Diceware Passphrase Generator
Build a memorable passphrase by drawing words from the EFF short wordlist (1,296 words). Each word contributes about 10.34 bits of entropy, so a six-word phrase carries roughly 62 bits, more than enough to resist offline brute force for years. Randomness comes from the browser's cryptographic random source. Nothing you generate leaves the device.
Explain like I'm 5 (what even is this calculator?)
Picture rolling five dice and looking up the result on a printed list of 1,296 words. Each roll gives you one word. String six of them together and you have a password your brain can actually hold ("acid-bagel-gecko-quiet-tutu-zone") that a computer would still take an absurd amount of time to guess. This page does the rolling for you using your browser's secure random number generator, then prints the phrase.
Generate a passphrase
Browser-only. The wordlist is baked into the page, the random draw runs locally with crypto.getRandomValues, and the passphrase is never sent anywhere. Disconnect your network and try it: still works.
Press Generate.
- Words6
- Entropy62.0 bits
- Resistance—
Prove it
Press Generate to see the working for the current passphrase.
Wordlist: EFF Short Wordlist #1, 1,296 words, published by the Electronic Frontier Foundation in 2016 (eff.org/dice). Entropy formula: bits = words × log2(1296). log2(1,296) is about 10.3398, so each extra word adds roughly 10.34 bits. A 6-word phrase is approximately 62 bits. Memorable beats random for human-typed passwords because users do not write down what they can recall, and a passphrase they can recall is one they will not weaken by sticking on a note next to the screen.
Useful? Save this calculator: press Ctrl + D to bookmark it.
What "Diceware" actually means
Diceware is a method described by Arnold Reinhold in 1995. The original version uses five physical dice, a printed list of 7,776 words (one for every five-digit code from 11111 to 66666), and pen and paper. Roll five dice, read off the word, repeat. Each word adds log2(7776), about 12.92 bits, of entropy to the phrase. Reinhold's argument was that ordinary humans have no business typing 18 character random strings into things they want to remember, and that a memorable phrase drawn from a published wordlist gets to the same security floor by a kinder route.
This page uses the EFF short wordlist instead. Published by the Electronic Frontier Foundation in 2016, it trims the count to 1,296 words but filters them for memorability, length, and unique three-letter prefixes. Each word contributes a little less entropy (10.34 bits versus 12.92) but is shorter and easier to type, so for the same total entropy budget you end up with a phrase you actually want to use. Six EFF-short words give about 62 bits, which is broadly equivalent to five long-list words.
Why a generated passphrase beats a chosen one
Humans pick badly. Asked to invent a memorable phrase, people lean on song lyrics, pet names, dates, the names of children. None of that is random. An attacker who knows you, or who has access to the dictionaries of common phrases that fall out of every breach, will get there in minutes. Diceware works precisely because the choice is delegated to the dice, and the dice do not know that "TrustNo1" is a clever Mulder reference. They just roll.
The same applies to "personalising" a generated phrase by replacing one of the words with something meaningful. Doing so collapses the entropy of that word from 10.34 bits to whatever the attacker's guess space is, often less than 5. Generate the phrase, type it as it comes, and resist the urge to redecorate.
Length, separators and shoulder surfing
The separator is mostly cosmetic but worth thinking about. Hyphens and dots are easy to type one-handed and play nicely with most password rules. Spaces are the most readable but get rejected by some legacy systems that treat the space as a delimiter. None at all (acidbagelgeckoquiettutuzone) is fine when you are pasting from a manager but punishing to type live. Capitalising one word at random is a small bonus that satisfies "must contain an uppercase letter" rules without dragging the whole phrase into shouting.
Where this is the wrong tool
Anything that lives entirely inside a password manager and gets auto-filled is better off as a long random string. Random characters are denser per symbol and you will never type them by hand, so the typing-friendliness of Diceware buys you nothing. Use the random Password Generator for those. Reach for Diceware when you have to remember the password yourself: master keys, full-disk encryption, the SSH key passphrase you put on your laptop.
How the random draw works
Each word is picked by drawing a 32-bit unsigned integer from crypto.getRandomValues, then mapping it to [0, 1296) using rejection sampling. The naive approach (modulo the integer by 1,296) is biased: 2^32 is not a multiple of 1,296, so some words get drawn very slightly more often than others. Rejection sampling discards any draw that lands in the biased tail and redraws, giving a perfectly uniform distribution over the wordlist. The cost is a handful of extra draws on average. The benefit is a passphrase whose entropy is exactly what the maths claims.
Related calculators
A passphrase is one approach. These cover the rest of the credential toolkit.
Frequently asked questions
Why use a Diceware passphrase instead of a random string?
For passwords you have to type yourself, master passwords for a password manager, full-disk encryption, laptop login, a memorable passphrase wins. You will not write it on a Post-it because you can recall it. A six-word Diceware phrase carries about 62 bits of entropy, which is more than most random 10-character passwords once you account for how people actually pick characters.
Is the randomness real?
Yes. The page draws from crypto.getRandomValues, the browser's cryptographic random source, the same one used to negotiate TLS sessions. Math.random is never used. Each word is chosen using rejection sampling against the 1,296-word list, so there is no modulo bias.
How many words do I need?
Five words is reasonable for low-stakes accounts. Six is the sensible floor for anything that matters. Seven or eight for password manager master keys and disk encryption. Three or four are deliberately offered for short demos and one-off throwaway logins, but they are not strong on their own.
Does the page send my passphrase anywhere?
No. The wordlist is baked into the page, the random draw is local, and the rendered passphrase never leaves your browser. You can disconnect from the network, generate, copy, and close the tab. Nothing is uploaded.
Why this wordlist specifically?
The EFF short wordlist (1,296 words, average length around 4.5 characters) was published by the Electronic Frontier Foundation in 2016. Words are filtered for memorability and unique three-letter prefixes, which makes them faster to type and harder to confuse. Each word contributes log2(1,296), about 10.34 bits, of entropy.