Skip to content

luczsoma/HungarianDiceware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Ā 

History

3 Commits

LICENSE.md

LICENSE.md

Ā 
Ā 

README.md

README.md

Ā 
Ā 

hungarian-diceware-en.pdf

hungarian-diceware-en.pdf

Ā 
Ā 

hungarian-diceware-hu.pdf

hungarian-diceware-hu.pdf

Ā 
Ā 

hungarian-diceware.json

hungarian-diceware.json

Ā 
Ā 

hungarian-diceware.txt

hungarian-diceware.txt

Ā 
Ā 

Repository files navigation

Hungarian Diceware

Dice-Indexed Passphrase Word List in Hungarian
Version 1.1 (description update) (3rd October, 2018)

Created by Soma Lucz (https://github.com/luczsoma).

What is Diceware?

Dicewareā„¢ is a method for picking passphrases that uses dice to select words at random from a special list called the Diceware Word List. Each word in the list is preceded by a five-digit number. All the digits are between one and six, allowing you to use the outcomes of five dice rolls to select a word from the list.

Using Diceware

To use the Diceware list you will need one or more dice.

  1. Decide how many words you want in your passphrase. A five-word passphrase provides a level of security much higher than the simple passwords most people use. We recommend a minimum of six words for using with GPG, wireless security and file encryption programs. A seven-, eight- or nine-word passphrase is recommended for high-value uses such as whole disk encryption, BitCoin, and any other sensitive information.

  2. Roll the dice and write down the results on a slip of paper. Write the numbers in groups of five. Make as many of these five-digit groups as you want words in your passphrase. You can roll one die five times or roll five dice once, or any combination in between. If you roll several dice at a time, read the dice from left to right.

  3. Look up each five-digit number in the Diceware list and find the word next to it. For example, 21141 means your next passphrase word would be ā€œcsaliā€.

  4. When you are done, the words that you have found are your new passphrase. Memorize them and then either destroy the scrap of paper or keep it in a really safe place. Thatā€™s all there is to it!

The Math

It is usual in the computer industry to specify password strength in terms of information entropy, measured in bits, a concept from information theory. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is the number of ā€œentropy bitsā€ in a password. A password with, say, 42 bits of strength calculated in this way would be as strong as a string of 42 bits chosen randomly, say by a fair coin toss. Put another way, a password with 42 bits of strength would require 2^42 = 4,398,046,511,104 attempts to exhaust all possibilities during a brute force search. Thus, adding one bit of entropy to a password doubles the number of guesses required, which makes an attackerā€™s task twice as difficult. On average, an attacker will have to try half of the possible passwords before finding the correct one.

Entropy per symbol for different symbol sets

Symbol set Symbol count N Entropy per symbol H
Arabic numerals (0ā€“9) (e.g. PIN) 10 3.322 bits
Hexadecimal numerals (0ā€“9 & Aā€“F) (e.g. WEP keys) 16 4.000 bits
Case insensitive Latin alphabet (aā€“z / Aā€“Z) 26 4.700 bits
Case insensitive alphanumeric (aā€“z / Aā€“Z & 0ā€“9) 36 5.170 bits
Case sensitive Latin alphabet (aā€“z & Aā€“Z) 52 5.700 bits
Case sensitive alphanumeric (aā€“z & Aā€“Z & 0ā€“9) 62 5.954 bits
All ASCII printable characters except space 94 6.555 bits
All ASCII printable characters 95 6.570 bits
All extended ASCII printable characters 218 7.768 bits
Binary (0ā€“255 or 8 bits or 1 byte) 256 8.000 bits
Diceware word list 7776 12.925 bits

Lengths L of truly randomly generated passwords required to achieve a desired password entropy H for symbol sets containing N symbols

Desired password entropy H Case sensitive Latin alphabet Case sensitive alphanumeric All ASCII printable characters All extended ASCII printable characters Diceware word list
8 bits (1 byte) 2 2 2 2 1
32 bits (4 bytes) 6 6 5 5 3
40 bits (5 bytes) 8 7 7 6 4
64 bits (8 bytes) 12 11 10 9 5
80 bits (10 bytes) 15 14 13 11 7
96 bits (12 bytes) 17 17 15 13 8
128 bits (16 bytes) 23 22 20 17 10
160 bits (20 bytes) 29 27 25 21 13
192 bits (24 bytes) 34 33 30 25 15
224 bits (28 bytes) 40 38 35 29 18
256 bits (32 bytes) 45 43 39 33 20

Required bits of entropy

The minimum number of bits of entropy needed for a password depends on the threat model for the given application. If key stretching is not used, passwords with more entropy are needed. RFC 4086, ā€œRandomness Requirements for Securityā€, presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 128 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isnā€™t applicable. A 2010 Georgia Tech Research Institute study based on unstretched keys recommended a 12-character random password, but as a minimum length requirement.

