Diceware is supposed to be done with Dice in an entirely offline manner. I guess a local program is still useful, but in theory the program could be a shoddy RNG with non-random passwords. The program shouldn't be trusted unless you wrote it yourself, or otherwise performed a security audit yourself.
Assuming you have trustworthy dice (they don't have to be perfectly balanced, just something you can trust to be random), then you can diceware your own password by hand.
> The program shouldn't be trusted unless you wrote it yourself, or otherwise performed a security audit yourself.
I'm just a humble non-crytographic-programmer making practical suggestions with the most substantial security improvement for the least effort... Of course personally - I roll dice, dice that I whittled out of sticks, sticks from different trees that I collected from different parks, parks that I visited in a random order based on the results of a PRNG of my own secret design, a PRNG I built out of swarm crab based logic gates on a secret beach, seeded with a number collected from a geiger counter and small sample of u238, a geiger counter I constructed from photodiodes and aluminium foil, photodiodes I fabricated out of mud, rocks and fire. One day I hope to finish implementing my own general purpose computer and browser, then I will finally be able to use my passwords :)
Well, there's questions like why use 6^5 (46656) words if you're just not going to be rolling six-sided dice? There are other wordlists and dictionaries out there.
I feel like having words like "eee" and "eeee" or "g's" and "gs" on the list sort of defeats the point of "correct horse battery staple" - that the words are easily memorable and non ambiguous.
https://pypi.org/project/xkcdpass/ this uses eff-long as the default (but also has other lists). It's available over pip and/or through most distro package managers.
But having a wordlist of ~2281 words means the search space is 2281^4 = 2.7e+13 which is less than an ascii password (roughly 100 usable ascii characters?) of length 7 i.e. 100^7 = 1e+14
You should not have to remember more than 2 or 3 passwords, enough to log in to your main computers and password managers. If you have few enough passwords that you use frequently enough, they can be completely random, and there is no need to get creative with “memorable” generation schemes.
It's a password generator hosted on a domain with zero reputation. Insufficient entopy is nowhere near as concerning as the software distribution mechanism.
Audit the code? Maybe it's different tomorrow. Maybe it's different based on client fingerprint! Internet explorer users in retirement communities get the version with a known, fixed random number seed.
The default settings append a number at the end, so that's 2.7e+14. Moreover, there's a separator character that may or may not be there, and may or may not be changed from the default. Furthermore, I don't know why the "jargon" list isn't included by default, which adds 8,800 relatively common words (e.g. born, advice, engine, perspective). So with the digit at the end and all other default settings, that's 11000^4*10 = 1.46e+17.
I had a idea similar to this, where you would misspell one or two words randomly - and then generate a sentence below the password to help with remembering the built-in obfuscation.
My thought was that it would add some protection against a dictionary attack.
"Horse-with-a-C" is a longer password, but could possibly be hit using an algorithm that expects "with-a-[letter]" to be generated as part of a password.
The randomized misspelling of a word-or-two was intended to break a dictionary attack.
It doesn't reduce the entropy any, so I don't see how it could be less secure (assuming you don't count "with a C" as the additional words, which obviously you wouldn't).
At this point, average users are better off with a password manager and/or passkeys. The fraction of users willing to learn more than one decent password and not use it in multiple places is probably 1% or less.
I generally agree. I've used an XKCD-style password for a long time for my 1Password master password. But it does have downsides -- on a mobile device, it's a lot of typing, if you need to enter it.
This could really use a entropy measure for the options you pick. Also what is the default dictionary?
If it is diceware, then the site's default 4 words hasn't been considered secure for a while. There is an Ars Technica article from 2014 that says 6 should be the minimum. I bet it is higher now.
And save every generated password for later use. Nice
Reminds me of the online bitcoin wallet public key QR code generator that just generated a code for some attacker’s wallet and got themselves some free coins.
For those wondering, the source including word list is linked [1].
At a glance, the base dictionary is 2280 words; jargon is 8800; science is 575. So, definitely consider adding all the lists! That gives (check my math) ~13.5 bits entropy per word.
There are a number of such generators, but this one has good defaults (with the number at the end).
IMHO, it would be better if it would generate a list of passwords, so if the site is malicious, it wouldn't know which one you picked. It's weak, I know... But for this reason, I like this one:
https://xkpasswd.net/s/
There's no way people actually use random websites to generate their passwords, right? Like, I can't just post or comment a password generator to a reasonably-tech-savvy forum like HN and have people actually use it to generate their next email password, can I? Surely there's at least some communal wisdom about how to correctly obtain software that you can reasonably trust with such an important task?
This is a fun project, and I respect implementing anything birthed from XKCD, but I agree and don't think I'd use this sort of thing to generate my passwords. ( Or I'll just stick to Password123 )
Unless the list is long enough for the selection process to have enough entropy to make an at least halfway decent password, that's pointless. And if it is, good luck downloading the list.
A password space of 600,000 options is under 20 bits of entropy. That's basically pointless. If you want 40 bits, you're going to need a little over 1,000,000,000,000.
Sure, but I thought it was obvious you wouldn't use one word. I'm saying a six megabyte file plus a one line shell script is enough to generate secure passwords with just four words by producing something like "Gargantuan Lackadaisical Lugubrious Flibbertigibbet" which while a bit of a mouthful isn't terribly difficult to memorize compared to 76 bits of line noise or even base64.
But that's not what was being discussed. Someone suggested that if one were to use a website that generates passwords, they should use one that generates multiple passwords to pick from to mitigate the risk of the site being malicious and knowing your password. And I'm saying that that is not useful for any practical length of password candidate list.
This is nice. I previously wrote up a KornShell script that did that with the 3000 most common English words, added the dashes, and two digit numbers to make up a suitable password for my password manager and places where I could not use a password manager.
I also used dashes as a word separator and to count as a special character. Nearly everyone allows for - , but it is hit or miss for other special characters.
Memory's a real issue. In principle this is a nice demo; in practice I will be able to retain like five to seven of these high-entropy blobs before they all run together.
The fundamental problem with passwords is still the need for them.
It's been noted elsewhere in the comments, but I think it's worth pointing out that 1Password incorporates a similar algorithm for random password generation. It allows you to configure a series of uppercase words, lowercase words, special characters, and numbers. i.e. CAR-horse7ambulance
It's a cute idea and I love the concept from XKCD, but the best practice is just to use a password manager and stop trying to remember passwords (and absolutely never reusing passwords).
I only have to remember one password: to my password manager. My phone uses a different unlock method entirely, and my work computer's password is stored in my password manager.
Although after a couple of days of using a new password regularly, I can't help but have it memorized anyhow.
Most humans create terrible passwords (myself included) and I really benefit from simply having a random word generator. I use generators like these to create a random word cloud to pick and chose from to create my actual password. I also might have to read particular passwords over the phone to someone in a rare emergency so real words help with that a lot. This particular one doesn't throw enough random symbols in between words IMO, I also like to throw in misspellings and random caps which none of them seem to do.
Yes, I use a random password generator for all of my passwords. But I don't use the XKCD method because I actually find that style of password more difficult to remember and more of a pain to type in.
This goes against the whole idea of that XKCD comic. If you want to come up with a password you can remember, you should string together a bunch of words that make sense to you. But if you want a password you can remember, randomly generating it (especially in a way that has low overall entropy per the current top comment) seems like a bad way to do it.
IMO the days of remembering multiple passwords are gone - either use a password manager, or thankfully the industry is moving to passkeys.
The XKCD comic was absolutely about randomly generating a four word password, not picking four words that mean something to you. That's how the math works is if each word is random.
A local diceware generator is probably available in your package manager, e.g: