• Off Topic
  • Any app to Generate Diceware passwords with EFF's long word list?

  • [deleted]

Hi
I have not been able to find a app that can generate Diceware passwords with EFF's long word List, has no permissions (Internet permission should be only used for updating the Word list), and is Standalone (not integrated into some Password manager).

  • [deleted]

  • Edited

mmmm I have used this too, but the thing is Its just more easy to review and trust a static app rather than a random website that can load dynamic code.

Its explicitly stated on the website NOT to use any kind of computer generated password. You should, as the author intended, use a physical dice, write it on paper, and then shred, molch and burn the paper afterwards.

You should only use dice ware for your master password or a password you need to remember in your mind. Everything else is auto filled, so should be 20+ random character's of upper and lower case letters, numbers and special characters.

Diceware is intended for memorable passwords, but it is not needed if you have a password manager. Password manager 20 character passwords are cryptographically more secure than a diceword password of similar length due to character set. You have a 100+ character set to the power of 20 which is a lot more possibilities than 4 words from a fee thousand. They are both secure but random passwords should be used for anything you don't need to remember.

    • [deleted]

    Backwards876 But I cannot use a physical dice, Do you know how to make a strong passphrase?

      Backwards876

      For example; I use Diceware passwords for client galleries, as a photographer. The gallery are not public and they're also temporary, and diceware is a secure and easy to remember/type/troubleshoot password to give them. Computer generating them in some cases is fine. You miss random entropy, perhaps but as you can see, there are use cases for a quick computer generated dice roll where this is less important.

        [deleted] you don't.

        The author of diceware talks extensively about the risks associated with using computer generated dice. In reality this risk isn't as great as he makes out for most people, but using a physical dice is TRUE randomness.

        KeepassXC and Keepass(with diceware plugin) have the ability to make diceware passwords. If you want true security just download a simple dice program, and add a random symbol and number somehwre i n your passphrase.

        This doesn't compare to a physical dice. This is still the best way to make a password.

        mmmm
        I suppose this makes sense, and I stand corrected. For lower security applications I can see why you may want simple words. In this case I'd recommend something like https://diceware.dmuth.org/ which uses virtual dice and does the work for you.

        For offline I'd recommended something established like KeepassXC. There are perhaps scripts on github but KeepassXC is far better audited in my opinion. It also allows you to store the credentials of customers and their passwords for pictures etc are encrypted which would suit your use case? So you have a database of customers incase they forget their password?

        For more secure use cases there is https://temporary.pw which is a more secure, one time version of this.

        • mmmm replied to this.

          mmmm yes, perhaps I didn't phrase what I meant in the correct tense.

          I would recommend something like this for the use case described. I outlined my reasons in support of this use case. I am not good at phrasing things it seems.

          I support your position and agree with you.

          Edit: is this downloadable offline? If so I agree it could be very useful.

            • [deleted]

            • Edited

            Backwards876 is this downloadable offline?

            You can run it on Android via Termux, I'll use it for making a master password for use in my password manager; because physical dice is not an option for me.