On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
Six words are just six words out of an assessable vocabulary.
"This level of unpredictability assumes that a potential attacker knows that Diceware has been used to generate the passphrase, knows the particular word list used, and knows exactly how many words make up the passphrase." - https://en.wikipedia.org/wiki/Diceware
You seem to be misunderstanding that statement. The minimum entropy is calculated _assuming_ that the attacker knows that you are using diceware *and* which word list you used. That is part of the threat model.
Think of it this way: In a normal password, you have an alphabet of ~80 chars and use 10-15 of them. In diceware, you have an alphabet of >= 8K words and use at least 6 of them.
So a diceware passphrase of appropriate (word) length has the same entropy as a password with equivalent (char) length, but the diceware passphrase is much easier to remember.