The upper end is related to the stringent requirements of choosing keys used in encryption. In 1999, an Electronic Frontier Foundation project broke 56-bit DES encryption in less than a day using specially designed hardware. In 2002, distributed.net cracked a 64-bit key in 4 years, 9 months, and 23 days. As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years. Due to currently understood limitations from fundamental physics, there is no expectation that any digital computer (or combination) will be capable of breaking 256-bit encryption via a brute-force attack. Whether or not quantum computers will be able to do so in practice is still unknown, though theoretical analysis suggests such possibilities.

Sources used:

Diceware magyarul

DoboĢkocka-indexelt szoĢlista magyar jelmondatok keĢsziĢteĢseĢhez
1.1 verziĆ³ (frissĆ­tett leĆ­rĆ”s) (2018. oktĆ³ber 3.)

KĆ©szĆ­tette Lucz Soma (https://github.com/luczsoma).

Mi a Diceware?

A Dicewareā„¢ egy jelmondat-keĢsziĢtoĢ‹ eljaĢraĢs, melyben a felhasznaĢloĢ doboĢkockaĢt hasznaĢl ahhoz, hogy szavakat vaĢlasszon egy uĢn. doboĢkocka-indexelt szoĢlistaĢboĢl. A lista minden eleme oĢˆtjegyuĢ‹ sorszaĢmmal rendelkezik. A sorszaĢm minden jegye egy eĢs hat koĢˆzoĢˆtt van, iĢgy az eĢrteĢke oĢˆt dobaĢssal meghataĢrozhatoĢ.

Using Diceware

A Diceware hasznaĢlataĢhoz egy vagy toĢˆbb doboĢkocka szuĢˆkseĢges.

  1. DoĢˆntsd el, haĢny szoĢboĢl aĢlljon a jelmondat. MaĢr egy oĢˆtszavas jelmondat is sokkal magasabb szintuĢ‹ biztonsaĢgot nyuĢjt, mint a legtoĢˆbb aĢtlagos jelszoĢ. Hatszavas jelmondat ajaĢnlott GPG, vezeteĢkneĢlkuĢˆli haĢloĢzatok, illetve faĢjltitkosiĢtoĢ programok hasznaĢlataĢhoz. HeĢt-, nyolc- vagy kilencszavas jelmondat ajaĢnlott abban az esetben, ha merevlemez-titkosiĢtaĢshoz, BitCoin-taĢrcaĢk veĢdelmeĢhez vagy baĢrmilyen maĢs eĢrzeĢkeny informaĢcioĢ veĢdelmeĢre akarjuk felhasznaĢlni a jelmondatot.

  2. Dobj a kockaĢval, az eredmeĢnyt iĢrd le egy papiĢrra. A kockadobaĢsok eredmeĢnyeit oĢˆtoĢˆseĢvel csoportosiĢtsd. CsinaĢlj annyi ilyen oĢˆtoĢˆs csoportot, amennyi szoĢt a jelmondatod tartalmazni fog. Dobhatsz egy kockaĢval oĢˆtszoĢˆr, oĢˆt kockaĢval egyszer, vagy baĢrmilyen maĢs kombinaĢcioĢban. Ha toĢˆbb kockaĢval dobsz egyszerre, a szaĢmokat balroĢl jobbra olvasd le.

  3. Minden oĢˆtjegyuĢ‹ szaĢmhoz keresd ki a listaĢboĢl a hozzaĢ tartozoĢ szoĢt. PeĢldaĢul a 21141 azt jelenti, hogy a koĢˆvetkezoĢ‹ szoĢ a jelmondatban a ā€žcsaliā€.

