October 26, 2015 by

A Cryptographically-Secure Password for $2, Courtesy of an 11-Yr Old

A 11-year old New Yorker is selling strong cryptographically-secure passwords for $2 each, with a Diceware word-list, an actual dice and the US Postal service.

Sixth-grader Mira Modi is scaling a new business by setting up a website where she sells unique, hard-to-decipher passwords for $2 a password, reports Ars Technica.

Modi is also the daughter of pro-privacy veteran and journalist Julia Angwin who recently hired her daughter to generate strong Diceware-based passphrases as research for a new book. In accompanying her mother to book-related events and selling passwords created on the spot, Modi saw reason to turn it into a business on a website.

Every Diceware passphrase consists of six words and are completely random in the way they’re created before being sent to buyers.

“I think [strong passwords are] important. Now we have such good computers, people can hack into anything so much more quickly,” she said.

Remarkably, she understands a significant concept of passwords that most of the world hasn’t caught on to. Speaking to ArsTechnica, she noted:

“If you just make one [a password] up, it’s not going to be a very good one.”

Diceware Passphrases

Diceware is a decades-old system to come up with truly random, nonsensical passphrases that consist of a string of words. An actual dice is rolled to come up with random numbers that are then synched with words. This creates a phrase that is completely random, such as “Alger klm curry blond pick horse,” and is difficult to crack even by social engineering means. While it is hard for an attacker to figure out, the words are still routine enough for the user to memorize them.

Modi rolls the device every time a new order comes in before looking up a copy of the Diceware word list. Each passphrase is written by hand onto a piece of paper which is then mailed to a customer via post.

This is made clear on her website, where it notes: “The passwords are sent by U.S. Postal Mail which cannot be opened by the government without a search warrant.”

Furthermore, the young New Yorker adds that she won’t be able to remember all the passphrases she has written down before mailing customers and that the copy sent out is the only copy of the passphrase.

While it is obvious that users generating their own Diceware passphrases are going to be more secure, Lifars acknowledges Modi’s foray into bringing better password awareness and commends her for it.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Netflix Launches Public Bug Bounty Program

Streaming giant Netflix has announced the launch of a public bug bounty program designed to allow...

Read more arrow_forward

15-Year-Old Hacks Ledger Hardware Cryptocurrency Wallet

A teenage hacker has discovered a flaw in Ledger, a popular hardware wallet that could essentially...

Read more arrow_forward

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward