Secure passphrases (passwords) can be generated by hand, using a system called Diceware. Diceware uses rolls of dice to generate random numbers that correspond to a word-list. Each Diceware generated word has 12.9 bits of entropy, so you will need to generate five or six words to make a strong pass-phrase.
Most importantly a password should have a high degree of entropy (randomness or lack of order or predictability). Generally speaking, we recommend that a password have at least 40-bits of entropy, with 80-bits or more of entropy being preferred. The Rumkin Password Strength Test allows one to test the strength of different types of passwords on-line. The Rumkin Password Strength Test is useful for testing various password formats for entropy, but note that we differ slightly on the bits of entropy needed for a secure password.
The Diceware word list can be downloaded from their web-site and used to generate a strong, yet easy to remember passphrase for use with encryption and security programs.
In July 2016, the Electronic Frontier Foundation (EFF) published their own wordlist for generating pass-phrases from dice rolls. Both the Diceware and EFF lists provide the same degree of entropy, but the EFF claims that their list uses more memorable, and more easily spelled words.
Regardless of whether you use the EFF or Diceware list, what is important is that you generate strong, memorable, passphrases to protect your on-line accounts, encryption, and security programs.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.