Friday, March 27, 2015

Diceware for polyglots — Ultra-secure passphrases

The Intercept had an interesting article yesterday explaining how to set up a good master passphrase using Diceware. In a nutshell, in Diceware you roll a dice several times to choose words from a large word list. These words make up your passphrase, and the more words you choose this way the higher the entropy of your passphrase.

While the standard Diceware list contains words of the English language, lists for several other languages are now available as well. Which is nice, especially if English isn't your first language and you might have trouble remembering some of the words. On the other hand, if you have no trouble remembering words in a second language, why stop there? Let's combine several languages. Hurray for polyglots!

Diceware for polyglots

Diceware for polyglots adds one layer to the standard Diceware protocol. Here's how it works:
  1. Choose the word lists for the languages you are comfortable with.
  2. Roll the dice to select a word list.
  3. Roll the dice several times to select a word from that list (as in standard Diceware).
  4. Go back to step 2 and repeat until you have selected enough words.
"Enough words" in step 4 is around 7 nowadays in standard Diceware, although for polyglot Diceware it may be possible to obtain the same entropy with shorter lists.

Here's a random seven word passphrase I just generated that way using five languages:
i've lauf ugh heuvel lanudo myope 31ยบ
Entropy should be pretty good on this one.

Addendum: Diceware for coders

If you're a coder, why stop at natural languages? Key to Diceware is that the words are easy to remember. So if you're a coder you can add lists for programming languages that you're very familiar with as well, though they probably have less words.

Here's a random seven word passphrase combining two natural languages and one programming language:
volt typedef gordon dedans static_cast foyers
Again, very nice. Sorting them into a "sentence" may even improve memorability without harming entropy too much.