Is Diceware more secure than a long passphrase? Unicorn Meta Zoo #1: Why another podcast? ...
Is accepting an invalid credit card number a security issue?
Is Diceware more secure than a long passphrase?
Why did Israel vote against lifting the American embargo on Cuba?
What *exactly* is electrical current, voltage, and resistance?
Holes in ElementMesh with ToElementMesh of ImplicitRegion
How to get even lighting when using flash for group photos near wall?
Second order approximation of the loss function (Deep learning book, 7.33)
Suing a Police Officer Instead of the Police Department
Could moose/elk survive in the Amazon forest?
Will I lose my paid in full property
Israeli soda type drink
What is it called when you ride around on your front wheel?
"Whatever a Russian does, they end up making the Kalashnikov gun"? Are there any similar proverbs in English?
What is /etc/mtab in Linux?
Is Electric Central Heating worth it if using Solar Panels?
Co-worker works way more than he should
Why does the Cisco show run command not show the full version, while the show version command does?
Expansion//Explosion and Siren Stormtamer
Why do games have consumables?
The art of proof summarizing. Are there known rules, or is it a purely common sense matter?
Implementing 3DES algorithm in Java: is my code secure?
Trumpet valves, lengths, and pitch
How to keep bees out of canned beverages?
"Rubric" as meaning "signature" or "personal mark" -- is this accepted usage?
Is Diceware more secure than a long passphrase?
Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar ManaraPassword Security Length vs. Complexitywhy are passphrases not the standardLong Passwords: How are they more secure?Password rules: Should I disallow “leetspeak” dictionary passwords like XKCD's Tr0ub4dor&3Strength of variable-length generated passwordWould a multilingual Diceware password be more secure than a monolingual one?Would turning a Diceware phrase into a sentence decrease its security?Passphrase vs starting charactersIs there a well-researched and user-friendly solution to the password problem?Passphrase vs. password entropyAm I likely to see any practical increase in security by combining passphrases and leetspeak?Details of a good WPA2 pre-shared key (password)?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I recently investigated best-practices in regards to passwords, and the overwhelming majority of sources recommended using a password manager. This is great advice, but not usable in every situation. Certain situations, such as OS login, Disk Decryption or Password Manager unlocks do not allow me to let a password manager "type my password in for me".
As such, I have looked at the second-best alternative, which seems to be Diceware and Passphrases. What had me stumped was this answer of a related question, which hinted that Diceware was superior. An excerpt from the answer:
Passphrases are great (Diceware is better) for locking password managers, [...]
Emphasis mine
What confuses me is why this claim that Diceware is supposedly superior? I used zxcvbn to compare the strength of the two example passwords below and it seemed as if the passphrase was more secure than the Diceware password. Further, the Passphrase generates a visual image, although nonsensical, which is easy to remember. The only disadvantage I can imagine is that the passphrase takes longer to type, which is a marginal disadvantage considering it would only need to be typed once before a password manager can be used again.
Examples
Diceware
Diceware is the process of rolling a set of dice, which would indicate a random word from a pre-defined list. Depending on the desired security, more words are chosen.
An example outcome of a Diceware process might be the password:
cleft cam synod lacy yr wok
Passphrases
A passphrase is in essence a sentence, which make sense to the user and hopefully nobody else. It might make grammatical sense, but is very unlikely to make semantic sense.
An example of a passphrase would be:
Blue Light shines from the small Bunny onto the Lake.
passwords
asked 18 hours ago
MechMK1MechMK1
753218
|
show 3 more comments
I recently investigated best-practices in regards to passwords, and the overwhelming majority of sources recommended using a password manager. This is great advice, but not usable in every situation. Certain situations, such as OS login, Disk Decryption or Password Manager unlocks do not allow me to let a password manager "type my password in for me".
As such, I have looked at the second-best alternative, which seems to be Diceware and Passphrases. What had me stumped was this answer of a related question, which hinted that Diceware was superior. An excerpt from the answer:
Passphrases are great (Diceware is better) for locking password managers, [...]
Emphasis mine
What confuses me is why this claim that Diceware is supposedly superior? I used zxcvbn to compare the strength of the two example passwords below and it seemed as if the passphrase was more secure than the Diceware password. Further, the Passphrase generates a visual image, although nonsensical, which is easy to remember. The only disadvantage I can imagine is that the passphrase takes longer to type, which is a marginal disadvantage considering it would only need to be typed once before a password manager can be used again.
