2

I've been reading up on Diceware recently, and I'm wondering if using a mix of languages would make it even more secure. On the face of it, it would force a potential attacker to consider an even larger search space, even if they know that you speak e.g. English and French. Using even more languages would increase the search space further.

The main issue I can see is usability. Would this be harder to remember than a monolingual passphrase, and would the difficulty of remembering your passphrase depend on your level of fluency in that language?

Philip Rowlands
  • 1,789
  • 1
  • 13
  • 27

2 Answers2

1

Using different languages together would increase the entropy, however that would defeat the main objective of Diceware - which is easy to remember passphrases (that are also secure).

Each Diceware word adds ~12.9 bits of entropy. The NIST recommendation for secure passwords is to use at least 80 bits of entropy. Therefore it would be much easier to simply use 7 different words from the Diceware wordlist and have the same security.

As a guide, it would take a determined attacker 109,527.95 years to run through the whole keyspace of an 80 bit password, which would give an average cracking time of 54,763.975 years.

SilverlightFox
  • 33,698
  • 6
  • 69
  • 185
0

I do not think so.

As I understand it, a diceware list is a list of 6^5 unique words. The words can be in any language. We assume the attacker knows the dicware list. We roll the dice 5 times and use the result to choose which word.

If you are talking about using 2 diceware lists (for example, one English and one French) to generate a password of two words (e.g., "hello bonjour", then this will increase entropy. But how would it increase entropy above using 2 English diceware lists?

Remember the standard analysis of diceware assumes that the attacker knows the word lists.

emory
  • 1,570
  • 11
  • 14