I stumbled upon this interresting subject that of creating a password 16 characters ,but I do not understand the author how to use his formula for this .I would be happy if someone can explain this .
How do I use dice to create random character strings?
To create passwords of maximum strength for a given number of characters, you must use all available symbols. This is especially important for systems, such as Microsoft Accounts, that limit the length of your password to 16 characters or less. The following set of three tables allows you to create such a password.
Roll a die three times (or roll three dice) for each character and then select one of the following three tables, based on what the first roll says:
If first roll=1 or 2 3 or 4 5 or 6
Second Roll Second Roll Second Roll
1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6
T 1 A B C D E F a b c d e f ! @ # $ % ^
h 2 G H I J K L g h i j k l & * ( ) - =
i 3 M N O P Q R m n o p q r + [ ] { } \
r 4 S T U V W X s t u v w x | ` ; : ' "
d 5 Y Z 0 1 2 3 y z ~ _ sp < > / ? . ,
6 4 5 6 7 8 9
Note: Roll all three dice again whenever you get a blank. The table entry "sp" means a space character. If you do not want spaces in your password, roll all three dice again whenever you get "sp."
Repeat this procedure eight times to get a maximal strength Unix password. Each random character adds 6.55 bits of entropy. Eight characters provides 52.4 bits of entropy.
To use dice for ordinary passwords is easy ,I need just too look up the Wordlist . I think the Author not gives a detailed description .
Example:
224 T
131 C
553 }
215 Y
665 ,
334 u
326 roll again
535 /
364 x
The password is then:
TC}Y,u/x
Easy to remember? Hardly, but it is the only type of password that provides adequate security on many Unix-based systems. Only such full strength passwords should be used for root and administrative accounts or high security user accounts.
The first two rolls select the column, and the last roll selects the row. In the first example, the first roll “2” selects the first character block, the second roll “2” selects the 2nd column in the character block, and the third roll “4” selects the 4th row, resulting in the character “T” (2nd column in the first block, 4th row).
Don’t trust a cryptographically random password generator?
Yes I trust it ,only I want to try this out too , but the author says - do not trusts electronic Diceware , they are not enough random . The cryptographic I trust wery much . You mean rolling 1 dice 3 times or 3 dices 1 time ? Then a number will come up - say 142 1 and 4 will be a column and 2 is a row ?
If I get 534 what will be the result ? 5 and 3 selects the columns E K Q W 2 8 and 3 is the column C I O U 0 6 4 is the row S T U V W X is this right - then out of these what is the result ?
You see this is the result of too much computerizing people - today we do not need to do anything - computers do everything . In Chess I have 2200 ELO - this means that my mind is adjusted to analyze - apart from this nothing I need to count .I can promise you that if You give this to todays people ,they will not understand this . This is a sad fate of us all - that we do not need to think - computers are the thinkers .Fortunately Chess cannot be substituted so easily , one is forced to think !! Of course as I am an analyzer and thinker I could find this out by myself . Graphically is this a wery bad example . I think this was made around 1995 - at that time we was a little better in math . The usage only is given ,to use is one thing ,and explaining or elaborate graphically it how to use it is a different matter.
Haha, you should see kids figuring out how to use rotary phones on YouTube (even if they might have faked the whole things).
On the other hand, they still keep finding surprising things about how the pyramids were built. I don’t think I’ll be able to figure out a puzzle two hundred years old either.
Before the mod shuts us down, let me finish that using a die or multiple dice to figure out individual characters in a password may be considered a similar problem to using Diceware to generate a random passphrase that Bitwarden uses. See:
Yes generating ordinary passphrase from that Wordlist is not a problem - I will use dices as they are totally random . I will look this up here with someone ,so I will see .Thanks for your kind help .
@falu This method is from the author of Diceware (A.G. Reinhold), and the table is from the Diceware FAQ (I’m sure that you know this already, but I mention it for the benefit of other readers of this topic).
To understand the method better, perhaps you can try to imagine a 3-dimensional cubic arrangement of characters, consisting of a stack of two-dimensional 6×6 character tables — stacking 6 such tables on top of each other makes a 6×6×6 cube. You then use 3 dice (or 3 dice rolls) to specify the coordinates of a single character inside the cube: the first roll determines which of 6 tables in the stack you will use to select your character; the second roll determines which column in that table you will use; and finally, the third roll determines which row in the selected table you will use.