Examples
Diceware
Diceware is the process of rolling a set of dice, which would indicate a random word from a pre-defined list. Depending on the desired security, more words are chosen.
An example outcome of a Diceware process might be the password:
cleft cam synod lacy yr wok
Passphrases
A passphrase is in essence a sentence, which make sense to the user and hopefully nobody else. It might make grammatical sense, but is very unlikely to make semantic sense.
An example of a passphrase would be:
Blue Light shines from the small Bunny onto the Lake.
passwords
asked 18 hours ago
MechMK1MechMK1
753218
2
why this claim that Diceware is supposedly superiorBecause it is more random then a sentence someone thinks of themselves
– Kevin Voorn
18 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
1
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
2
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
3
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago
|
show 3 more comments
I recently investigated best-practices in regards to passwords, and the overwhelming majority of sources recommended using a password manager. This is great advice, but not usable in every situation. Certain situations, such as OS login, Disk Decryption or Password Manager unlocks do not allow me to let a password manager "type my password in for me".
As such, I have looked at the second-best alternative, which seems to be Diceware and Passphrases. What had me stumped was this answer of a related question, which hinted that Diceware was superior. An excerpt from the answer:
Passphrases are great (Diceware is better) for locking password managers, [...]
Emphasis mine
What confuses me is why this claim that Diceware is supposedly superior? I used zxcvbn to compare the strength of the two example passwords below and it seemed as if the passphrase was more secure than the Diceware password. Further, the Passphrase generates a visual image, although nonsensical, which is easy to remember. The only disadvantage I can imagine is that the passphrase takes longer to type, which is a marginal disadvantage considering it would only need to be typed once before a password manager can be used again.
Examples
Diceware
Diceware is the process of rolling a set of dice, which would indicate a random word from a pre-defined list. Depending on the desired security, more words are chosen.
An example outcome of a Diceware process might be the password:
cleft cam synod lacy yr wok
Passphrases
A passphrase is in essence a sentence, which make sense to the user and hopefully nobody else. It might make grammatical sense, but is very unlikely to make semantic sense.
An example of a passphrase would be:
Blue Light shines from the small Bunny onto the Lake.
passwords
asked 18 hours ago
MechMK1MechMK1
753218
I recently investigated best-practices in regards to passwords, and the overwhelming majority of sources recommended using a password manager. This is great advice, but not usable in every situation. Certain situations, such as OS login, Disk Decryption or Password Manager unlocks do not allow me to let a password manager "type my password in for me".
As such, I have looked at the second-best alternative, which seems to be Diceware and Passphrases. What had me stumped was this answer of a related question, which hinted that Diceware was superior. An excerpt from the answer:
Passphrases are great (Diceware is better) for locking password managers, [...]
Emphasis mine
What confuses me is why this claim that Diceware is supposedly superior? I used zxcvbn to compare the strength of the two example passwords below and it seemed as if the passphrase was more secure than the Diceware password. Further, the Passphrase generates a visual image, although nonsensical, which is easy to remember. The only disadvantage I can imagine is that the passphrase takes longer to type, which is a marginal disadvantage considering it would only need to be typed once before a password manager can be used again.
Examples
Diceware
Diceware is the process of rolling a set of dice, which would indicate a random word from a pre-defined list. Depending on the desired security, more words are chosen.
An example outcome of a Diceware process might be the password:
cleft cam synod lacy yr wok
Passphrases
A passphrase is in essence a sentence, which make sense to the user and hopefully nobody else. It might make grammatical sense, but is very unlikely to make semantic sense.
