LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

TOOLS  /  DICEWARE

Diceware Passphrase Generator

Generate memorable high-entropy passphrases using EFF-style wordlists and the browser’s cryptographic random number generator. Words are picked in your browser — nothing is sent over the network.

    What it does

    Diceware is a method for generating cryptographically strong yet memorable passphrases. You pick N words at random from a known wordlist; each word contributes log2(wordlist size) bits of entropy. The classic EFF list has 7776 words (~12.9 bits/word, so a 6-word passphrase is ~77 bits). Our compact generator uses a smaller list for tighter integration but you can step up to the full EFF list for maximum entropy. All randomness comes from the browser’s `crypto.getRandomValues` — never `Math.random`.

    Advertisement

    How to use it

    1. Pick a word count (6 recommended; longer = stronger).
    2. Pick a separator (-, ., _, or space).
    3. Optionally capitalize first letter of each word and/or append a digit.
    4. Click "Generate" — passphrase + entropy estimate appear instantly.
    5. Click "Copy" to copy to clipboard. Memorize it. Use it as your password manager’s vault password.

    Common use cases

    Password manager vault password The ONE password you have to memorize. Diceware excels here: long, random, but rememberable.
    Full-disk-encryption password LUKS / FileVault / BitLocker — typed at boot, never autofilled. Memorability matters.
    SSH key passphrase Protects your private key against laptop theft. Diceware passphrase + ed25519 key = strong defense-in-depth.
    VPN / SSO bootstrap secret When you need a high-entropy secret that’s spoken aloud in onboarding, dashes-between-words is easier than punctuated random characters.
    Advertisement

    Frequently asked questions

    Why is this stronger than random characters? +
    It isn’t stronger bit-for-bit — but humans actually memorize passphrases, whereas they write down random-character passwords. Real-world security = passphrase wins.
    How many words is enough? +
    6 words from a 7776-word list ≈ 77 bits, which resists 1 trillion guesses/sec for ~5 million years. 4 words = 51 bits = days at GPU rates. Use 6+.
    Should I add capitalization and digits? +
    Adds marginal entropy. Stronger to just add another word. But if a site enforces "must contain digit/uppercase," our options accommodate.
    Why not use a 12-character random password? +
    A truly random 12-char alpha-numeric is ~71 bits (similar entropy). But "Tr0ub4dor&3" is much harder to memorize than "correct-horse-battery-staple".

    Related tools

    Related coverage on Ciphers Security

    You may also like

    Free for everyone, no signup required. Tool runs at /tools/diceware/ — bookmark or share.

    Scroll to Top