Diceware for picking Unix passwords
Arnold G. Reinhold
reinhold at world.std.com
Fri Jan 25 14:32:53 EST 2002
Prodded by comments about password cracking in another thread, I've
added a table to my Diceware FAQ
http://world.std.com/~reinhold/dicewarefaq.html#tables for selecting
random characters out of the ninety five printable symbols in 7-bit
Ascii. The intent is to provide a practical and secure way to choose
passwords as strong as Unix allows.
Below is what I've added. It's best viewed in a monospace font like
courier. Comments are welcome.
Arnold Reinhold
=============================
How do I use dice to create random character strings?
To create passwords of maximum strength for a given number of
characters, you must use all available symbols. This is especially
important for most Unix systems where passwords are limited to eight
characters from the 7-bit ASCII printable character set. In
particular, Unix "root" passwords should always be constructed in
this way! The following set of three tables allows you to create such
a password.
Roll a die three times (or roll three dice) for each character and
then select one of the following three tables, based on what the
first die says:
If first roll=1 or 2 3 or 4 5 or 6
Second Roll Second Roll Second Roll
1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6
T 1 A B C D E F a b c d e f ! @ # $ % ^
h 2 G H I J K L g h i j k l & * ( ) - =
i 3 M N O P Q R m n o p q r + [ ] { } \
r 4 S T U V W X s t u v w x | ~ ; : ' "
d 5 Y Z 0 1 2 3 y z ~ _ sp < > / ? . ,
6 4 5 6 7 8 9
Note: Roll all three dice again whenever a blank appears in the
table. The table entry "sp" means a space character. If you do not
want spaces in you password, roll all three dice again.
Repeat this procedure eight times to get a maximal strength Unix
password. Each random character adds 6.55 bits of entropy. Eight
characters provides 52.4 bits of entropy.
Example:
224 T
131 C
553 }
215 Y
465 ,
334 u
326 roll again
535 /
364 x
The password is then:
TC}Y,u/x
Easy to remember? Hardly, but it is the only type of password that
provides full security on Unix systems. Only such passwords should be
used for root and administrative accounts or high security user
accounts. If security is less of a concern for user accounts, then
eight characters from the first table can be used.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list