Romanian Dicelist
This blog was written in Romanian for three or four years. A couple of months ago I announced finally giving up and moving to English - in retrospect a move quite unavoidable since launching MPEx this spring, and at any rate something people were campaigning for in crescendo all through the summer. I'm stubborn like that.
I said then that
E posibil sa ma plezneasca cheful si sa scriu vre-o poezie sau ceva, nu neg si nu contest, da’ vreau sa zic ca nu mai exista nici un motiv rational sa asteptati asa ceva. Pur si simplu.
which'd mean "it's possible I may feel like writing a poem or something, no argument, but what I'm saying is there's no rational reason to expect it from now on". Well... guess what! It's not poetry that makes me revisit that language, but moreover and once more the intellectual shortcomings of its speakers. I've recently found out there's no dicelisti for Romanian, so I'm making one.
[interludeii]
Here's a signed textfile. Enjoy.
———- A dicelist is a method of picking strong passwords by using a set of five dice (or the same die five times if you only have one). Given a list of 7`776 unique words, five rolls of a dice allow one to pick a word (if you roll 35115 you pick the 5015th word in the list, or the word at index 35116). Consequently, each word adds ~13 bits of entropy to the strength of that password (a little less), and so a six word long password is just around the 80 bits NIST recomendation for "most secure", and a seven word one is significantly over that.
The main advantage a seven word dicelist-based password has over simple character-based passwords is that for most people it's much, much easier to remember, long term. Thus, from an UX/ergonomy perspective the non-technical users would be expected to be much better served by using a dicelist-based password. The main disadvantage is that it takes longer to type, which allows for a simple test : if when confronted with a request for your password you currently spend more time trying to remember what it was than typing it out, maybe you should give the dicelist method a try. If on the contrary, you spend more time typing than thinking about it, the Y7&qxo9f.54- type thing you've got going is probably great for you.
The more important thing to keep in mind is that absolutely no cheating is allowed. You can't substitute one word in your dicelist password for another for any reason whatsoever, because any reason you could think of is in fact a way to reduce - usually significantly - the strength and thus the value of the password. In a sense this process is the exact opposite of what you habitually use wordlists for, which is composing bad poetry. The less important thing to keep in mind is that picking a unique word separator is a cheap way to improve the security of your password.
Finally, a revisiting of the "worst password in the world" article is in order. Using a sentence as a password as long as it's something you picked with your own head and it makes sense is indescribably stupid. [↩]
- If you're curious :
$grep -o -w '\w\{4,7\}' dex_dump.txt | sort | uniq -u > words.txt
$for i in {1..1000}; do curl -L http://ro.wikisource.org/wiki/Special:Aleatoriu >> wiki.txt; done
$cat words.txt | xargs -I {} grep -nwo {} wiki.txt > result.txt
$sort result.txt | uniq -c > result1.txt
* a little hand cleanning of the results *
$for i in {1..6}; do for j in {1..6}; do for k in {1..6}; do for l in {1..6}; do for m in {1..6}; do echo $i$j$k$l$m; done > count.txt
$paste count.txt result1.txt > result2.txt
* add comments to result2.txt *
$gpg --clearsign result2.txt
[↩]
Wednesday, 18 June 2014
via Ars :
So there.