An example of a passphrase would be:
Blue Light shines from the small Bunny onto the Lake.
passwords
passwords
asked 18 hours ago
MechMK1MechMK1
753218
asked 18 hours ago
MechMK1MechMK1
753218
asked 18 hours ago
MechMK1MechMK1
753218
asked 18 hours ago
MechMK1MechMK1
753218
asked 18 hours ago
MechMK1MechMK1
753218
753218
2
why this claim that Diceware is supposedly superiorBecause it is more random then a sentence someone thinks of themselves
– Kevin Voorn
18 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
1
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
2
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
3
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago
|
show 3 more comments
2
why this claim that Diceware is supposedly superiorBecause it is more random then a sentence someone thinks of themselves
– Kevin Voorn
18 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
1
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
2
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
3
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago
2
2
why this claim that Diceware is supposedly superior Because it is more random then a sentence someone thinks of themselves– Kevin Voorn
18 hours ago
why this claim that Diceware is supposedly superior Because it is more random then a sentence someone thinks of themselves– Kevin Voorn
18 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
1
1
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
2
2
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
3
3
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago
|
show 3 more comments
2 Answers
2
active
oldest
votes
Most people that use passphrases, use passphrases wrong.
The remark that Dicware is better probably comes from the fact that, when people use passphrases, they usually take a well-known or otherwise logically structured sentence and use that. "Mary had a little lamb" a terrible passphrase because it is one of a few billion well-known phrases that a computer can run through in a short amount of time. I know this works pretty well because I tried it.
Diceware is just random words. It's as good as any other randomly generated set of words, assuming you use a good source of randomness: for Diceware, you should use dice, which is a reasonably good source. Digital password generators are usually also good, though homebrew implementations might use an insecure random generator by mistake.
We know that any random passphrase is good because it's basic math. There are two properties to a passphrase:
- Dictionary size
- Number of words in the phrase
The 'randomness' of a passphrase is simple to calculate: dictionary_size ^ words_in_phrase, where ^ is exponentiation. A passphrase of 3 words with a dictionary of 8000 words is 8000^3= 512 billion possible phrases. So an attacker, when guessing the phrase, would have to try 256 billion phrases (on average) before s/he gets it right. To compare with a password of similar strength: a random password using 6 characters, consisting of a-z and A-Z, has a "dictionary size" of 52 (26 + 26) and a "number of words" of 7, making 52^6= ~1028 billion possible passwords. It is well-known that 7 characters is pretty insecure, even when randomly generated.
For randomness, it's the more the better up until about 128 bits of entropy. A little more than that helps buffer against cryptographic weakenings of algorithms, but really, you don't want to memorize 128 bits of entropy anyway. Let's say we want to go for 80 bits of entropy, which is a good compromise for almost anything.
To convert "number of possible values" to "bits of entropy", we need to use this formula: log(n)/log(2), where n is the number of possible values. So if you have 26 possible values (1 letter), that would be log(26)/log(2)= ~4.7 bits of entropy. That makes sense because you need 5 bits to store a letter: the number 26 is 11010 in binary.
A dictionary of 8000 words needs about 7 words to get above the desired 80 bits:log(8000^7)/log(2)= ~90.8 bits of entropy. Six words would be:log(8000^6)/log(2)= ~77.8 bits of entropy.
A large dictionary helps a lot, compared to the relatively small Diceware dictionary of 7776 words. The Oxford English Dictionary has 600k words. With that many words, a phrase of four randomly chosen words is almost enough:log(600 000^4)/log(2)= ~76.8 bits of entropy.
But at 600 thousand words, that includes very obscure and long words. A dictionary with words that you can reasonably remember might have a hundred thousand or so. Instead of the seven words that we need with Diceware, we need five words in our phrase when selecting randomly from a dictionary of 100k words:log(100 000^5)/log(2)= ~83.0 bits of entropy.
Adding one more word to your phrase helps more than adding ten thousand words to your dictionary, so length beats complexity, but a good solution balances the two. Diceware seems a little small to me, but perhaps they tested with different sizes and found this to be a good balance. I am not a linguist :).
Just for comparison, a password (consisting of a-z, A-Z, and 0-9) needs 14 characters to reach the same strength: log(62^14)/log(2)= ~83.4 bits of entropy.
answered 18 hours ago
LucLuc
24.4k645104
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choosepassword123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.
– TripeHound
17 hours ago
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,IFFthe phrase was chosen carefully and is not easily guessable.
– MechMK1
17 hours ago
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
|
show 9 more comments
Passwords should be easy to remember and hard to guess. As AviD once said, security at the expense of usability, comes at the expense of security. A passphrase is easy to remember because it has some sort of meaning to the user, even though it might seem random at first. Taking a look at usability, a passphrase is more superior: You don't need dice and a list of words, you can think of a passphrase yourself and remember it more easily.
