[arch-general] How long do you make the passphrase for the private key?
bennett at piater.name
Tue Jun 25 10:41:27 UTC 2019
On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
> Six words are just six words out of an assessable vocabulary.
> "This level of unpredictability assumes that a potential attacker knows
> that Diceware has been used to generate the passphrase, knows the
> particular word list used, and knows exactly how many words make up the
> passphrase." - https://en.wikipedia.org/wiki/Diceware
You seem to be misunderstanding that statement.
The minimum entropy is calculated _assuming_ that the attacker knows
that you are using diceware *and* which word list you used.
That is part of the threat model.
Think of it this way: In a normal password, you have an alphabet of ~80
chars and use 10-15 of them.
In diceware, you have an alphabet of >= 8K words and use at least 6 of
So a diceware passphrase of appropriate (word) length has the same
entropy as a password with equivalent (char) length, but the diceware
passphrase is much easier to remember.
More information about the arch-general