Diceware for picking Unix passwords

Fri Jan 25 14:32:53 EST 2002

Prodded by comments about password cracking in another thread, I've 
added a table to my Diceware FAQ 
http://world.std.com/~reinhold/dicewarefaq.html#tables for selecting 
random characters out of the ninety five printable symbols in 7-bit 
Ascii. The intent is to provide a practical and secure way to choose 
passwords as strong as Unix allows.

Below is what I've added. It's best viewed in a monospace font like 
courier. Comments are welcome.

Arnold Reinhold

=============================

How do I use dice to create random character strings?

To create passwords of maximum strength for a given number of 
characters, you must use all available symbols. This is especially 
important for most Unix systems where passwords are limited to eight 
characters from the 7-bit ASCII printable character set. In 
particular, Unix "root" passwords should always be constructed in 
this way! The following set of three tables allows you to create such 
a password.

Roll a die three times (or roll three dice) for each character and 
then select one of the following three tables, based on what the 
first die says:

If first roll=1 or 2             3 or 4             5 or 6

            Second Roll        Second Roll        Second Roll

          1  2  3  4  5  6   1  2  3  4  5  6   1  2  3  4  5  6

T  1     A  B  C  D  E  F   a  b  c  d  e  f   !  @  #  $  %  ^
h  2     G  H  I  J  K  L   g  h  i  j  k  l   &  *  (  )  -  =
i  3     M  N  O  P  Q  R   m  n  o  p  q  r   +  [  ]  {  }  \
r  4     S  T  U  V  W  X   s  t  u  v  w  x   |  ~  ;  :  '  "
d  5     Y  Z  0  1  2  3   y  z  ~  _  sp     <  >  /  ?  .  ,
    6     4  5  6  7  8  9

Note: Roll all three dice again whenever a blank appears in the 
table. The table entry "sp" means a space character. If you do not 
want spaces in you password, roll all three dice again.

Repeat this procedure eight times to get a maximal strength Unix 
password. Each random character adds 6.55 bits of entropy. Eight 
characters provides 52.4 bits of entropy.

Example:

224 T
131 C
553 }
215 Y
465 ,
334 u
326 roll again
535 /
364 x

The password is then:

       TC}Y,u/x

Easy to remember? Hardly, but it is the only type of password that 
provides full security on Unix systems. Only such passwords should be 
used for root and administrative accounts or high security user 
accounts. If security is less of a concern for user accounts, then 
eight characters from the first table can be used.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com