Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math. And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most sophisticated computer could take at least thousands of years to guess.
In short, diceware involves rolling a series of dice to get a number, and then matching that number to a corresponding word on a wordlist. You then repeat the process a few times to create a passphrase consisting of multiple words.
In 2016, EFF debuted a series of wordlists that can be used with five six-sided dice to generate strong passphrases. This year, we’re upping our game. At Dragon Con 2018 in Atlanta over Labor Day weekend, EFF will be testing new wordlists optimized for three 20-sided dice. Since Dragon Con is largely a fantasy and science fiction convention, we’ve also created four new wordlists drawn from fan-created Wikia pages for Star Trek, Star Wars, Game of Thrones, and Harry Potter.
If you’re at Dragon Con, come visit our table on the second floor of the Hilton Atlanta. EFF and Access Now are teaming up to teach people how to create passwords using giant 20-sided dice. Attendees will also be encouraged to write sentences or little stories using the words to help remember their passphrases. Participants who successfully create a strong passphrase will receive a gift (while supplies last).
We’re also releasing the wordlists and password worksheet online, so folks at home can play along:
(Note: Any trademarks within the wordlist are the property of their respective trademark holders, who are not affiliated with the Electronic Frontier Foundation and do not sponsor or endorse these passwords.)
How We Created the Wordlists
A diceware passphrase is just a set of rare and unusual words that is easy for humans to remember, but hard for computers to guess. When we set out to create fandom-specific wordlists, we weren’t sure where to gather unique but relevant words. Official encyclopedias for Star Trek and Star Wars only had hundreds of entries—nowhere close to the thousands of possible rolls of three 20-sided dice.
So, we began to look at the FANDOM Wikia pages for various science fiction and fantasy universes. At first, we tried using the unique page titles for sections like Memory Alpha and Wookieepedia. While we were easily able to gather enough words for wordlists, too many of the words were complicated, obscure names or words from fictional languages. They would have been too difficult for most fans to memorize—and memorability is one of the key features of diceware technique.
Instead, we narrowed in on some of the most popular pages for various fandoms, such as limiting ourselves to the main Star Wars films, a selection of Star Trek episodes from the original series and Discovery, the Harry Potter books, and a few episodes from each season of Game of Thrones. Then, we filtered the text of each page to just its unique words. As a result, our wordlists are mostly regular English words with a distinct flavor of the corresponding fandom.
Each wordlist is 4,000 unique words, repeated once to match the possible 8,000 outcomes of the three 20-sided dice.
For this method, it’s important to use carefully constructed wordlists. It’s also important that the user not modify the words after they’ve been chosen or re-roll for new words because they don’t like the original ones that came up. This process relies on randomness—so, the second some words on the list are prioritized over others or changed in the generation process, the mathematical analysis starts to fall apart.
To see why, we need to understand how to analyze the security of a passphrase.
Let’s assume an attacker trying to crack our passphrase knows the method we used (in this case, a particular fandom wordlist and three 20-sided dice). We also assume the attacker is going to use the most effective attack for that particular method. For our method, that means trying all combinations of words in the wordlist, rather than, say, trying every individual letter combination.
Assuming the attacker knows that our passphrase is made up of words from a particular list, then the security of a passphrase is determined by how many possibilities there are. In our wordlists, there are 4000 words, and we’re choosing five of them, so the number of possibilities is 4000 times 4000 times 4000 times 4000 times 4000, which is about 1018 possibilities. Around 1018 to 1024 is usually a good number to aim for, for most people. The easiest way to increase this number is by adding another word to the passphrase using the same dice-rolling method.
How long will it take for an attacker to crack this password in practice? That number depends on how fast the computer is. Using a desktop today, computers can try about 15 million passwords per second. The world’s fastest supercomputer can try about 92 trillion passwords per second.
If you assume the attacker has a copy of the wordlist you used and a computer that can try 15 million passwords a second, it would take them over two thousand years to try every possible combination, cracking the password in just over a thousand years on average.
The world’s fastest supercomputer could crack that same password in an hour and a half on average, but not to worry: adding two more words to the password increases that time to almost three thousand years for even the fastest supercomputer.