Skip to main content

Minimalist Python library designed for the random selection of words from cryptographic wordlists, utilizing the Diceware method.

Project description

dicewarepy

dicewarepy is a minimalist Python library designed for the random selection of words from cryptographic wordlists, utilizing the Diceware method.

About

Many scenarios require the manual input and memorization of passwords, such as the master password for a password manager or the encryption password for a device.

Two key considerations emerge in this context:

  • The password must be difficult to guess.
  • The password should be easy to remember.

The Diceware method (archived), created by Arnold G. Reinhold, addresses both of these considerations. Instead of relying on a hard-to-remember string of characters, which often suffers from a lack of randomness and therefore security when thought up by humans, Diceware uses dice and a special wordlist to generate secure passphrases.

The process for creating a Diceware passphrase can be broken down into the following four steps:

  1. A six-sided dice is rolled five times, with the resulting numbers recorded after each roll.
  2. For instance, if the rolls come up with 4-3-6-4-4, one would look through a Diceware wordlist to find the word corresponding to the number 43644.
  3. In this case, the word “password” would be identified and written down.
  4. This process is repeated until the desired number of words is gathered for the passphrase, with each word separated by a space.

dicewarepy provides a compact simulation of the steps described above.

Installation

pip install dicewarepy

Or if you have multiple Python / pip versions installed, use pip3:

pip3 install dicewarepy

Usage

dicewarepy.diceware(n=6, language='en')

Returns a list of n words selected from a Diceware wordlist specified by language.

  • n: int
    • The desired number of words to generate.
    • Default: 6
  • language: str
    • The language tag of the wordlist to select from.
    • Default: en

Example

Import the diceware function:

from dicewarepy import diceware

Assign a list of six randomly selected words to the variable words:

words = diceware()

Print the list to the terminal:

print(words)

Output: ['dainty', 'swimmable', 'thimble', 'stuffing', 'armrest', 'little']

Use the previously selected words to build a passphrase string:

# Define a space as delimiter.
delimiter = " "

# Build the passphrase string.
passphrase = delimiter.join(words)

Print the passphrase to the terminal:

print(passphrase)

Output: dainty swimmable thimble stuffing armrest little

Wordlists

Language Tag Wordlist File
English en EFF Large Word List eff_large_wordlist.txt
German de Mnemonische deutsche Wortliste de-7776-v1-diceware.txt
... ... ... ...

Security

Entropy

Entropy measures the unpredictability of a given element. A passphrase with higher entropy is more challenging to guess, making entropy a useful metric for assessing passphrase strength.

The word lists included in this package are standard Diceware word lists, featuring $7,776$ unique words. The total number of possible passphrases from such a word list can be calculated using the formula $7,776^n$, where $n$ represents the number of words in the passphrase.

The entropy is determined by taking the base-2 logarithm of the number of possible passphrases, leading to the formula: $E_{pass} = \log_2(7,776^n)$.

As shown in the following table, each word in the passphrase contributes an additional $12.925$ bits of entropy. Given the time required to guess the correct combination, it is recommended to use Diceware passphrases that consist of at least 6 words.

Words Possible Passphrases Entropy Time to guess*
$1$ $7,776$ $12.925$ $\lt 1 \textrm{ second}$
$2$ $\approx 6.04e^7$ $25.85$ $\lt 1 \textrm{ second}$
$3$ $\approx 4.7e^{11}$ $38.774$ $\lt 1 \textrm{ second}$
$4$ $\approx 3.65e^{15}$ $51.7$ $\approx 30 \text{ minutes}$
$5$ $\approx 2.84e^{19}$ $64.62$ $\approx 165 \text{ days}$
$6$ $\approx 2.21e^{23}$ $77.55$ $\approx 3,505 \text{ years}$
$7$ $\approx 1.71e^{27}$ $90.47$ $\approx 27,256 \text{ millenia}$
$8$ $\approx 1.33e^{31}$ $103.4$ ...

*Assuming an average of attempting 50% of possible combinations to successfully guess the correct passphrase, and considering an adversary capable of making one trillion (1,000,000,000,000) guesses per second.

Randomness

The strength of random passphrases relies heavily on the randomness of the underlying number generator.

The Diceware FAQ (archived) states that for most users, using dice is by far the better method for selecting passphrase words than relying on a computer, as the random number generators provided by most programming libraries are nowhere near good enough.

For this reason, Python's random library, which produces cryptographically weak pseudo-random numbers, was not utilized in this implementation. Instead, this implementation relies on Python's secrets library, specifically designed for generating cryptographically strong random numbers suitable for passwords, account authentication, security tokens, and other sensitive information.

Credits

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dicewarepy-1.0.3.tar.gz (103.1 kB view details)

Uploaded Source

Built Distribution

dicewarepy-1.0.3-py3-none-any.whl (101.2 kB view details)

Uploaded Python 3

File details

Details for the file dicewarepy-1.0.3.tar.gz.

File metadata

  • Download URL: dicewarepy-1.0.3.tar.gz
  • Upload date:
  • Size: 103.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for dicewarepy-1.0.3.tar.gz
Algorithm Hash digest
SHA256 82f9ba2161fd74bf01906d6ec386dcbe2631b9b34dd83c1884f83c561b4afbbc
MD5 57159a0c4466efc18339809569ea14cc
BLAKE2b-256 a822df93bf780c5c86181373e2e8f9d7d7112f75fff9ae147263539223d2afe3

See more details on using hashes here.

File details

Details for the file dicewarepy-1.0.3-py3-none-any.whl.

File metadata

  • Download URL: dicewarepy-1.0.3-py3-none-any.whl
  • Upload date:
  • Size: 101.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for dicewarepy-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 16b9a588973072f41e6ca0c1310f7cdc837cb5c33b2c6d11b8ea395f9dccf5f6
MD5 d38d4aff42bc517daeb20e81f9d2ff17
BLAKE2b-256 36e8c80e506980444a2c7bbebf4e2d368120fde9b825c6c4ea89231577e6d4b4

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page