SoylentNews is people
SoylentNews
Micah Lee writes at The Intercept that "coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion."
But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like “cap liz donna demon self”, “bang vivo thread duct knob train”, and “brig alert rope welsh foss rang orb”. If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.
I recommend that you write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn’t take more than two or three days before you no longer need the paper, at which point you should destroy it.
"Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It’s a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training"
(Score: 2, Insightful) by m2o2r2g2 on Monday March 30 2015, @02:04AM
Grab a dictionary, flip pages randomly back and forward. Stop and close your eyes and point at a word on the page. Repeat the process.
Also a good way to increase your vocabulary.
Can be modified to be easier (ie repeat process if you won't remember the word, or move down to next recognisable word).
Can be modified to be more random eg incorporating dice throws for base 6 or base 20 (depending on your die) page numbers/ word numbers etc).
Can be modified to increase search space - eg for those with any hint of multi-lingual skill - alternate language dictionaries.
dendroidal tete fading catre
Why limit the search space to 8000 words?
(Score: 2) by stormwyrm on Monday March 30 2015, @03:31AM
It's very hard to prove that you actually have a strong password if you simply flip pages randomly. Repeating the process for words you can't remember also destroys randomness. The advantage of the technique prescribed is that you can actually prove how strong the passphrase you generate will be. No security through obscurity here or guesswork. Most dictionaries don't have their words numbered the way the Diceware list is organised, which lets you just roll 5d6 to choose a word with perfect randomness, and you can be absolutely sure that you actually do have 7776 possibilities in your choices, so each word in the passphrase contributes approximately 13 bits of entropy to the passphrase.
By all means, if you think it will help, make your own wordlist, and number it the way the Diceware list is numbered if you like. If you have a list of about 100,000 words that's 16 bits of entropy. Seems like a lot of extra work for not much additional reward.
Numquam ponenda est pluralitas sine necessitate.