[Whonix-devel] Diceware and Quantum Computing resilience

procmem procmem at riseup.net
Thu Aug 16 20:36:00 CEST 2018

Hi Arnold, Whonix (privacy distro) maintainer here. We are big fans of
Diceware and were recently revisiting our password advice and so I had a
few questions:

* How much entropy does a special character add in Diceware?

* I was considering using a massive wordlist/dictionary
https://packages.debian.org/stretch/wamerican-insane that has about 650K
words as a way to potentially increase entropy per word to allow using
less words for passphrases. It came up in discussion that this is a bad
idea since some of the words are difficult to spell and some very short
words 3 characters and less harm passphrase strength. Is it that short
words reduce entropy?

* Do you advise steering clear of dictionaries and sticking to the
prepackaged wordlists, can you please explain?

* Quantum computers will halve the keyspace using Grover's so we need to
recommend passphrases with 256bits today using EFF's wordlist if users
are to achieve quantum resistance. However this requires 20 words and so
things start getting unwieldly. What is the best approach to dealing
with this while maintaining usability as much as possible?

I have CC'd our ML so your reply can benefit our users.

More information about the Whonix-devel mailing list