1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12

Day 1

Come up with your passphrase

Hurray!

Welcome, and congratulations on embarking upon the Twelve Days of Cryptmas. Each day consists of a short "Theory" section followed by some “Homework”. On our first day together, we’ll use dice to generate a secure passphrase.

Theory

From Freedom of the Press’s “Encryption Works”:

The first meaningful action you can take towards ensuring your digital security is to protect your computer and online accounts with a strong password. This is the first—and most important—line of defense between you and anyone with physical access to your computer who wants to impersonate you or steal your data.

Traditionally, computer users were encouraged to create and choose a password and attach some numbers onto the end of it. This would lead to passwords such as Tr0ub4dor&3, to reference a popular [XKCD comic][Comic].

A comic, concluding that through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember (eg. "Tr0ub4dor"), but easy for computers to guess (eg. "correct horse battery staple").

…to invent a passphrase consisting of unconnected words such as “correct horse battery staple,” is good advice, but it’s surprisingly hard to come up with four or five words that are truly unconnected and to choose words at random.

And so, we use something that’s good at randomness: a die! We won’t break out our board games every time we create a new password[1], but today that’s exactly what we’re going to do.

Homework

Generate a secure “Diceware” passphrase by following these steps:

  1. Roll a die (physical dice are highly preferable to digital ones for this step).
  2. Write the number down.
  3. Repeat this until you have a five-digit number.
  4. Find it on this word list.
  5. Pick at least five more words using steps 1 to 4.

And there you have it; a brand new passphrase! Keep it in mind, we’ll be using it tomorrow.


  1. By the end of Cryptmas, most of your passwords will exist in a password manager and you won’t need to worry about remembering them. Today we’re generating your “master password”, which you do want to remember. ↩︎