riceware: you can now use R to generate strong (and easy to remember) passwords

Last week I read this article on how to generate strong (but easy to remember) passwords. The method coined Diceware uses a 6-faced dice to draw a series of 5 random numbers. This 5 random numbers are matched against a list of 7776 words that represents all the possible combinations of dice rolls. The words and abbreviations included in the list have been chosen to be easy to remember. By repeating this process 7 times, you can generate a passphrase that would take several million years for even a powerful computer (1 trillion guesses/second) to guess.

The article I read mentioned that there was no user friendly way to generate these passphrases automatically, so I wrote riceware a small R package that allows users to generate passphrases that is now available on CRAN. The package provides the list of words in English (wordlist_en), French (wordlist_fr), German (wordlist_de), Italian (wordlist_it), Japanese (wordlist_jp), Spanish (wordlist_es) and Swedish (wordlist_sv).

The simplest way to interact with the package, after installing it, is simply to type:

library(riceware)
generate_passphrase()

This will provide you with a 7-word passphrase such as: "IndiesDnaCheckCFoxyAidGimpy".

By default, this function relies on the sample() function to generate the dice rolls, but the numbers thus obtained are not truly random. You can instead use true random numbers (generated by https://random.org and easily accessible in R with the random package by Dirk Eddelbuettel). You can also change the number of words your passphrase uses or the language of the words. For instance, to generate a French 5-word passphrase:

generate_passphrase(generate_tokens(n_words = 5, method = "random"),
                    wordlist = wordlist_fr)

For all magrittr aficionados, you can also do:

  generate_tokens(5, method = "random") %>%
     generate_passphrase(wordlist = wordlist_fr)

For the security conscious, it might be safer to use an actual physical dice to generate the tokens. You can then provide them manually to the generate_passphrase() function:

generate_passphrase(c("52126", "52215", "52222"))

Coincidentally, the French parliament voted yesterday a law that expands greatly the surveillance program of internet communications (see a New York Times article, and a Le Monde article (in French). Strong passphrases are needed to ensure correct encryption and maintain privacy.

The package is on GitHub https://github.com/fmichonneau/riceware, issues and pull requests submissions are welcome and encouraged.

I’d like to thank CRAN for a smooth and speedy approval of this package.

If you’d like to learn more about the Diceware method:

• diceware.com
• The Diceware wikipedia page
• Passphrases That You Can Memorize — But That Even the NSA Can’t Guess is the original article I read that inspired me to write this package. It's a very clear and informative read.