Diceware

dice5.gif

I’ve used Diceware to generate secure passwords for a few years now. It really is a simple system. Basically it’s just a list of 7776 common English words, mapped to the outcomes of dice rolls. Combined with a set of five dice (or one die rolled five times), it is an easy and extremely secure method for generating strong passphrases.

As highlighted by XKCD, most human-generated passwords just aren’t very strong – they don’t have high levels of entropy.

Creating a password using Diceware allows you to create passphrases that are very easy to remember, yet extremely strong. A passphrase comprised of four or five words (typically 15-20 characters) is far stronger than one that contains fewer characters but a more diverse character set.

Generating truly random passphrases is difficult, though. If you pick words out of your head or a newspaper, they won’t be very random. Diceware takes the human element out of the equation and replaces it with true randomness, dice rolls, and is a simple method of creating secure passwords with minimal effort.

As noted on the Diceware web page, Diceware is easy to use, secure, prescriptive, transparent, and free. Diceware is my tool of choice for generating passwords, and I’ve used it for years. It creates easy-to-remember passphrases that have high entropy and can be extremely secure, provided you use enough dice rolls.

-- George Wenzel  

Diceware
Free

Available from www.diceware.com