Diceware #17
Comments
|
I think this could be one of two questions. One is "How is using the passphraseme program better than using physical dice to generate a passphrase?", and two is "How is using the EFF word lists better than using the original Reinhold Diceware list?" The first question is effectively a comparison of Python's random number generation vs. the randomness of physical dice (let's assume the user is using the same word list). Seeing as the creator of this project also wrote a great article about using physical dice to create passsphrases, I'm guessing the answer here is that physical dice are technically a more '"pure" source of entropy. But I'd also say this program and Python is sufficiently random for most needs? Maybe question 1b, since @ghost mentions https://diceware.dmuth.org/ , is how this program, passphraseme, measures up against other similar programs. My guess is that the dmuth tool has a disadvantage of running in the browser, which is a complex piece of software. The second question is a bit more straight forward. The original Reinhold list has some issues. First, it has 825 "words" fewer than 3 characters, like "-", "yv", "su", ")", "ez" "56", "z", and "35". This can lead to issues that Reinhold himself warns about:
The EFF long list has a minimum word length of 3, so this issue isn't present. Second, the Reinhold list is not uniquely decodable, which can lead to some entropy issues (see #21 for more). And lastly, the Reinhold list has some profane words on it that are largely not present in the EFF lists. Hope this helps! |
How is it better than diceware?
http://world.std.com/~reinhold/diceware.html
https://diceware.dmuth.org/
The text was updated successfully, but these errors were encountered: