Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

5
  • 3
    Looking at the xkcd question - the answers there appear to cover off this question completely, especially danbeale and dr jimbob's answers. Commented Jan 3, 2012 at 8:59
  • 3
    Diceware assumes that everyone is doing a known dictionary attack when they calculate how long it takes to crack. If you aren't doing a dictionary attack, it's far more secure. Commented Feb 6, 2016 at 15:30
  • When you're evaluating the strength of a password generation scheme, what you are really evaluating is how much entropy is involved in generating the password, and how much of that entropy is preserved in the final output. Good generation method like Diceware preserves 100% of the entropy generated by the random number generator and, given some assumptions, the amount of entropy involved in diceware is quite trivial to calculate and fyi compare with other password generation methods. Commented Aug 10, 2016 at 2:27
  • What about a classic deciphering technique, using letter frequency gleaned from the Diceware list or from English? You can even do it positionally: the first letter is most likely to be this, and the second is most likely to be that. If you know there are five words, you can add the space in as a possible character. Of course, this suggests you know its a Diceware phrase - and the number of words. Commented Sep 8, 2016 at 18:23
  • That would be even harder than just combining the actual words. Commented Jul 6, 2017 at 14:40