|
|
This page has one purpose and one purpose only: to tell you a better way to create a pass phrase for use with PGP and other encryption or security programs. The information presented here can be used by anyone. No background in cryptography or mathematics is required. If you care enough about privacy to use encryption, take a few minutes and learn how to do it right.
This page is also available in Chinese and Japanese.
A passphrase is a bunch of words and characters that you type in to your computer to let it know for sure that the person typing is you. You often need a passpharase when you want the computer to do something special, like encode or decode a secret message. Phil Zimmermann's popular encryption program PGP, for example, requires you to make up a passphrase that you then must enter whenever you sign or decrypt messages.
Passphrases differ from passwords only in length. Pass words are usually short -- six to ten characters. Passphrases are usually much longer -- up to 100 characters or more. Their greater length makes passphrases more secure. Modern passphrases were invented by Sigmund N. Porter in 1982.
Picking a good passphrase is one of the most important thing you can do to preserve the privacy of your computer data and messages. A passphrase should be:
Diceware is a method for picking passphrases that uses dice to select words at random from a list called the Diceware word list. Each word in the list is preceded by a five digit number. Each digit is between one and six, allowing you to use the outcomes of five dice rolls to select one unique word from the list.
Here is a short excerpt from the Diceware word list:
16655 clause
16656 claw
16661 clay
16662 clean
16663 clear
16664 cleat
16665 cleft
16666 clerk
21111 cliche
21112 click
21113 cliff
21114 climb
21115 clime
21116 cling
21121 clink
21122 clint
21123 clio
21124 clip
21125 clive
21126 cloak
21131 clock
The complete list contains 7776 short English words, abbreviations and easy to remember character strings. The average length of each word is about 4.2 characters. The biggest words are six characters long. The list is based a longer word list posted to the Internet news group sci.crypt by Peter Kwangjun Suk. An alternative list, edited by Alan Beale, contains fewer Americanisms and obscure words. For more information see the Diceware FAQ.
To use the Diceware list you will need one or more dice. Dice come with many board games and are sold separately at toy, hobby, and magic stores. Toys"R"Us in the US sells a package of five dice for about $1.59.
Suppose you choose a five word passphrase, as we recommend. You will need 5 X 5 or 25 dice rolls. Let's say they come out as:
1, 6, 6, 6, 5, 1, 5, 6, 5, 3, 5, 6, 3, 2, 2, 3, 5, 6,
1, 6, 6, 5, 2, 2, and 4
Write down the results on a scrap of paper in groups of five rolls:
1 6 6 6 5
1 5 6 5 3
5 6 3 2 2
3 5 6 1 6
6 5 2 2 4
You then look up each group of five rolls in the Diceware word list by finding the number in the list and writing down the word next to the number:
1 6 6 6 5 cleft
1 5 6 5 3 cam
5 6 3 2 2 synod
3 5 6 1 6 lacy
6 5 2 2 4 yr
Your passphrase would then be:
cleft cam synod lacy yr
1 2 3 4 5 6
F 1 ~ ! # $ % ^ O 2 & * ( ) - = U 3 + [ ] \ { } R 4 : ; " ' < > T 5 ? / 0 1 2 3 H 6 4 5 6 7 8 9
There are many different recomendations available on the Internet about how to pick a passphrase. Many are good, a few are bad, but almost all require the user to judge what will be hard for someone else to guess. Some give no guidance on how to do that, others have you make complex mathematical calculations. By contrast, the Diceware method of generating passphrases is:
The prescriptive nature of Diceware is very important for new users of PGP. Here is one person's experience, as posted to the Internet newsgroup alt.security.pgp in January, 1996:
"I just wanted to relate a personal story about how hard it is to convince a novice how important it is to select a secure password, and get them to understand what constitutes a secure password. I am an old-timer at both the Internet and security issues. My sister, however, is brand new to it having just opened an Internet account. She lives in [the mid-west] while I live [on the west coast]. As a result, we exchange quite a bit of very personal email.
Recently, she wanted to give her Internet password to her husband so that he could get on line. However, she still wanted to be able to exchange private messages with me that he would not be able to read. I, of course, introduced her to PGP.
I gave her the usual lecture about how important it is to select a password that nobody else can easily guess, and that the ideal password would be some obscure and nonsense word that would have meaning only to here. I told her all about not selecting birthdays, anniversaries, names, and the like. I didn't suggest a random combination of letters and numbers because we were not after world class security, we just wanted to keep her husband out of our private letters. So, after she selected her PGP password, I decided to give it a try at cracking it. The VERY FIRST password I tried worked! She was totally surprised at how easily I had found it, but it was a word that anyone knowing her would have access to. So, after giving her some more tips on good password selection, I let her try again. This time, it took me only 3 attempts before I found the right word. Finally, she gave up and let me pick a password for her."
Had the author's sister used Diceware, her very first passphrase would have been totally secure and known only to her.
For more information on passphrases and Diceware see the following:
Diceware FAQ Questions and answers for people who want to know more about Diceware and passphrase generation.
A Survey of PGP Passphrase Usage A small poll I ran to find out what PGP users actually do to make passphrases, and some suggestions for improvement.
Diceware for Passphrase Generation and Other Cryptographic Applications Includes info on other uses of Diceware and an analysis of Diceware security.
Passgen: A Password Generator Java Applet Uses keyboard latency to generate random passwords based on a selectable format. Not as secure as the diceware method, but adequate for login passwords and similar applications. Includes source code.
CipherSaber Home Page Learn how to build your own strong encryption program. It's easier than you think!
Other Papers on Cryptography by Arnold Reinhold P=?NP -- who Cares?, Cryptanalysis of Histocompatibility, etc.
Japanese Version of the Diceware Page translated and maintained by Hiroshi Yuki
Chinese Version of the Diceware Page translated by Lian
S. N. Porter, A Password Extension for
Improved Human Factors,
Advances in Cryptology: A Report on CRYPTO 81, Allen Gersho, editor, volume 0, U.C. Santa
Barbara Dept. of Elec. and Computer Eng., Santa Barbara, 1982. Pages 81--81. Also in
Computers & Security, Vol. 1. No. 1, 1982, North Holland Press.
For more information on PGP see:
MIT's Distribution Site for PGP
Fran Litterio's Cryptography, PGP and Your Privacy Page
Here are some other sites with recommendations on how to make your passphrase. I do not suggest that the information at these sites is wrong, just that it may be too complex for most people. Take a look and judge for yourself.
Passphrase FAQ by Randall T. Williams
SkuzNET - How to Choose a Passphrase FAQ
Ascii key+ || 08d0a5d961603380e2949d682c 10 Byte IV || bfe8da5c1dec3aba9725d4f689 Ron's No.4 || 40761763d4d38935e8bd8a44bf All u need ==== 4656a7bd7f9ae5d082a30cdfa7 CipherSaber || f21a918d29c5917956d0468eaf |
Fight the Crypto Ban with Cybersaber! Powerful forces are trying to prevent you from using strong encryption. One way to stop them it to learn how to wrtie a simple yet strong encryptoion program of your own. If you have any programming skills at all -- even Basic -- you can do it.
Arnold G. Reinhold