  4. Ha keĢszen vagy, a jelmondatodat a leiĢrt szavak oĢˆsszeolvasaĢsaĢboĢl kapod. Jegyezd meg joĢl, aztaĢn semmisiĢtsd meg a papiĢrt, vagy rejtsd el egy igazaĢn biztonsaĢgos helyre. Ennyi az egeĢsz!

A Matek

A szaĢmiĢtaĢstechnikaĢban megszokott, hogy a jelszoĢ eroĢ‹sseĢgeĢt az informaĢcioĢelmeĢletben hasznaĢlt entroĢpia fogalmaĢval, bitekben hataĢrozzaĢk meg. Annak szaĢma helyett, hogy mennyi talaĢlgataĢs volna szuĢˆkseĢges egy jelszoĢ biztos kitalaĢlaĢsaĢhoz, a szaĢm kettes alapuĢ logaritmusaĢval a jelszoĢ ā€žentroĢpiabitjeinekā€ mennyiseĢgeĢt adjaĢk meg. Egy pl. 42 bit eroĢ‹sseĢguĢ‹ jelszoĢ ilyen szaĢmiĢtaĢsok menteĢn ugyanolyan eroĢ‹snek minoĢ‹suĢˆl, mint egy 42 bitboĢ‹l aĢlloĢ, veĢletlenszeruĢ‹en (peĢldaĢul eĢrmedobaĢsokkal) vaĢlasztott bitsorozat. MaĢs- keĢppen fogalmazva: egy 42 bit eroĢ‹sseĢguĢ‹ jelszoĢ 2^42 = 4 398 046 511 104 kiĢseĢrletet igeĢnyelne, ha kimeriĢtoĢ‹ kereseĢssel akarnaĢnk megtalaĢlni a jelszoĢt. Egy bit hozzaĢadaĢsaĢval tehaĢt duplaĢzoĢdik a kimeriĢtoĢ‹ kereseĢs eseteĢn szuĢˆkseĢges proĢbaĢlkozaĢsok szaĢma, iĢgy ezzel megneheziĢthetjuĢˆk egy rosszindulatuĢ taĢmadoĢ dolgaĢt. AĢtlagosan egy taĢmadoĢnak az oĢˆsszes lehetoĢ‹seĢg feleĢt kell veĢgigproĢbaĢlgatnia ahhoz, hogy megtalaĢlja a helyes jelszoĢt.

SzimboĢlumkeĢszletek szimboĢlumonkeĢnti entroĢpiatartalma

SzimboĢlumkeĢszlet N szimbĆ³lumszĆ”m H entroĢpia/szimboĢlum
Arab szaĢmok (0ā€“9) (pl. PIN-koĢd) 10 3,322 bit
HexadecimaĢlis szaĢmok (0ā€“9 & Aā€“F) (pl. WEP-kulcsok) 16 4,000 bit
Nem kis-nagybetuĢ‹ eĢrzeĢkeny ABC (aā€“z / Aā€“Z) 26 4,700 bit
Nem kis-nagybetuĢ‹ eĢrzeĢkeny alfanumerikus (aā€“z / Aā€“Z & 0ā€“9) 36 5,170 bit
Kis-nagybetuĢ‹ eĢrzeĢkeny ABC (aā€“z & Aā€“Z) 52 5,700 bit
Kis-nagybetuĢ‹ eĢrzeĢkeny alfanumerikus (aā€“z / Aā€“Z & 0ā€“9) 62 5,954 bit
Minden ASCII nyomtathatoĢ karakter, kiveĢve szoĢkoĢˆz 94 6,555 bit
Minden ASCII nyomtathatoĢ karakter 95 6,570 bit
Minden kiterjesztett ASCII nyomtathatoĢ karakter 218 7,768 bit
BinaĢris (0ā€“255 / 8 bit / 1 baĢjt) 256 8,000 bit
Diceware szoĢlista 7776 12,925 bit

H kiĢvaĢnt entroĢpia eleĢreĢseĢhez szuĢˆkseĢges L szoĢhossz N szimboĢlumszaĢmot tartalmazoĢ szimboĢlumkeĢszletboĢ‹l valoĢdi veĢletlengeneraĢlt jelszavak eseteĢn

H kiĢvaĢnt entroĢpia Kis-nagybetuĢ‹ eĢrzeĢkeny ABC Kis-nagybetuĢ‹ eĢrzeĢkeny alfanumerikus Minden ASCII nyomtathatoĢ karakter Minden kiterjesztett ASCII nyomtathatoĢ karakter Diceware szĆ³lista
8 bit (1 bƔjt) 2 2 2 2 1
32 bit (4 bƔjt) 6 6 5 5 3
40 bit (5 bƔjt) 8 7 7 6 4
64 bit (8 bƔjt) 12 11 10 9 5
80 bit (10 bƔjt) 15 14 13 11 7
96 bit (12 bƔjt) 17 17 15 13 8
128 bit (16 bƔjt) 23 22 20 17 10
160 bit (20 bƔjt) 29 27 25 21 13
192 bit (24 bƔjt) 34 33 30 25 15
224 bit (28 bƔjt) 40 38 35 29 18
256 bit (32 bƔjt) 45 43 39 33 20

SzuĢˆkseĢges entroĢpiatartalom

Egy jelszoĢ minimaĢlisan entroĢpiaĢja a jelszoĢ alkalmazaĢsaĢnak taĢmadaĢsi modelljeĢtoĢ‹l fuĢˆgg. Amennyiben key stretching nem alkalmazhatoĢ, magasabb entroĢpia szuĢˆkseĢges. A ā€žRandomness Requirements for Securityā€ ciĢmuĢ‹ RFC 4086 toĢˆbb peĢldaĢt mutat arra, hogyan eĢrdemes kiszaĢmolni az egyes taĢmadaĢsi modellekhez szuĢˆkseĢges entroĢpiaĢt. A dokumentum szerint 29 bit szuĢˆkseĢges, ha csak online taĢmadaĢsok vaĢrhatoĢak, eĢs 128 bit entroĢpia szuĢˆkseĢges fontos kriptograĢfiai kulcsok veĢdelmeĢhez olyan alkalmazaĢsok eseteĢn, ahol a jelszoĢ vagy kulcs hosszuĢ idoĢ‹n keresztuĢˆl igeĢnyel biztonsaĢgos taĢrolaĢst, eĢs key stretching nem alkalmazhatoĢ. Egy 2010-es Georgia Tech Research Institute aĢltal key stretching neĢlkuĢˆli jelszavakon veĢgzett kutataĢs 12 karakteres jelszavakat ajaĢnl minimaĢlis hosszuĢsaĢgi koĢˆvetelmeĢnykeĢnt.

1999-ben egy EFF-projekt speciaĢlis hardver segiĢtseĢgeĢvel kevesebb mint egy nap alatt feltoĢˆrte az 56 bites DES titkosiĢtaĢst. 2002-ben, 4 eĢv, 9 hoĢnap eĢs 23 nap munkaĢjaĢval a distributed.net feltoĢˆrt egy 64 bites kulcsot. 2011 oktoĢber 12-eĢn veĢgzett becsleĢsek szerint egy 72 bites kulcs feltoĢˆreĢse mai eroĢ‹forraĢsok igeĢnybeveĢteleĢvel 45 579 napot (124,8 eĢvet) venne igeĢnybe. Jelenlegi ismereteink szerint alapvetoĢ‹ fizikai korlaĢtok akadaĢlyozzaĢk, hogy baĢrmilyen digitaĢlis szaĢmiĢtoĢgeĢp (vagy ezek kombinaĢcioĢja) keĢpes legyen egy 256 bites kulcs kimeriĢtoĢ‹ kereseĢssel toĢˆrteĢnoĢ‹ feltoĢˆreĢseĢre. Nem tudjuk, hogy a kvantumszaĢmiĢtoĢgeĢpek gyakorlatban keĢpesek lesznek-e ilyesmire, de elmeĢleti vizsgaĢlatok felvetik ennek lehetoĢ‹seĢgeĢt.

FelhasznƔlt forrƔsok:

About

Dice-Indexed Passphrase Word List in Hungarian

theworld.com/~reinhold/diceware.html

Topics

password wordlist diceware passphrase

Resources

Readme

License

CC-BY-SA-4.0 license
Activity

Stars

11 stars

Watchers

4 watching

Forks

0 forks
Report repository