However, using dice and a random list of words makes for a near fully random password. There is no link to the user, where a passphrase most of the times (unless truly random) was made up of something related to the user.
Any password checker online can only verify how hard it would be for a computer to guess a password, where a sentence (or passphrase in this case) might be more easily guessed by another human. In your example, the length of your diceware generated password is less then the passphrase (however still very long compared to security standards nowadays), but as you stated yourself, you can create longer passwords when you want to.
I wouldn't say diceware is always superior, but it definitely is more random and can still have the same length as a passphrase which makes it superior in certain cases.
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f208937%2fis-diceware-more-secure-than-a-long-passphrase%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Most people that use passphrases, use passphrases wrong.
The remark that Dicware is better probably comes from the fact that, when people use passphrases, they usually take a well-known or otherwise logically structured sentence and use that. "Mary had a little lamb" a terrible passphrase because it is one of a few billion well-known phrases that a computer can run through in a short amount of time. I know this works pretty well because I tried it.
Diceware is just random words. It's as good as any other randomly generated set of words, assuming you use a good source of randomness: for Diceware, you should use dice, which is a reasonably good source. Digital password generators are usually also good, though homebrew implementations might use an insecure random generator by mistake.
We know that any random passphrase is good because it's basic math. There are two properties to a passphrase:
- Dictionary size
- Number of words in the phrase
The 'randomness' of a passphrase is simple to calculate: dictionary_size ^ words_in_phrase, where ^ is exponentiation. A passphrase of 3 words with a dictionary of 8000 words is 8000^3= 512 billion possible phrases. So an attacker, when guessing the phrase, would have to try 256 billion phrases (on average) before s/he gets it right. To compare with a password of similar strength: a random password using 6 characters, consisting of a-z and A-Z, has a "dictionary size" of 52 (26 + 26) and a "number of words" of 7, making 52^6= ~1028 billion possible passwords. It is well-known that 7 characters is pretty insecure, even when randomly generated.
For randomness, it's the more the better up until about 128 bits of entropy. A little more than that helps buffer against cryptographic weakenings of algorithms, but really, you don't want to memorize 128 bits of entropy anyway. Let's say we want to go for 80 bits of entropy, which is a good compromise for almost anything.
To convert "number of possible values" to "bits of entropy", we need to use this formula: log(n)/log(2), where n is the number of possible values. So if you have 26 possible values (1 letter), that would be log(26)/log(2)= ~4.7 bits of entropy. That makes sense because you need 5 bits to store a letter: the number 26 is 11010 in binary.
A dictionary of 8000 words needs about 7 words to get above the desired 80 bits:log(8000^7)/log(2)= ~90.8 bits of entropy. Six words would be:log(8000^6)/log(2)= ~77.8 bits of entropy.
A large dictionary helps a lot, compared to the relatively small Diceware dictionary of 7776 words. The Oxford English Dictionary has 600k words. With that many words, a phrase of four randomly chosen words is almost enough:log(600 000^4)/log(2)= ~76.8 bits of entropy.
But at 600 thousand words, that includes very obscure and long words. A dictionary with words that you can reasonably remember might have a hundred thousand or so. Instead of the seven words that we need with Diceware, we need five words in our phrase when selecting randomly from a dictionary of 100k words:log(100 000^5)/log(2)= ~83.0 bits of entropy.
Adding one more word to your phrase helps more than adding ten thousand words to your dictionary, so length beats complexity, but a good solution balances the two. Diceware seems a little small to me, but perhaps they tested with different sizes and found this to be a good balance. I am not a linguist :).
Just for comparison, a password (consisting of a-z, A-Z, and 0-9) needs 14 characters to reach the same strength: log(62^14)/log(2)= ~83.4 bits of entropy.
answered 18 hours ago
LucLuc
24.4k645104
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choosepassword123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.
– TripeHound
17 hours ago
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,IFFthe phrase was chosen carefully and is not easily guessable.
– MechMK1
17 hours ago
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
|
show 9 more comments
Most people that use passphrases, use passphrases wrong.
