From 9a88e9ff0385f66e7c565a394908503dc6e916ad Mon Sep 17 00:00:00 2001 From: neodarz Date: Fri, 28 Apr 2017 00:30:19 +0200 Subject: Site updated at 2017-04-28T00:29:42+02:00 source branch was at: f1965c50670f611ef54f9471490d45a554f7d866 Correct a link --- build/blog/2014-11-28-going-diceware.html | 42 +++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 build/blog/2014-11-28-going-diceware.html (limited to 'build/blog/2014-11-28-going-diceware.html') diff --git a/build/blog/2014-11-28-going-diceware.html b/build/blog/2014-11-28-going-diceware.html new file mode 100644 index 00000000..271b46e0 --- /dev/null +++ b/build/blog/2014-11-28-going-diceware.html @@ -0,0 +1,42 @@ + + + + + + + +Going Diceware + + + + + + + + +
This blog has been archived.
Visit my home page at zhimingwang.org.
+ +
+
+

Going Diceware

+ +
+

Today I'm officially going Diceware. I published my simple C implementation of diceware on GitHub.

+

I've been using 1Password for a couple years now, and I've always been a bit worried about my master password. It's a ~30 byte monster with uppercase, lowercase letters, numbers, and special symbols. By any measure it is very safe. The problem is there are (extremely) personal things in there. I assembled several unrelated things that I (secretly) hold dearest to my heart, obfuscated them with rules not found in best64, and mixed with semi-gibberish. My daily login password is a combo similar in nature, with less obfuscation to facilitate typing. People who dig really deep into my identity might be able to compromise it (or not); I'm afraid that I'm more predictable than I thought I was. I know, the worry is pretty much unwarranted, as I’m not likely the target of a focused attack — I’m neither rich nor equipped with sensitive information or power, and for wide-range exploits, 99.9% of people are lower-hanging fruits. Even for a targeted attack, xkcd 538: Security broke a crypto nerd’s imagination with a $5 wrench. However, a geek is a geek, you can’t block a geek’s imagination.

+

Therefore, after worrying for so long, today I’m going Diceware. Eight diceware words give you at least 100 bits of true entropy. Unfortunately I don’t have a die, and don’t bother to get one. (Amazon Prime: get it Monday? No. Target, six miles away? No.) So I read my random bits from /dev/urandom. The C implementation is here. By publishing this I’m announcing to the world that I’m using diceware. But I’m not afraid, since I’m now protected by true entropy that’s not compromised by publishing the scheme.

+
+
+ + + -- cgit v1.2.1