@Tomte, thanks for the comment. I agree with your points and I updated the code today to more prominently reflect the actual entropy in a Diceware password (accounting also for standard diceware word and special chars that are manually added and add less entropy). I am calculating out the full Math.log2() value as well, not using the shorter estimate (e.g. 12.9/word). I also modified the zxcvbn and FAQ text to reflect that zxcvbn is likely overestimating entropy since it is expecting more traditional passwords and is not aware that it is calculating a diceware password. I think it is still helpful to show the zxcvbn output since it, or something like it, is likely to be used to estimate password strength on websites. Thanks for the feedback. Let me know if you have any other comments.
Cheers,
Glenn
As a follow up. Today I have removed zxcvbn in favor of what I believe to be a much more accurate custom entropy calculator (which also calculates out crack time based on a trillion key/second crack attempt, which is what Snowden estimates NSA is capable of at a minimum). Since this is working directly off of the known entropy of every Diceware word it gives a much more realistic estimate. At this point the extra download weight of zxcvbn was no longer worth it and the results are more interesting now as well. Cheers.
zxcvbn and Diceware don't mix.
Sure, you can run zxcvbn over a Diceware passphrase, but it's meaningless, since the whole premise of Diceware is that the attacker may know that you're using Diceware. It is designed with that conservative mindset.
If you don't care about that aspect, there are better ways to derive passphrases than Diceware.
Every Diceware word yields 12.9 bits of entropy, so your example passphrase yields 90 bits, not 117.
Heh, I wrote one of these recently, except mine's in go: https://github.com/natefinch/diceware
I am the author. The source code for this is available at:
https://github.com/grempe/diceware
Any bug reports are welcome.
This was a weekend project that was forked from a project that I thought was nicely done but needed some improvements (https://github.com/yesiamben/diceware). Notably that project:
- uses the JavaScript Math.random() API which is known to not be cryptographically secure. - is not served over an HTTPS connection. - requires re-download of all files to change language. - tracks all page views with Google Analytics - leaked information about the users preferred language via a URL query string parameter. - used inline script tags which make it incompatible with lockdown via a Content Security Policy.
So I remedied all of these issues and re-factored and modernized the code. The source of randomness is now the well supported window.crypto.getRandomValues() API which is cryptographically secure. It now also uses a fully Bootstrap based UI and provides password strength feedback using the excellent zxcvbn library from Dropbox (https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-pass...). The application will now also fully work offline (including language switches). All of the code is signed (keybase.io GPG SIGNED.md) and can be verified and run locally by cloning the repository.
I hope you enjoy this. I submitted a pull request to the upstream repository as well but I have not heard back anything to date.