A Cryptographically-Secure Password for $2, Courtesy of an 11-Yr Old

A 11-year old New Yorker is selling strong cryptographically-secure passwords for $2 each, with a Diceware word-list, an actual dice and the US Postal service.

Sixth-grader Mira Modi is scaling a new business by setting up a website where she sells unique, hard-to-decipher passwords for $2 a password, reports Ars Technica.

Modi is also the daughter of pro-privacy veteran and journalist Julia Angwin who recently hired her daughter to generate strong Diceware-based passphrases as research for a new book. In accompanying her mother to book-related events and selling passwords created on the spot, Modi saw reason to turn it into a business on a website.

Every Diceware passphrase consists of six words and are completely random in the way they’re created before being sent to buyers.

“I think [strong passwords are] important. Now we have such good computers, people can hack into anything so much more quickly,” she said.

Remarkably, she understands a significant concept of passwords that most of the world hasn’t caught on to. Speaking to ArsTechnica, she noted:

“If you just make one [a password] up, it’s not going to be a very good one.”

Diceware Passphrases

Diceware is a decades-old system to come up with truly random, nonsensical passphrases that consist of a string of words. An actual dice is rolled to come up with random numbers that are then synched with words. This creates a phrase that is completely random, such as “Alger klm curry blond pick horse,” and is difficult to crack even by social engineering means. While it is hard for an attacker to figure out, the words are still routine enough for the user to memorize them.

Modi rolls the device every time a new order comes in before looking up a copy of the Diceware word list. Each passphrase is written by hand onto a piece of paper which is then mailed to a customer via post.

This is made clear on her website, where it notes: “The passwords are sent by U.S. Postal Mail which cannot be opened by the government without a search warrant.”

Furthermore, the young New Yorker adds that she won’t be able to remember all the passphrases she has written down before mailing customers and that the copy sent out is the only copy of the passphrase.

While it is obvious that users generating their own Diceware passphrases are going to be more secure, Lifars acknowledges Modi’s foray into bringing better password awareness and commends her for it.