The remark that Dicware is better probably comes from the fact that, when people use passphrases, they usually take a well-known or otherwise logically structured sentence and use that. "Mary had a little lamb" a terrible passphrase because it is one of a few billion well-known phrases that a computer can run through in a short amount of time. I know this works pretty well because I tried it.
Diceware is just random words. It's as good as any other randomly generated set of words, assuming you use a good source of randomness: for Diceware, you should use dice, which is a reasonably good source. Digital password generators are usually also good, though homebrew implementations might use an insecure random generator by mistake.
We know that any random passphrase is good because it's basic math. There are two properties to a passphrase:
- Dictionary size
- Number of words in the phrase
The 'randomness' of a passphrase is simple to calculate: dictionary_size ^ words_in_phrase, where ^ is exponentiation. A passphrase of 3 words with a dictionary of 8000 words is 8000^3= 512 billion possible phrases. So an attacker, when guessing the phrase, would have to try 256 billion phrases (on average) before s/he gets it right. To compare with a password of similar strength: a random password using 6 characters, consisting of a-z and A-Z, has a "dictionary size" of 52 (26 + 26) and a "number of words" of 7, making 52^6= ~1028 billion possible passwords. It is well-known that 7 characters is pretty insecure, even when randomly generated.
For randomness, it's the more the better up until about 128 bits of entropy. A little more than that helps buffer against cryptographic weakenings of algorithms, but really, you don't want to memorize 128 bits of entropy anyway. Let's say we want to go for 80 bits of entropy, which is a good compromise for almost anything.
To convert "number of possible values" to "bits of entropy", we need to use this formula: log(n)/log(2), where n is the number of possible values. So if you have 26 possible values (1 letter), that would be log(26)/log(2)= ~4.7 bits of entropy. That makes sense because you need 5 bits to store a letter: the number 26 is 11010 in binary.
A dictionary of 8000 words needs about 7 words to get above the desired 80 bits:log(8000^7)/log(2)= ~90.8 bits of entropy. Six words would be:log(8000^6)/log(2)= ~77.8 bits of entropy.
A large dictionary helps a lot, compared to the relatively small Diceware dictionary of 7776 words. The Oxford English Dictionary has 600k words. With that many words, a phrase of four randomly chosen words is almost enough:log(600 000^4)/log(2)= ~76.8 bits of entropy.
But at 600 thousand words, that includes very obscure and long words. A dictionary with words that you can reasonably remember might have a hundred thousand or so. Instead of the seven words that we need with Diceware, we need five words in our phrase when selecting randomly from a dictionary of 100k words:log(100 000^5)/log(2)= ~83.0 bits of entropy.
Adding one more word to your phrase helps more than adding ten thousand words to your dictionary, so length beats complexity, but a good solution balances the two. Diceware seems a little small to me, but perhaps they tested with different sizes and found this to be a good balance. I am not a linguist :).
Just for comparison, a password (consisting of a-z, A-Z, and 0-9) needs 14 characters to reach the same strength: log(62^14)/log(2)= ~83.4 bits of entropy.
answered 18 hours ago
LucLuc
24.4k645104
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choosepassword123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.
– TripeHound
17 hours ago
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,IFFthe phrase was chosen carefully and is not easily guessable.
– MechMK1
17 hours ago
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
|
show 9 more comments
Most people that use passphrases, use passphrases wrong.
The remark that Dicware is better probably comes from the fact that, when people use passphrases, they usually take a well-known or otherwise logically structured sentence and use that. "Mary had a little lamb" a terrible passphrase because it is one of a few billion well-known phrases that a computer can run through in a short amount of time. I know this works pretty well because I tried it.
Diceware is just random words. It's as good as any other randomly generated set of words, assuming you use a good source of randomness: for Diceware, you should use dice, which is a reasonably good source. Digital password generators are usually also good, though homebrew implementations might use an insecure random generator by mistake.
We know that any random passphrase is good because it's basic math. There are two properties to a passphrase:
- Dictionary size
- Number of words in the phrase
The 'randomness' of a passphrase is simple to calculate: dictionary_size ^ words_in_phrase, where ^ is exponentiation. A passphrase of 3 words with a dictionary of 8000 words is 8000^3= 512 billion possible phrases. So an attacker, when guessing the phrase, would have to try 256 billion phrases (on average) before s/he gets it right. To compare with a password of similar strength: a random password using 6 characters, consisting of a-z and A-Z, has a "dictionary size" of 52 (26 + 26) and a "number of words" of 7, making 52^6= ~1028 billion possible passwords. It is well-known that 7 characters is pretty insecure, even when randomly generated.
For randomness, it's the more the better up until about 128 bits of entropy. A little more than that helps buffer against cryptographic weakenings of algorithms, but really, you don't want to memorize 128 bits of entropy anyway. Let's say we want to go for 80 bits of entropy, which is a good compromise for almost anything.
To convert "number of possible values" to "bits of entropy", we need to use this formula: log(n)/log(2), where n is the number of possible values. So if you have 26 possible values (1 letter), that would be log(26)/log(2)= ~4.7 bits of entropy. That makes sense because you need 5 bits to store a letter: the number 26 is 11010 in binary.
A dictionary of 8000 words needs about 7 words to get above the desired 80 bits:log(8000^7)/log(2)= ~90.8 bits of entropy. Six words would be:log(8000^6)/log(2)= ~77.8 bits of entropy.
A large dictionary helps a lot, compared to the relatively small Diceware dictionary of 7776 words. The Oxford English Dictionary has 600k words. With that many words, a phrase of four randomly chosen words is almost enough:log(600 000^4)/log(2)= ~76.8 bits of entropy.
But at 600 thousand words, that includes very obscure and long words. A dictionary with words that you can reasonably remember might have a hundred thousand or so. Instead of the seven words that we need with Diceware, we need five words in our phrase when selecting randomly from a dictionary of 100k words:log(100 000^5)/log(2)= ~83.0 bits of entropy.
Adding one more word to your phrase helps more than adding ten thousand words to your dictionary, so length beats complexity, but a good solution balances the two. Diceware seems a little small to me, but perhaps they tested with different sizes and found this to be a good balance. I am not a linguist :).
Just for comparison, a password (consisting of a-z, A-Z, and 0-9) needs 14 characters to reach the same strength: log(62^14)/log(2)= ~83.4 bits of entropy.
answered 18 hours ago
LucLuc
24.4k645104
Most people that use passphrases, use passphrases wrong.
The remark that Dicware is better probably comes from the fact that, when people use passphrases, they usually take a well-known or otherwise logically structured sentence and use that. "Mary had a little lamb" a terrible passphrase because it is one of a few billion well-known phrases that a computer can run through in a short amount of time. I know this works pretty well because I tried it.
Diceware is just random words. It's as good as any other randomly generated set of words, assuming you use a good source of randomness: for Diceware, you should use dice, which is a reasonably good source. Digital password generators are usually also good, though homebrew implementations might use an insecure random generator by mistake.
We know that any random passphrase is good because it's basic math. There are two properties to a passphrase:
- Dictionary size
- Number of words in the phrase
The 'randomness' of a passphrase is simple to calculate: dictionary_size ^ words_in_phrase, where ^ is exponentiation. A passphrase of 3 words with a dictionary of 8000 words is 8000^3= 512 billion possible phrases. So an attacker, when guessing the phrase, would have to try 256 billion phrases (on average) before s/he gets it right. To compare with a password of similar strength: a random password using 6 characters, consisting of a-z and A-Z, has a "dictionary size" of 52 (26 + 26) and a "number of words" of 7, making 52^6= ~1028 billion possible passwords. It is well-known that 7 characters is pretty insecure, even when randomly generated.
For randomness, it's the more the better up until about 128 bits of entropy. A little more than that helps buffer against cryptographic weakenings of algorithms, but really, you don't want to memorize 128 bits of entropy anyway. Let's say we want to go for 80 bits of entropy, which is a good compromise for almost anything.
To convert "number of possible values" to "bits of entropy", we need to use this formula: log(n)/log(2), where n is the number of possible values. So if you have 26 possible values (1 letter), that would be log(26)/log(2)= ~4.7 bits of entropy. That makes sense because you need 5 bits to store a letter: the number 26 is 11010 in binary.
A dictionary of 8000 words needs about 7 words to get above the desired 80 bits:log(8000^7)/log(2)= ~90.8 bits of entropy. Six words would be:log(8000^6)/log(2)= ~77.8 bits of entropy.
A large dictionary helps a lot, compared to the relatively small Diceware dictionary of 7776 words. The Oxford English Dictionary has 600k words. With that many words, a phrase of four randomly chosen words is almost enough:log(600 000^4)/log(2)= ~76.8 bits of entropy.
But at 600 thousand words, that includes very obscure and long words. A dictionary with words that you can reasonably remember might have a hundred thousand or so. Instead of the seven words that we need with Diceware, we need five words in our phrase when selecting randomly from a dictionary of 100k words:log(100 000^5)/log(2)= ~83.0 bits of entropy.
Adding one more word to your phrase helps more than adding ten thousand words to your dictionary, so length beats complexity, but a good solution balances the two. Diceware seems a little small to me, but perhaps they tested with different sizes and found this to be a good balance. I am not a linguist :).
Just for comparison, a password (consisting of a-z, A-Z, and 0-9) needs 14 characters to reach the same strength: log(62^14)/log(2)= ~83.4 bits of entropy.
answered 18 hours ago
LucLuc
24.4k645104
edited 15 hours ago
answered 18 hours ago
LucLuc
24.4k645104
answered 18 hours ago
LucLuc
24.4k645104
answered 18 hours ago
LucLuc
24.4k645104
24.4k645104
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choosepassword123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.
– TripeHound
17 hours ago
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,IFFthe phrase was chosen carefully and is not easily guessable.
– MechMK1
17 hours ago
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
|
show 9 more comments
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choosepassword123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.
– TripeHound
17 hours ago
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,IFFthe phrase was chosen carefully and is not easily guessable.
– MechMK1
17 hours ago
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
5
5
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choose
password123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.– TripeHound
17 hours ago
@MechMK1 But the point is, I believe, while you carefully chose a phrase that wasn't "guessable", many/most people (the same ones who choose
password123) will pick "Mary had a little lamb" or similar. Just as using the password-generator of a password manager stops people choosing non- (or at least not-very-) random passwords, Luc's point is that Diceware stops them picking non-/not-very-random passphrases.– TripeHound
17 hours ago
1
1
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,
IFF the phrase was chosen carefully and is not easily guessable.– MechMK1
17 hours ago
@TripeHound Alright. So as "lessions learned" I'm going to note that passphrases can be secure,
IFF the phrase was chosen carefully and is not easily guessable.– MechMK1
17 hours ago
4
4
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
When a person attempts to think of "random" words on their own, they have an inclination towards concrete nouns. ("Things," that is. As opposed to abstract nouns like concepts, and other words like adjectives, verbs, etc.)
– Michael
16 hours ago
4
4
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
@MechMK1 "diceware is more entropic, but passphrases are more easy to remember" But diceware is a passphrase. If you use something that is easier to remember than diceware, then you are not using passphrases, you are using phrases. It will not be as secure as a real passphrase.
– Luc
16 hours ago
4
4
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
@Larkeith Alright. While working on it, I finally noticed you said 59 million. That's an awful lot of words, considering an average spell checker has some 100k, and lots of those are possessive (so "aardvark" and "aardvark's" count separately) as well as popular names. I found the number you mentioned on Wikipedia, but its source says "59M words in entire text", so that probably includes the definitions themselves (with perhaps a dozen or more words per entry). That explanation matches with the more plausible 600k words claimed on their website: oed.com. I'll use that number instead.
– Luc
15 hours ago
|
show 9 more comments
Passwords should be easy to remember and hard to guess. As AviD once said, security at the expense of usability, comes at the expense of security. A passphrase is easy to remember because it has some sort of meaning to the user, even though it might seem random at first. Taking a look at usability, a passphrase is more superior: You don't need dice and a list of words, you can think of a passphrase yourself and remember it more easily.
However, using dice and a random list of words makes for a near fully random password. There is no link to the user, where a passphrase most of the times (unless truly random) was made up of something related to the user.
Any password checker online can only verify how hard it would be for a computer to guess a password, where a sentence (or passphrase in this case) might be more easily guessed by another human. In your example, the length of your diceware generated password is less then the passphrase (however still very long compared to security standards nowadays), but as you stated yourself, you can create longer passwords when you want to.
