diceware - Man Page

create passphrases

Description

diceware generates passphrases by concatenating words randomly picked from wordlists. It supports also real dice for passphrase generation.

It is based on the proposals of Arnold G. Reinhold on <http://diceware.com> .

Options

positional arguments:

FILE: optional input wordlist. '-' will read from stdin. Should contain one word per line.

optional arguments:

-h, --help: show help message and exit
-n NUM, --num NUM: number of words to concatenate. Default 6
-c, --caps: Capitalize words. This is the default.
--no-caps: Turn off capitalization.
-s NUM, --specials NUM: Insert NUM special chars into generated word.
-d DELIMITER, --delimiter DELIMITER: Separate words by DELIMITER. Empty string by default.
-r SOURCE, --randomsource SOURCE: Get randomness from this source. Possible values: realdice, system. Default: system
-w [NAME [NAME ...]], --wordlist [NAME [NAME ...]]: Use words from this wordlist. Possible values: ca, de, de_8k, en, en_8k, en_adjectives, en_eff, en_nouns, en_orig, en_securedrop. es, it, pt-br. Default: en_eff
-v, --verbose: Be verbose. Use several times for increased verbosity.
--version: output version information and exit.

Arguments related to realdice randomsource:

--dice-sides N: Number of sides of dice. Default: 6

If set and not empty, this variable determines the directory to use for user-local configuration files. We then lookup ${XDG_CONFIG_HOME}/diceware/diceware.ini and values set here override system-wide config files.

XDG_CONFIG_DIRS

If set and not empty, this variable is interpreted as colon-separated list of directories, that might contain system-wide configuration files. We lookup <DIR>/diceware/diceware.ini for each directory set in $XDG_CONFIG_DIRS.

XDG_DATA_HOME

If set and not empty, this variable determines a directory to search for additional wordlists. We then lookup ${XDG_DATA_HOME}/diceware for any existing wordlist files.

XDG_DATA_DIRS: If set and not empty, this variable is interpreted as colon-separated list of directories, that might contain additional wordlist files. See below. We lookup <DIR>/diceware/ then for each directory set in the list.

Files

Depending on environment variables set (or not set) we lookup certain directories for configuration files called diceware.ini and for wordlist files.

Configuration Files

Configuration settings for diceware can be spread over several configuration files. We parse configuration values from the files given below, but values set in former files take precedence over values set in latter ones.

~/.diceware.ini: Your personal diceware configuration file. Values set here override values from any other configuration file.
$XDG_CONFIG_HOME/diceware/diceware.ini: Additional location for your personal diceware configuration. Values set here will override any system-wide valid values but can be overridden by ~/.diceware.ini.
$HOME/.config/diceware/diceware.ini: Alternative location for diceware configuration, only used if ${XDG_CONFIG_HOME} is empty or unset.
/etc/xdg/diceware/diceware.ini: If $XDG_CONFIG_DIRS is not set or empty, we look here for a system-wide configuration file. Values set here take least precedence.

Wordlist Files and Wordlist Directories

diceware comes with a set of wordlists but enables you to add new wordlists by putting them into certain directories. The paths where the lists are stored (including the built-in ones) is shown using --show-wordlist-dirs.

Wordlist files are expected to contain lines with one term on each line and they must have a certain filenames to be found.

Wordlist filenames have to follow the pattern: wordlist_<NAME>.txt where <NAME> can be any name consisting of letters, numbers, underscores and hyphens. For instance wordlist_en_eff.txt is the filename of the EFF (electronic frontier foundation) word list. en_eff is the name of this list.

We support .txt and .asc as filename extensions for wordlists, where .txt files are expected to be plain wordlists and .asc files should provide a PGP-signature.

If wordlists with the same name are found in different directories then the one in the directory with the highest precedence is taken only. The following locations are ordered by precedence (highest first). Therefore built-in wordlists cannot be overridden by custom wordlists. You can, however, use custom wordlists with a different name.

Directories we look up that do not exist (in part or completely) are silently skipped when searching for wordlist files.

<INSTALL-DIR>/wordlists/: The directory containing the built-in wordlists as part of the installation. These are the wordlists that are always available, regardless of configuration values and their exact location depends on the installation location of the diceware package.
$XDG_DATA_HOME/diceware/: If $XDG_DATA_HOME is set and not empty, we look in this directory for wordlists.
$HOME/.local/share/diceware/: If $XDG_DATA_HOME is unset or empty, we look into this directory for wordlists.
<DIR>/diceware from $XDG_DATA_DIRS: If $XDG_DATA_DIR is set and not empty, it is interpreted as a colon-separated list of directories with /diceware appended. So, /foo/bar:/baz will make us look into /foo/bar/diceware/ and /baz/diceware/ in that order.
/usr/local/share/diceware/, /usr/share/diceware: If $XDG_DATA_DIRS is unset or empty, we look into these two directories for wordlists.

Examples

diceware: Create a passphrase using defaults. Outputs something like "WheelDyeHonkCanvasWitsPuck"
diceware -d "-" -n 3: Create a passphrase with three words, separated by dash ("-"). Results in something like "Wheel-Dye-Honk"
diceware --no-caps: Create a passphrase without capital words. Creates something like "wheel-dye-honk".
diceware -r realdice: Use real dice to create a passphrase. The program will tell you what to do (roll dice and tell what numbers appear) and in the end present a passphrase.
diceware -r realdice --dice-sides 20: Use real dice, as shown above, but this time use dice with 20 faces, instead of standard, 6-sided dice.
diceware mywordlist.txt: Create a passphrase with words from file "mywordlist.txt". The file should contain one word on each line.
diceware -w en_securedrop -s 2: Create a passphrase with two special chars spread over the generated passphrase and containing words from wordlist "en_securedrop". This is one of the wordlists that come included with diceware. Creates something like: "PlayaBrigVer{SeesNe-tsGets".
diceware -w en_adjectives en_nouns -n 2: Create two syntactically meaningful phrases, each one consisting of an adjective and a noun. Results in something like: "CruelAttendeesCleanCoffee".

Copyright

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see < <http://www.gnu.org/licenses/> >.

diceware is a concept invented by Arnold G. Reinhold, Cambridge, Massachusetts USA.

The Securedrop wordlist (file wordlists/wordlist_en_securedrop.asc) by Heartsucker is licensed under the MIT license (see <http://mit-license.org/> ).

The EFF wordlist (file wordlsts/wordlist_en_eff.txt) is licensed by the Electronic Frontier Foundation under the Creative Commons CC-BY 3.0 US license (see <https://creativecommons.org/licenses/by/3.0/us/> ).

The copyright for the the Diceware SecureDrop list is owned by @heartsucker. Copyright for the EFF large list by Joseph Bonneau and EFF. Copyright for the brazilian portuguese list by @drebs. Copyright for the english adjective and noun lists by NaturalLanguagePasswords.

"Diceware" is a trademark of Arnold G Reinhold, used with permission.

Author

Written by Uli Fouquet and contributors

Info

December 2024 diceware 1.0.1