A friend who works for a very security conscious government organization surprised me when he asked why I had a plastic cup on my desk containing half a dozen dice cubes. Everybody knows why you keep dice at your desk, don’t they?
Passwords were the cornerstone of data security. It doesn’t matter if you are signing onto the company LAN, starting your laptop, or receiving email, passwords were required to keep out the thieves and brigands. Well today passwords are obsolete! Today you need a passphrase!
If you take a list of the employees at any company then look at the logon passwords you will find at least one matching an employee’s name. The user’s favorite quotation from The Catcher in the Rye is probably a bad choice for a passphrase as hackers collect lists of favorite passphrases.The best method of choosing passphrases entails a simple prescribed method that produces a memorable passphrase. Without going into the mathematical details, a secure passphrase consists of five words or more. This is where we use the dice.
The Diceware solution involves picking a passphrase using ordinary dice to select words from a word list at random. A five digit number preceeds each word in the list. Each digit is from one to six. If you roll five dice cubes and arrange the cubes to form a row, then you have the number that corresponds to a word in the list. Some lists contain about 8000 words, abbreviations and easy to remember character strings.
If the resulting passphrase consists of 14 or fewer characters and spaces you should start over. Start again when the resulting passphrase is a recognizable sentence.
The advantages to this method of choosing passphrases is:
• Easy to learn and use
• Extremely secure
• Totally prescriptive
• Transparent — you don’t have to “trust” anybody
• Free – no software or hardware required
For more information on the Diceware solution visit The Diceware Passphrase Home Page.
0 Responses to “Information Security is a Roll of the Dice Away”