Kushal Das

FOSS and life. Kushal Das talks here.


Using diceware to generate passwords

Choosing a new password is always an interesting topic. When I started using computers for the first time, my idea was to find some useful words which I can remember, maybe 2-3 of those words together. With time I found that the websites have different requirements when it comes to choosing a new password. But, in the last few years we also saw many examples where brute forcing a password is a rather simple thing. The modern powerful computers enable anyone to find a right combination of characters in a decent time frame.

What is a diceware password?

Diceware passwords are normal passwords (a few words together) generated from a list of words by either rolling a dice, or by computer. You can read more in the original Diceware website.

Using diceware project to generate your passphrases

If you notice, I have written passphrase instead of password. This is because passphrases are not only easier to remember than a complex password, but they also provide better security from bruteforce attacks. The following comics from XKCD explains it better than any words.

Installing diceware

diceware is a very simple command line tool written in Python. It can help you to choose a diceware passphrase easily. It was already packaged for Debian, last week I have packaged it for Fedora (thank you Parag for the review). Yesterday night it was pushed to stable. So, now you can install it using dnf.

$ sudo dnf install diceware

Using diceware

$ diceware 

By default it is creating passphrases with 6 words in it, but you can increase by using -n command line argument. You should use at least 7 words in your passphrase. Read the story from Micah Lee to understand how this helps to increase the strength of your passphrases in many folds.

The man page of the diceware has more details about usage.

Start using a password manager

Now is a good time to start using a password manager. Save all the passwords/passphrases in one place, and secure it with a super long passphrase which you can remember. This article from Martin Shelton has many examples. The members of Fedora engineering team uses a command line tool called pass which uses gpg to encrypt the passwords.