+ Reply to Thread
Results 1 to 4 of 4

Thread: Diceware for better passwords (I mean passphrases)

  1. Link to Post #1
    United States Unsubscribed
    Join Date
    3rd March 2012
    Location
    the terrarium
    Posts
    649
    Thanks
    3,077
    Thanked 2,853 times in 448 posts

    Default Diceware for better passwords (I mean passphrases)

    https://theworld.com/~reinhold/diceware.html

    Quote What Is A Passphrase?

    A passphrase is a bunch of words and characters that you type in to your computer to let it know for sure that the person typing is you. Most security programs allow you to enter a passphrase instead of just a short password for added protection against attackers. Some programs also use your passphrase to form a cryptographic key to encrypt your data.

    Passphrases are used with Wi-Fi wireless network security systems such as WPA and WPA2, when used in personal shared key (PSK) mode. The security of both systems depends on the strength of the passphrase you chose.

    Phil Zimmermann's popular encryption program PGP requires you to make up a passphrase that you enter whenever you sign or decrypt messages. So does the open-source version, GnuPG.

    Popular password manager programs require a master password or passphrase to protect the data they store.

    Passphrases are used with disk encryption programs such as PGPdisk and Apple's FileVault. Many organizations require disk encryption on laptops to meet regulatory requirements for protecting sensitive information.

    The latest versions of most popular operating systems, including Windows 10, MacOS and iOS, let you use longer passphrases for log-on identification.

    Digital currencies, such as BitCoin, use passphrases to protect the “coins” from misappropriation.

    Using a short passphrase as an answer to a required "security question" (like "What city were you born in?") protects you against attempts to discover your answer by researching your online data.

    You should follow the Diceware™ instructions here to create your passphrase before installing a WiFi router, creating your PGP or GPG key, opening a new security account or setting up an encrypted disk or digital currency wallet, so when you are asked to enter your new password, you'll be ready.

  2. Link to Post #2
    Avalon Member gord's Avatar
    Join Date
    13th October 2015
    Location
    The Vampire State
    Language
    English
    Age
    61
    Posts
    694
    Thanks
    14,972
    Thanked 4,603 times in 673 posts

    Default Re: Diceware for better passwords (I mean passphrases)

    The only place a perfect right angle ever CAN be, is the mind.

  3. The Following 11 Users Say Thank You to gord For This Post:

    atman (7th June 2021), avid (7th June 2021), Bill Ryan (6th June 2021), Craig (6th June 2021), Gekko (6th June 2021), haroldsails (6th June 2021), I am B (6th June 2021), jc71 (6th June 2021), O Donna (6th June 2021), palehorse (7th June 2021), Snoweagle (6th June 2021)

  4. Link to Post #3
    Avalon Member palehorse's Avatar
    Join Date
    13th April 2020
    Location
    Gaia
    Language
    English
    Age
    46
    Posts
    1,630
    Thanks
    12,042
    Thanked 11,413 times in 1,572 posts

    Default Re: Diceware for better passwords (I mean passphrases)

    what about this password (32 chars in size) with 239.58 bit of entropy, it uses extended ascii chars and also could possibly include other chars from foreign languages, but old legacy systems may not recognize/process it (then avoid it), there is something called "Unicode normalization algorithm" which basically means there is similar ways to represent a Unicode character, take for instance NFC (Normalization Form Canonical Composition) and NFD (Normalization Form Canonical Decomposition) Unicode normalization forms, and there is more to it, this stuffs is rather complicated than easy.

    Code:
    5ºL{6©<&Hç}ÏüìkØ£ò°}3izËÕ:\7¹V*Â
    now a passphrase with common words (12 words) using 155.10 bit of entropy.

    Code:
    smile path suspend expand ravage badly jolly snap overdue dispersed moonlike bulb
    I personally stick with a strong password with at least 12 chars.

    It is important to state that most banks and government agencies do not allow this sort of uncrackable passwords for their "clients", my bank allow only upper and lower case letters and numbers, not allowed punctuation, logograms, extended ascii, braces, math symbols, dashes and slashes or quotes. Ah! and it can not exceed 10 chars in size. Guess why they do that? The ATM until last year was 4 numeric chars only, now it is 6 (great I feel safe now LOL).

    I am using KeePassXC last version for Linux (there is also Mac and Windows versions), it works offline and you can carry it in a USB thumb drive if you wish, I do not memorize passwords anymore, it is just impossible

    I keep a backup of my passwords in 2 different places, an external hard disk and a USB thumb drive (both are wrapped in aluminum foil and I do not carry around with me, also that's how I used to keep my bitcoins), doing like that for many many years, never had any issue, all I have to remember is 1 password to open the encrypted KeePassXC program and this password I have only in my brain, if I forget it, then I am screwed.
    --
    A chaos to the sense, a Kosmos to the reason.

  5. The Following 3 Users Say Thank You to palehorse For This Post:

    atman (7th June 2021), Gekko (7th June 2021), gord (7th June 2021)

  6. Link to Post #4
    United States Unsubscribed
    Join Date
    3rd March 2012
    Location
    the terrarium
    Posts
    649
    Thanks
    3,077
    Thanked 2,853 times in 448 posts

    Default Re: Diceware for better passwords (I mean passphrases)

    Good points. I also use KeepassXC. I use a Diceware passphrase for unlocking the database itself, and then let KeepassXC make randomized passwords for the majority of my accounts. I also use Diceware passphrases for really important accounts like email so that I can log into them even if I don't have my password database on hand. That way, I only have to remember a few passphrases.

    Quote Posted by palehorse (here)
    what about this password (32 chars in size) with 239.58 bit of entropy, it uses extended ascii chars and also could possibly include other chars from foreign languages, but old legacy systems may not recognize/process it (then avoid it), there is something called "Unicode normalization algorithm" which basically means there is similar ways to represent a Unicode character, take for instance NFC (Normalization Form Canonical Composition) and NFD (Normalization Form Canonical Decomposition) Unicode normalization forms, and there is more to it, this stuffs is rather complicated than easy.

    Code:
    5ºL{6©<&Hç}ÏüìkØ£ò°}3izËÕ:\7¹V*Â
    now a passphrase with common words (12 words) using 155.10 bit of entropy.

    Code:
    smile path suspend expand ravage badly jolly snap overdue dispersed moonlike bulb
    I personally stick with a strong password with at least 12 chars.

    It is important to state that most banks and government agencies do not allow this sort of uncrackable passwords for their "clients", my bank allow only upper and lower case letters and numbers, not allowed punctuation, logograms, extended ascii, braces, math symbols, dashes and slashes or quotes. Ah! and it can not exceed 10 chars in size. Guess why they do that? The ATM until last year was 4 numeric chars only, now it is 6 (great I feel safe now LOL).

    I am using KeePassXC last version for Linux (there is also Mac and Windows versions), it works offline and you can carry it in a USB thumb drive if you wish, I do not memorize passwords anymore, it is just impossible

    I keep a backup of my passwords in 2 different places, an external hard disk and a USB thumb drive (both are wrapped in aluminum foil and I do not carry around with me, also that's how I used to keep my bitcoins), doing like that for many many years, never had any issue, all I have to remember is 1 password to open the encrypted KeePassXC program and this password I have only in my brain, if I forget it, then I am screwed.


    ¤=[Post Update]=¤

    I love this project by the Electronic Frontier Foundation. Maybe I should have made it the topic of this thread because it's a better place to start in terms of getting an overall view of computer security.

    https://ssd.eff.org/

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts