Here at Stronta, we’re big fans of passphrases. They offer excellent security while also being easier for real people to remember: open-pulse-ocean-hack-glue instead of hH*6R!gTjq. But what’s the best way to create a new passphrase?

For most people, we recommend using a password manager. (Proton Pass and BitWarden are two of our favorites, and we hope soon to have exciting news of our own around passphrases.) Some users, however, either cannot access a password manager, or, for maximum security, prefer to generate their own passphrases so they can know with certainty that the process was done securely. So what if you’re in one of these groups?

Solution: Diceware

Computer scientists invented a system called “Diceware” for generating truly secure passphrases. The approach is simple: roll a die five times, then check the word list for the word corresponding to your rolls. For instance, if you rolled 2-1-1-3-1, you’d scan down the original Diceware list to the entry “21131 clock” - so “clock” is the first word of your passphrase. Repeat until you have a passphrase of the desired length. Simple. And it’s truly random, so it’s truly secure.

Choosing the right word list

The original Diceware list has a couple of issues. For one, it contains a number of nonexistent words, like “nf” or “qqqq”. It also includes many offensive words (which we won’t list here!). Of the remaining words, many are obscure and hard-to-spell: “adieu”, say, or “aeneid”.

The Electronic Frontier Foundation (“EFF”) released new word lists in 2016, with an eye towards fixing some of these issues. They removed the most offensive words, and replaced the obscure ones with more common (albeit longer) ones. They also created a pair of shorter lists, for use with four dice rolls rather than five.

Improving on the EFF’s work

While the EFF’s word lists are definitely a step forward, there’s room for further improvement. For one thing, a number of non-words are still present (like “bok”, or “iso”), as are a number of questionable compound words (“fryingpan”). And many of the words are long, obscure, and hard to spell (“rotisserie”, or “cesarean”).

Here’s how we’ve improved the EFF’s word lists:

  1. We applied a process called “stemming” that shortens words down to their roots: “achy” instead of “achiness”, or “swim” instead of “swimmable”. Research shows that humans are better able to remember concrete, root-level words.
  2. Then, we filtered out longer words, which are harder to type, and can be harder to remember.
  3. Finally, we favored more common words, filtering out obscure words that people rarely use or encounter1.

Once we filtered down the set of words, we built multiple lists:

  1. The first is a traditional “Diceware”-like list, suitable for use with four dice (or four rolls of one die).
  2. The others are tailored to modern users, who are more likely to use a digital, ones-and-zeroes source of randomness, rather than a physical die. For these use cases, we have 10- and 11-bit word lists, perfect for generating passphrases using a secure random number generator on a modern computer2.

Download & Learn More

To download these new word lists, please visit our GitHub. Interested in learning more about Stronta’s password solutions? Reach out to us to schedule time!

Notes

1: Thank you to EFF for the initial word lists. Thanks as well to Robyn Speer for the wordfreq library, which was used to compute word prevalence, and to the RMIT IR Group for their Python Krovetz stemmer library. And thanks to Arnold G. Reinhold and Sigmund N. Porter for developing Diceware and the concepts underlying it. (Note: Diceware is a trademark of A. G. Reinhold.) See our README for further thanks and acknowledgments.

2: For the adventurous and/or technical, to securely draw a passphrase word on a Mac or Linux box, download our 11-bit word list and run the following in your terminal:

N=$(dd if=/dev/random bs=2 count=1 2>/dev/null | \
    od -An -t u2 | \
    awk '{printf "%d", 1 + ($1 % 2048); exit}') && \
sed -n "${N}p" 11-bit-wordlist.txt

Repeat three-to-five times, and you’ll have a completely secure passphrase, built using cryptographic randomness.