Generate pass phrases using Diceware method
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README
pydiceware.py

README

pydiceware: Python Diceware(r) pass phrase generator
====================================================

About
=====

This script generates pass phrases according to the Diceware(r)[1][2] method. It uses os.urandom()[3] for cryptographically secure random number generators and ensures homogeneous sampling of the word lists.

Upon loading a word list, it is first checked for integrity:

1. Limit maximum word length (to ensure we can remember it)
2. Check for duplicate words
3. Check brute-force entropy of word list (i.e. the number of unique characters used, approximately weighted to their occurrence)

For the last point, we check the spread of characters used in the word list. Since not all characters occur equally, this reduces the entropy of the naive log2(26) (for lower case alphabetic pass phrases). The script counts the occurrence of each character, and checks how many characters occur more frequently than the mean. This is not exactly correct, but should pick out really bad word lists.

Pass phrase entropy
-------------------

### Diceware(r) vs brute-force

When generating a password, the entropy is in principle log2(len(wordlist)) * #words. For Diceware(r) word lists, the word list length is 5**6 = 7776, such that the entropy of each word is log2(7776) = 12.9 bits. 

For a lower case pass phrase consisting of only letters, the entropy is log2(#chars) * len(pass phrase), where #chars is the character space (N.B. read above).

In the rare case that the pass phrase is particularly short, the character space is less than the word list space, i.e. 

    log2(#chars) * len(pass phrase) < log2(len(wordlist)) * #words

In such cases, the script re-generates a new password automatically.

### Pass phrase knowledge

When using spaces in the pass phrase (which is in general not recommended), this could be overheard due to the distinct sound of the space bar. In those cases, an adversary knows both how many words are used and how long these words are. In this case, the entropy is reduced to:

    product(log2(#len(word)) for word in passphrase),

i.e. the product of the log2 of the number of words of a certain length. If the word length used are isotropic, this means there are not 6**5 but only 6**5/7 words possible, reducing the entropy by a factor

    log(6**5) / log(6**5/7) == 1.28

where each word contributes

    log2(6**5/7) = 10.1 bits

instead of 

    log2(6**5/7) = 12.9 bits

such that a 6-word pass phrase would be 60.7 bits instead of 77.5 bits.

Since spaces themselves only add 1 bit (spaces or not), from a security perspective these are better left out.

Random numbers
--------------

Paramount to a secure pass phrase is a proper method to generate random numbers. Using dice is a safe solution to this as they are simple yet effective, and hardware or software random number generators might be subverted or weakened[6][7][8]. Therefore, the most secure way to generate pass phrases is printing out the full word list and using dice to choose the words. However, this script also checks the integrity of the word list, such that it provides additional protection against weakened word lists.

Word lists
----------

Word lists are not supplied with the script, although it can fetch scripts from the Diceware(r) homepage with --fetch. Some other sources for word lists:

- https://en.wiktionary.org/wiki/Wiktionary:Frequency_lists/PG/2006/04/1-10000

Usage
=====

    ./pydiceware --help

Version history
===============

## 20131110
- Extended README on RNGs

## 20131102
- Initial release

License
=======

Copyright 2013 Tim van Werkhoven (timvanwerkhoven@gmail.com).

This file is licensed under the Creative Commons Attribution-Share Alike
license versions 3.0 or higher, see
http://creativecommons.org/licenses/by-sa/3.0/

References
==========

[1] "Diceware Passphrase Home" http://world.std.com/~reinhold/diceware.html
[2] "Diceware -- Wikipedia, the free encyclopedia" http://en.wikipedia.org/wiki/Diceware
[3] "15.1. os — Miscellaneous operating system interfaces - Python v2.7.6 documentation" http://docs.python.org/2/library/os#os.urandom
[4] "How reliable is a password strength checker?" http://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker/2693#2693
[5] "XKCD #936: Short complex password, or long dictionary passphrase?" http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
[6] "Random number generator attack -- Wikipedia, the free encyclopedia" https://en.wikipedia.org/wiki/Random_number_generator_attack
[7] "Linux RNG May Be Insecure After All - Slashdot" http://it.slashdot.org/story/13/10/14/2318211/linux-rng-may-be-insecure-after-all
[8] "Cryptanalytic Attacks on Pseudorandom Number Generators" https://www.schneier.com/paper-prngs.html