On Tue, 2019-06-25 at 12:41 +0200, Bennett Piater wrote:
On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
Six words are just six words out of an assessable vocabulary.
"This level of unpredictability assumes that a potential attacker knows that Diceware has been used to generate the passphrase, knows the particular word list used, and knows exactly how many words make up the passphrase." - https://en.wikipedia.org/wiki/Diceware
You seem to be misunderstanding that statement.
I'm not, from the same email you are quoting incomplete:
"13 rAnd0.m_C?arS are probably less secure, than 13 random words, because even an illiterate human knows more words, than we have got keys on a keyboard. This is indeed speaking pro Diceware :)."
So I agree, that Diceware seems to be the best method without using special hardware.
The comment of my follow-up email, is just a joke:
"OTOH if I should talk in my sleep, it would be easier for my fraudulant girlfriend Mata Hari to catch words, than the (not enough, to modern security standards) random chars I'm using at the moment."