Diceware Passphrase Generator

Generate a strong, memorable passphrase the Diceware way — by picking whole words at random from a curated list instead of mangling a single word with symbols. Choose how many words, a separator and a capitalisation style, and get a passphrase along with its exact entropy in bits, the size of the word list, and an estimate of how long it would take to crack. Words are chosen with your browser's cryptographically secure random generator, and nothing is sent anywhere.

How to use the Diceware Passphrase Generator

Set the number of words — six is a sensible default for a strong, still-memorable passphrase — then pick a separator and capitalisation to satisfy whatever password rules you're up against. Press Generate for a new phrase; regenerate until you get one you like. Each word is drawn independently from a built-in list of common, easy-to-type English words using crypto.getRandomValues with rejection sampling, so there's no bias toward any word and the randomness is cryptographic quality, not the predictable Math.random that some generators use.

The statistics below the passphrase are the important part. Entropy is reported as the number of words times the base-2 logarithm of the list size, which is the honest measure of strength: it assumes an attacker knows exactly which word list and method you used and still has to search the whole space. The crack-time estimate assumes a fast offline attack of a trillion guesses per second against a properly-hashed password, and shows the expected time (half the space). Adding one more word multiplies the difficulty by the size of the list, so length is by far the most powerful lever — far more than swapping letters for symbols. Everything is computed locally; the passphrase is never transmitted or stored, so save it before leaving the page.

Why word passphrases beat complex passwords

Diceware is a method for generating passphrases by selecting random words from a numbered list — traditionally by rolling physical dice, hence the name — so that the result is both strong and memorable. It exists to escape a trap that ordinary password advice walks people straight into: the rules that demand an uppercase letter, a digit and a symbol produce passwords that are hard for humans to remember but easy for computers to guess, because people respond to those rules in predictable ways (Password1!, Summer2024@). A string of random words inverts that — it's easy to remember and genuinely hard to guess, because its strength comes from raw randomness rather than from a pattern.

The strength is quantifiable, which is the whole appeal. Each word chosen from a list of N possibilities contributes log₂(N) bits of entropy, and the bits add up across words. With the list of around 2,330 words built into this tool, each word is worth roughly 11 bits, so a six-word passphrase carries about 67 bits of entropy — meaning an attacker who knows the exact method must still try, on average, more than 70 quintillion combinations. Crucially, that figure holds even if the attacker knows the word list and that you used Diceware; the security is in the randomness of the selection, not in any secrecy about the technique. This is the opposite of "security through obscurity," and it's why the entropy of a generated passphrase is trustworthy in a way that a hand-picked one never is — human-chosen "random" words cluster around common, related, memorable choices and have far less entropy than they appear to.

Length is the dominant factor. Because entropy is additive, every extra word multiplies the search space by the size of the list, so going from five words to six adds more strength than any amount of character substitution within a fixed length. That's the empirical finding behind the well-known observation that a long passphrase of common words can be both easier to remember and harder to crack than a short, gnarly password full of symbols. The practical guidance: use a passphrase of six or more words for important accounts (more where it protects something valuable or long-lived), let a generator like this one pick the words with a real cryptographic random source, and store it in a password manager rather than relying on memory for every account. The capitalisation and separator options here exist only to satisfy composition rules — they add negligible entropy compared to one more word, so reach for length first.

Common use cases

  • Master passwords. Generate a memorable, high-entropy phrase to protect a password manager.
  • Account passwords. Create strong passphrases you can actually recall for important logins.
  • Encryption keys. Produce a human-typeable passphrase for disk or file encryption.
  • Wi-Fi and shared secrets. Make a long but speakable key for a network or device.

Frequently asked questions

How is the entropy calculated?
Entropy in bits equals the number of words times log₂ of the word-list size. With the built-in list of about 2,330 words, each word adds roughly 11 bits, so a six-word passphrase has about 67 bits. This is the honest figure assuming an attacker knows the exact list and method — the strength comes from the random selection, not from secrecy.

Is this the official EFF or Diceware word list?
No. It uses a built-in curated list of common, easy-to-type English words, and the tool reports the actual list size so the entropy figure is accurate for the list in use. The method — picking words uniformly at random with a secure source — is the Diceware approach; the per-word entropy simply reflects this list's size.

How many words should I use?
Six words is a good default for important accounts, giving roughly 67 bits of entropy. Use more — seven or eight — for high-value or long-lived secrets such as a password-manager master password or encryption key. Each additional word multiplies the difficulty by the list size, so length matters far more than adding symbols.

Why are word passphrases better than complex passwords?
Composition rules (a symbol, a digit, a capital) push people toward predictable patterns that are easy to crack, whereas randomly chosen words are both memorable and high-entropy. Because entropy adds up per word, a long passphrase of common words can be easier to remember and harder to guess than a short symbol-laden password.

Is the passphrase generated securely and privately?
Yes. Words are selected with the Web Crypto secure random generator (crypto.getRandomValues) using rejection sampling to avoid bias, all in your browser. The passphrase is never sent over the network or stored, so save it before closing the page — it cannot be recovered afterwards.