Civil rights organization EFF develops new word lists for passphrases
The US Electronic Frontier Foundation, which is committed to protecting civil rights, has created new glossaries that allow users to generate passphrases. Existing lists could be improved.
One of the widely used existing lists is the so-called Diceware list with 7776 words. With only a die in hand, users can generate a random passphrase or passphrase from that by rerolling five times. The five digits resulting from this basic hardware random number generator are associated with a word. In this way it is eventually possible to dice together a passphrase that consists of different words.
The EFF believes that existing lists need a number of improvements. For example, Diceware’s contains some difficult words, unusual first names, strange letter orders, and vulgar words. These make it difficult for users to spell and remember them. Some keyboards also have trouble with it.
That is why the organization has decided to draw up its own list, also containing 7776 words. This long version is based on research by the University of Ghent. It only contains words that are not subject to the same problems as those in the Diceware list. In addition, the words are longer.
The author points out that the security of an EFF passphrase is no different from that of one from Diceware. The difference is mainly in usability. There are also two short lists available that consist of 1296 words and can be used with four standard dice. However, the security of a passphrase that comes from these lists is less high.
It is recommended that you use a passphrase with several random words and spaces instead of one password, according to the EFF. Users are not good at making arbitrary choices. Once a passphrase has been generated, it is fairly easy to remember because it contains existing words. According to the EFF, a six-word passphrase has 77 bits of entropy, with each bit making it twice as difficult to brute force the passphrase. Each word in a passphrase adds 12.9 bits of entropy.
If you prefer to continue using Diceware passphrases, these can be purchased from 11-year-old Mira Modi. She dices them together for eight dollars and sells them through her site.