Diceware is a security method used to generate cryptographically strong passphrases that are easy for humans to memorize but extremely difficult for computers to crack. Invented by Arnold Reinhold in 1995, it relies on ordinary physical dice to act as a hardware random number generator. This removes the risk of software vulnerabilities, backdoors, or predictable computer algorithms compromising your password’s randomness. How the Method Works
The entire process maps physical numbers onto a pre-defined public wordlist containing 7,776 unique entries.
Roll five times: Roll a standard six-sided die five times in a row (or roll five dice at once).
Note the sequence: Record the numbers in order to create a five-digit code (e.g., rolling a 4, 3, 1, 4, and 6 gives you 43146).
Lookup the word: Find that exact number on a Diceware wordlist. On the original Diceware list, 43146 corresponds to the word munch.
Repeat: Repeat the steps until you have the desired number of words. A typical passphrase looks like: cleft cam synod lacy yr wok. Security and Entropy
Each word selected from a standard 7,776-word list provides roughly 12.92 bits of entropy (randomness). This makes the math behind its security incredibly robust against brute-force guessing software:
4 Words: ~51.7 bits of entropy. Acceptable only for heavily rate-limited accounts.
5 Words: ~64.6 bits of entropy. Safe enough for standard everyday accounts.
6 Words: ~77.5 bits of entropy. Recommended for master passwords, laptop disk encryption, and password managers.
7 to 8 Words: Over 90 bits of entropy. Ideal for highly critical applications or securing cryptocurrencies offline. Optimized Wordlists
While the original list is still heavily used, the Electronic Frontier Foundation (EFF) published an updated EFF Large Wordlist in 2016. The EFF list keeps the same 7,776-word length but replaces obscure or hard-to-spell words with everyday terms, eliminating homophones, abbreviations, and offensive words to make memorization even easier. Best Use Cases
Because Diceware phrases take time to type out, they are not meant for every single online account. Instead, security experts recommend them for credentials you must keep memorized in your head, such as: How to Make an Unbreakable Password with Diceware
Leave a Reply