cancel
Showing results for 
Search instead for 
Did you mean: 
New Contributor

Is Diceware passphrase generated by PandaStrike safe?

I have some questions about whether it is safe to use a Diceware passphrase generated by PandaStrike as a LastPass master password.

I appreciate in advance any answers that you can give me.

PandaStrike provides the following link that I can use for PandaStrike to generate a ten word passphrase by using the Diceware method and the EFF large list of Diceware words:

https://www.pandastrike.com/posts/20161 ... curity-eff

The generated passphrase on is shown on my computer screen as text in a box.

Here is one example of such a generated passphrase:

growing footboard matter revert posture creatable could unlucky rebuff unleveled

I can:

(1) write down the text on a piece pf paper, so that I can memorize it and then destroy the paper, and use the text as a LastPass master password;

(2) copy the text to the clipboard, and then paste it later from the clipboard (including pasting it into LastPass as a new master password); or

(3) drag and drop the text into a document (or into LastPass) as a new master password. This does not involve use of the clipboard. I can destroy the document later or I can drop and drag from the document into LastPass.

I will be using PandaStrike to generate this passphrase on my laptop computer, which has an encrypted hard drive, which is protected by Norton 360 Premier, and which will be securely connected to the internet at my home with my WiFi password. No one will be able to see me do this, or to piggyback on my home WiFi.

Here are my questions:

1. During the passphrase generation process and thereafter, does PandaStrike record or store any information that will enable it to identify me or the words in the passphrase that has shown up on my computer screen?

2. If the answer is NO, can I safely use the passphrase as a LastPass master password if I use the “write it on paper first” method? Please explain why or why not.

3. If the answer is NO, can I safely use the passphrase as a LastPass master password, by dragging and dropping the passphrase from the generation screen directly into LastPass (which does not use the clipboard)? Please explain why or why not.

4. If the answer is YES, what information does PandaStrike record or store?

5. If the answer is YES, can I safely use the passphrase as a LastPass master password if I use the write it on paper first method? Please explain why or why not.

6. If the answer is YES, can I safely use the passphrase as a LastPass master password, by dragging and dropping the passphrase from the generation screen directly into LastPass (which does not use the clipboard)? Please explain why or why not.

Thank you very much.

jhollingsworthc