The diceware algorithm is a password generation algorithm
where users roll dice several times (around 7) to generate
a random number. This random number is then used to index into
a word list and select a word. This process is repeated until
between 3 and 12 words are selected. With dozens to hundreds of
dice rolls, this can get very tedious.
The passgen program performs this work in C++. It uses the /dev/urandom
device on all modern UNIX systems to get randomness. This randomness
is used to index into a word list. It uses 18 bits of randomness per
word. The word list is more than 262144 words long and thus is suitable
for this use.
Before running a random sample of the words are discarded from the list.
The list is also randomly reshuffled before beginning the process to
ensure that a random selection of words are removed. The reshuffling
also means that the same stream of bits from /dev/urandom will not
generate the same password. It will, however, be slightly dependent
upon the randomness in the pre-shuffle. This randomness does not
improve the security of those passwords.
Words smaller than 4 letters are also removed. 18 bits requires
3 bytes to store cleanly, and more than 3 bytes in base32 (which is
kind of like what we're generating these passwords in). Thus
those shorter words represent a compression -- this lowers the
minimum number of bytes necessary to encode the password and reduces
the search surface slightly. (The worst case would be 4 words having
two letters -- 8 bytes, at 5 bits per byte is 40 bits of search
space. 4 words at 18 bits per word is 72 bits of search space.
You lose 32 bits of total search space there, alone!)
(Note: This is a commit of the latest passgen, but using sha256 object store.)
