The simple math behind the extraordinary benefit of 8 sided dice for diceware

Posted on Thu 14 May 2020 in tech

Most diceware implementations use 6-sided dice or D6. It would be easy to knee jerk assume that the marginal difference between 6 and 8 sided dice is negligible. However, in that case, one would be forgetting that we are dealing with exponential counting here and small numbers really add up.

what is diceware?

Diceware is a clever mechanism for generating both memorable and secure passwords. The problem with passwords is that most people are very bad at choosing them. Even if we don’t intend to most of us use information from the conscious, subconscious and are strongly influenced by our environment. Sometimes we are also influenced by security myths or security theater we may have encountered - using curse words, using l337 encoding, etc. Everyone has heard the apocryphal stories of ‘abc123’ in some large organizations and others have probably witnessed first hand the occasional ‘Jesus77.’ With diceware the human factor is removed from the generation side while still resulting in a very memorable and human oriented output password.

Diceware

In my experience with diceware, even the strongest diceware passwords are memorable after spending a day or two working on them and they instill confidence that in concert with 2FA or other verification schemes they should be essentially unbeatable.

How does diceware work

Diceware works as follows:

A set of dice are rolled a given number of time to build a random string

The string is then converted to human readable words using a table

For example. Lets say the dice roll results in the following string:

4588 3312 7713 28

Next each codeword is looked up in a diceware table resulting in a candidate password:

Hussar colony interrogate-28

I usually Jazz my passwords up by mixing up the capitalization and adding one or two non alphanumeric characters. Although this is not strictly required, it feels good doing it and it helps defeat annoying password restrictions on some overprotective sites.

If the D6 password would be secure for 2 months, the D8 password is secure for 29.5 years.

Why choose an 8 sided dice for diceware?

Current best practices suggest using a 4 word string. I also recommend generating at least two numbers on top of this. This means there are 16+2 (18) total characters in the password. How do we calculate the number of trials required to break the password? It’s a simple expression of the number of combinations of a given generator.

N = d^n

In this equation, N the total number is defined by d, the number of possibilities in the base set, raised to the n power, where n is the length of the string.

For example for an 18 digit string using 6 sided dice. The result is 6^18 or 101,559,956,668,416 which seems impressive. Until you try with an 8 sided dice. 8^18 is 18,014,398,509,481,984. That is two orders of magnitude larger. So in exchange for almost equal effort of rolling a D8 or D10, the user is gifted with 200 times more security. Or to put it another way, a hacker would have to work 177 times as hard to break a D8 generated password. If the D6 password would be secure for 2 months, the D8 password is secure for 29.5 years.

This is the best way to generate critical passwords. Below, I've provided a link to my D8 optimized diceware table. It uses highly memorable military codewords. The passwords that get generated are highly memorable and sometimes funny enough to be highly memorable.

Diceware for D8 and D10 dice