Re: Using Diceware, BIP39 and leetspeak for Argon2id keys

Marcel Logen wrote:

Stefan Claas in sci.crypt:
 

regarding my previous thread about memorizing a 128/256 bit key,
I came up with the following idea to create Argon2id keys.
 
Now we only need to memorize our Diceware passphrase.
 
This task shoulb be carried out on an offline Computer.
 
I am using four Golang programs, called dwp (diceware passphrase),
dice2bip, leetspeak and argon2id, which you can find on my GitHub
page at:
 
https://github.com/stefanclaas/
 
Usage of leetspeak is optional.
 
First we start with dwp:
 
$ dwp -r 6 -d eff_large_wordlist.txt -p
Diceware number 1: 51534 - reselect
Diceware number 2: 25455 - envelope
Diceware number 3: 42252 - nuptials
Diceware number 4: 35561 - lapping
Diceware number 5: 26225 - expand
Diceware number 6: 24453 - earpiece
 
Complete passphrase: reselect envelope nuptials lapping expand earpiece

 
Calculated entropy: 77 Bits:
 
   number of positions: 30 (6 x 5)
   character pool: 1..6
 
| user15@o15:/tmp$ bc -lq
| 30 * l(6)/l(2)
| 77.54887502163468544431
 
Quote from <https://en.wikipedia.org/wiki/Diceware>:
 
| The level of unpredictability of a Diceware passphrase
| can be easily calculated: each word adds 12.9 bits of
| entropy to the passphrase [...]. Originally, in 1995,
| Diceware creator Arnold Reinhold considered five words
| (64.6 bits) the minimal length needed by average users.
| However, in 2014 Reinhold started recommending that at
| least six words (77.5 bits) be used.
 
[...]
 

Our final result: b3ff9d34181c4771dd9ec993c78b2d5b2cc809024c9447f97468893f0d70e611

 
This result has an entropy of 77 Bits, too. IMHO.
 
Not 256 Bits, as you might think, as reshaping doesn't
add any amount of entropy, AFAIR.

You left out the important step of BIP39 usage, prior
generating the final key. My BIP39 program accepts any
strings, not only diceware passphrases.

Let alone leetspeak usage, so that Eve would never figure
out what combination was used.

People might argue that this is security by obsurity,
which I do not think, because it is made public, for
discussion and I also strongly believe that through
BIP39 usage the entropy is much more to generate a 256
bit Argon2id key.

The way you IMHO calculate the entropy, with bc, is
not what public entropy calculators do.

--
Regards
Stefan