EFF Dice-Generated Passphrases

The Electronic Frontier Foundation has its own version of DiceWare, complete with several different wordlists for randomly generating passphrases with dice.

EFF’s new long list, referenced in the directions above, is designed for memorability and passphrase strength. We recommend selecting a minimum of six words from our long wordlist, or when using any other list of this size. The more words you use, the stronger the passphrase. Different wordlists may produce passphrases with different degrees of memorability, but you don’t get a significantly different passphrase strength by using one wordlist over another, if the lists are the same length.

Personal Password Peppering/Secret Salting

A pepper or secret salt in cryptographic terms means “a secret added to an input such as a password during hashing with a cryptographic function” that is not stored with the hash itself.

Phani Karen wrote an article recently advocating using this method (which he refers to as “double-blind” and “horcruxing” for some reason) to increase the security of passwords stored in a password manager.

Karen’s recommendation goes something like this.

  1. Select an arbitrary (ideally random) short word or phrase. Let’s use kraken, for example.
  2. When you set up a password on an account, the password takes the form of passwordkraken (where password is a randomly generated password or passphrase).
  3. In your password manager, you only store password.
  4. So when you revisit the site, you copy password and then manually append -kraken

The claimed advantage of doing this is that if your password manager is ever compromised, your accounts are still safe unless someone is able to guess the -kraken password stem that is not stored in the password manager.

Karan refers to this as implementing a defense in depth approach, where multiple security layers are used to mitigate damage.

I would not recommend this approach for a number of reasons.

First, it increases the pieces of information you need to know to use your password manager. Currently, I need to know my username and password to access my accounts using Bitwarden. A system like this adds a third piece of information I need to memorize.

Maybe for the intended audience, that’s not a big deal, but given how many people struggle to understand and use a password manager in the first place, anything that adds more friction to that process is to be avoided.

Second, this is exacerbated by the fact that it would likely prove difficult to keep the secret salt secret for very long.

Currently, I have about 300 accounts stored in Bitwarden, all with unique passwords. Suppose I had been adding a secret salt to my passwords for the last 5 years. In that time, about 6 of the accounts that I have were part of public breaches.

I quickly changed those passwords once I was aware of the breach. Still, if I had been using a secret salt, anyone who breached my Bitwarden account would easily be able to go back and find one of those outdated, unused passwords and quickly see a secret salt pattern in there.

The only way to guarantee my secret salt stayed secret would be to change that salt every time I was aware of a public breach, which would mean updating hundreds of uncompromised accounts, which turns my password system’s complexity up to 11.

Let Me Copy and Paste My Passwords

Occasionally I still run into sites that won’t let me copy and paste into the password field while creating an account. Or sites will let me paste into the password field but then ask me to re-enter the password for verification into a field where copying and pasting are disabled.

Developers and designers–cut this shit out.

When I create a new account, I go to my password manager and create a long random password. So I want to use a password like this:


Copying and pasting such passwords is simple. Trying to type them in is an exercise in futility.

By not allowing me to copy and paste into the password field(s), you’re all but ensuring that I’m going to generate a weaker password which none of us want.


DiceKeys reminds me a lot of Diceware. The user gets a set of special dice, in this case, which they roll into a box.


The user then closes the box, preserving their DiceKeys pattern indefinitely. The result of the dice roll is then used to seed a hash algorithm that, in turn, generates application-specific passwords and even U2F tokens.


DiceKeys also comes with an app that can assemble the master password automatically by scanning the dice (including their orientation, which the app uses to generate further entropy), and the QR code-like symbols on the top and bottom of the dice.

DiceKeys are backup security keys with 196 bits of security made of 25 custom dice and a rugged holder, built to last a lifetime. . . . As password managers add support for DiceKeys, you’ll also be able to use your DiceKey in place of a `master’ password. . . .

Use the open source DiceKeys app to quickly read your DiceKey from a device. Our API allows apps and services to derive their own private secrets from your DiceKey without those apps seeing the key itself.

Our reference implementation runs in most modern web browsers, allowing it to work on an incredibly diverse range of devices. While built with web-based technologies (TypeScript & WebAssembly), it runs entirely locally on your device.

We are also developing Android and iOS versions to provide a richer experience on those devices.

The cost for a set of DiceKeys looks to run about US$25.