I wouldn't say diceware is always superior, but it definitely is more random and can still have the same length as a passphrase which makes it superior in certain cases.
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
add a comment |
Passwords should be easy to remember and hard to guess. As AviD once said, security at the expense of usability, comes at the expense of security. A passphrase is easy to remember because it has some sort of meaning to the user, even though it might seem random at first. Taking a look at usability, a passphrase is more superior: You don't need dice and a list of words, you can think of a passphrase yourself and remember it more easily.
However, using dice and a random list of words makes for a near fully random password. There is no link to the user, where a passphrase most of the times (unless truly random) was made up of something related to the user.
Any password checker online can only verify how hard it would be for a computer to guess a password, where a sentence (or passphrase in this case) might be more easily guessed by another human. In your example, the length of your diceware generated password is less then the passphrase (however still very long compared to security standards nowadays), but as you stated yourself, you can create longer passwords when you want to.
I wouldn't say diceware is always superior, but it definitely is more random and can still have the same length as a passphrase which makes it superior in certain cases.
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
add a comment |
Passwords should be easy to remember and hard to guess. As AviD once said, security at the expense of usability, comes at the expense of security. A passphrase is easy to remember because it has some sort of meaning to the user, even though it might seem random at first. Taking a look at usability, a passphrase is more superior: You don't need dice and a list of words, you can think of a passphrase yourself and remember it more easily.
However, using dice and a random list of words makes for a near fully random password. There is no link to the user, where a passphrase most of the times (unless truly random) was made up of something related to the user.
Any password checker online can only verify how hard it would be for a computer to guess a password, where a sentence (or passphrase in this case) might be more easily guessed by another human. In your example, the length of your diceware generated password is less then the passphrase (however still very long compared to security standards nowadays), but as you stated yourself, you can create longer passwords when you want to.
I wouldn't say diceware is always superior, but it definitely is more random and can still have the same length as a passphrase which makes it superior in certain cases.
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
Passwords should be easy to remember and hard to guess. As AviD once said, security at the expense of usability, comes at the expense of security. A passphrase is easy to remember because it has some sort of meaning to the user, even though it might seem random at first. Taking a look at usability, a passphrase is more superior: You don't need dice and a list of words, you can think of a passphrase yourself and remember it more easily.
However, using dice and a random list of words makes for a near fully random password. There is no link to the user, where a passphrase most of the times (unless truly random) was made up of something related to the user.
Any password checker online can only verify how hard it would be for a computer to guess a password, where a sentence (or passphrase in this case) might be more easily guessed by another human. In your example, the length of your diceware generated password is less then the passphrase (however still very long compared to security standards nowadays), but as you stated yourself, you can create longer passwords when you want to.
I wouldn't say diceware is always superior, but it definitely is more random and can still have the same length as a passphrase which makes it superior in certain cases.
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
answered 18 hours ago
Kevin VoornKevin Voorn
1,377517
1,377517
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f208937%2fis-diceware-more-secure-than-a-long-passphrase%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
why this claim that Diceware is supposedly superiorBecause it is more random then a sentence someone thinks of themselves– Kevin Voorn
18 hours ago
As a note, some password managers and disk encryption allow for a hardware key, which is going to be better than any memorized option (though for truly optimal security, you could use a hardware key alongside a secure memorized secret).
– Larkeith
16 hours ago
1
@Larkeith Yes, I know that a key file on a thumb drive is possible, but it was merely an example. And as you mentioned, that key file should probably be encrypted with a strong passphrase, leading us back to square one.
– MechMK1
16 hours ago
2
One comment about your question, you are considering Diceware and passphrases separate things. They aren't. Diceware generates passphrases, albeit ones composed of random words. You're talking about 'natural language passphrases' when you describe passphrases. Both are the same category of secrets, just different variations.
– PwdRsch
13 hours ago
3
side note: Almost all estimators of password strength are complete and utter nonsense. The assumed mathematical complexity rarely exists in real life, and brute-forcing is seldom your main threat. When I register for new sites that have a "password strength" estimate on their register form, I typically try for giggles how good they thing AAAaaa123!!! is. Surprise, it quite often is apparently the best password they've ever seen. They also consider 200 random letters a weak password because it doesn't have a number...
– Tom
13 hours ago