In this particular application (making a random character string), to ensure a uniform probability of selecting each possible character, some additional considerations are used when constructing and using the cube:
When stacking the tables, because there are only 3 character tables, make two copies of each table to create a total of 6: Table 1, Table 1, Table 2, Table 2, Table 3, Table 3.
Certain positions in the tables are empty (e.g. the 6th row in Tables 2 & 3). If your dice rolls specify an empty position, you must discard those three dice rolls and repeat until you get a non-empty position.
Finally, don’t let anybody dissuade you from using dice — that’s actually how I created my own Bitwarden master password!
Thanks grb - not too long time ago I got this formula ,I just pushed it aside at that time - I remember that name too Reinhold . Recently I looked this up - and I realized that this is a true thing and it is completely offline and random and I changed my Bitwarden Masterpassword with dice - 5 dices where used . This was wery easy . But that of the random character strings I do not understand . I will look at your explanation and try to understand it . Dice is totally random and it is off line .My Bitwarden Master Password is now not stored anywhere online except in a safe bank vault . I also remember that the Author clearly says that ,maybe , electronic dice ,is not that random . It is also fun to create true phass phrases in this way .
There are 3 Tables yes ,so the first roll selects the Tables ? The second roll selects the column inside a Table ? and the 3 roll selects the rows ? So say the number is 352 then I get the character k
Now I wonder: Why not just choosing 8 different “characters from the 3 tables without rolling a die? Just by “this”, “this”, “this one”, and “that one” …
As far as I understand this procedure if for creating the password. But in the end it is not the point, or? But is it stronger by rolling a die instead of choosing 8 characters from the tables?
Btw: The longer it is → stronger?
I think it was here in the forum: I read that it is more safe to use passphrases (e.g. hello2-5cubisM-strAnge…) instead of a password (e.g. def.h5HGdldkf9HDD22-33).
As I described previously, in the above example, the “stack” contains two copies of each of the three tables, so if the first roll is either ⚀ or ⚁, then you will select Table 1 (the one containing uppercase alphanumeric characters).
Because the human mind cannot make truly random selections, so you will introduce bias that greatly reduces the number of guesses an attacker has to make before correctly finding what was selected.
For example, when humans are asked to randomly select a number in the range 1–10, the probability of selecting the number 7 is almost 50%, which is a 5-fold bias compared to the probability of selection using a random number generator.
By using a true random number generator (e.g., dice), you can eliminate all bias from the selection process, and therefore an attacker has no choice but to test all 95 possible characters.
The more randomly generated numbers are used to create your password or passphrase, the stronger it will be. If you make a single dice roll, then an attacker would have to test 6 possible outcomes. If you roll the dice twice to create your password or passphrase, now an attacker must check 6×6 = 36 possible outcomes; for three dice rolls, there are 6×6×6 = 216 possibilities, etc. As you can see, the difficulty of correctly guessing a randomly generated password or passphrase increases exponentially with the amount of random numbers generated to produce the password/passphrase. To create a secure master password for a Bitwarden account, you should use at least 20 dice rolls, so that the number of possible outcomes is at least 620 = 3656 trillion.
This is not an accurate statement. If a passphrase and a passphrase are both randomly generated, then the strength can be equivalent, as long as the ratio of the number of characters in the password to the number of words in the passphrase equals the ratio of the logarithms of the number of words in the word list and the number of characters in the character set. For a standard ASCII password (94 entries in the character set) and a standard diceware-style passphrase (7776 entries in the word list), the relevant ratio is log(7776)/log(84) = 1.972 ≈ 2. Thus, a randomly generated password and passphrase have equal strength if the number of characters in the password is double the number of words in the passphrase (e.g., subsonic-abstract-reactor and kp2_Ug are equally strong).
Yes the Tables which I missed . 1-2 is the first table . 3-4 is the second Table .5-6 is the 3rd table. Then inside each table are the columns . And then we have the rows . The first roll will decide the Table .The second roll will decide the columns inside a Table and the 3 roll will decide the rows inside a Table . So if the number is 463 , number 4 is the second Table , number 6 is the column inside table 4 ,and 1 is the row in table 4 ,so the character is d , I think it is correct ?
