have to try 3,888 words, on average, before guessing your passphrase. No competent attacker would have any trouble at all doing so.

A two-word Diceware passphrase is 7,776 times stronger, though still very weak.

observant repossess

There are 60,466,176 two-word Diceware passphrases that can be created from any 7,776-word wordlist. Your attacker would have to guess 30 million passphrases, on average, before correctly guessing it. That seems like a lot, but someone running software to guess 10,000 passwords per second will probably find your password is less than an hour.

A seven-word Diceware passphrase is 28,430,288,029,929,701,376 (28 billion billion) times stronger than the two-word passphrase. It's one of 1,719,070,799,748,422,591,028,658,176 possible seven-word Diceware passphrases. As of 2019, it would take a top-of-the-line server farm many years (and a lot of money invested) to guess your passphrase. If the passphrase is for something using a strong "key derivation function," like LastPass or KeePass, guessing your passphrase may be impossible with today's technology.

For another comparison, let's look at regular old passwords made of 88 letters, numbers, and symbols. The 14-letter password below has the same strength as the seven-word Diceware passphrase.

O^zZ-vk*S7/K=5
expenses cover poking aide overbuilt tycoon handful

They are both one of more than 1.7 billion billion billion password possibilities for passwords of their length and complexity (~90.4 bits of entropy).

The 16-letter password below has the same strength as the eight-word Diceware passphrase.

4P6imBs@-pP~q(EP
thistle energize headdress spender drowsily genre jawless corral

They are both one of more than 12 or 13 thousand billion billion billion password possibilities for passwords of their length and complexity (~103.4 bits of entropy).

So how secure are Diceware passphrases? It depends on passphrase length but also where the passphrase is being used. In general, as of 2019, passphrases with a minimum of seven words are likely to be strong and secure. If you won't have trouble remembering or typing an additional word, eight words are much more secure than seven.

References