Diceware Passphrase Generator

Metric	Value	Copy
{{ row.label }}	{{ row.value }}

Position	Roll code	Rendered word	EFF word	Copy
{{ row.position }}	{{ row.code }}	{{ row.renderedWord }}	{{ row.rawWord }}

Check	Status	Why it matters	Next move	Copy
{{ row.label }}	{{ row.status }}	{{ row.detail }}	{{ row.action }}

Diceware passphrases are built from randomly chosen words. Each word comes from a numbered wordlist entry selected by five six-sided dice, so strength comes from chance and word count rather than from hard-to-type substitutions.

A six-word phrase from a 7,776-word list has about 77.5 bits of Diceware entropy. Seven words move past 90 bits, and eight words move past 103 bits. Formatting choices such as hyphens, spaces, title case, or uppercase can help a site accept the passphrase, but the main security gain comes from adding random words.

Use this kind of generator for human-entered credentials where memorability matters. For API keys, encryption keys, and machine-only secrets, a random byte or token generator is usually a better fit.

Diceware flow from a five-dice key to a wordlist entry and a multi-word passphrase

Technical Details:

The generator uses the EFF long list with 7,776 words. Browser secure rolls use Web Crypto when available and fall back with a warning if the browser does not expose secure random values. Manual mode lets you paste one five-digit key per word, using only digits 1 through 6.

The entropy estimate is based on the wordlist size and optional random suffix digits. Case changes and separators are not counted as Diceware entropy because they are formatting policies, not new random word choices.

TotalBits = Words \times \log_{2} (7776) + SuffixDigits \times \log_{2} (10)

Diceware options and their security meaning
Option	Supported values	Security meaning
Word count	4 to 12 words	Main entropy source
Roll source	Browser secure rolls or manual five-dice keys	Controls how word choices are selected
Separator	Hyphen, space, underscore, dot, none	Readability and policy compatibility
Case style	Lowercase, first word capitalized, title case, uppercase	Formatting only
Compatibility suffix	0 to 4 random digits	Small extra entropy plus digit policy support

Length goals are handled by retrying browser-generated phrases up to an internal attempt limit. Manual dice mode does not keep rerolling because the supplied keys are the source of truth.

Everyday Use & Decision Guide:

Start with the EFF six-word preset for a normal password-manager or account-login phrase. Add a seventh or eighth word when the account is important or when you want more margin before changing formatting.

If a site requires a number, use the Compatibility suffix instead of replacing a word with a number. If a site requires a symbol, choose hyphen, underscore, or dot as the separator. If spaces are rejected, turn on Policy disallows spaces and use a visible non-space separator.

Check Estimated total entropy before copying the phrase.
Read Browser randomness; do not trust a final credential if it says Fallback.
Use Roll Sheet when you need to audit manual dice keys or record how the words were selected.
Use Policy Fit to see which site rules pass and what to change.

A phrase that satisfies uppercase, digit, and symbol rules is not automatically strong. Four words with decoration are still below the six-word starting point.

Step-by-Step Guide:

Set Word count, then click Generate passphrase or Build from dice keys.
Open Advanced to choose a Preset, Separator, Case style, Roll source, suffix digits, and length goals.
For manual mode, paste exactly one five-digit key per word. If validation fails, correct the count or remove digits outside 1 through 6.
Turn on policy switches only for rules the target site really enforces.
Read Passphrase Metrics, Roll Sheet, Policy Fit, and JSON before storing the final phrase in a password manager.

Interpreting Results:

The passphrase line is the value to store. Estimated total entropy summarizes word entropy plus optional suffix digits. The guidance badge distinguishes below-baseline phrases, the EFF six-word start, about 90-bit headroom, and long-form phrases beyond about 103 bits.

Do not read policy pass as security pass. Policy Fit only checks uppercase, digit, symbol, and space rules selected in Advanced. The stronger corrective action is usually adding a word, not adding more decoration.

Worked Examples:

A six-word lowercase phrase with hyphens and no suffix reports about 77.5 bits from the words. If a site accepts hyphens as symbols, the separator may satisfy the symbol check without changing the word entropy.

A seven-word spaced title-case phrase improves entropy to about 90.5 bits while staying readable. If the site rejects spaces, switch the separator to hyphen or underscore and keep the word count.

Manual mode with word count 6 and only five dice keys shows a validation error. Add the missing five-digit key or lower Word count before building the phrase.

FAQ:

Why does one word add about 12.9 bits?

The EFF long list has 7,776 entries, and log2(7,776) is about 12.9. Each independently selected word adds that amount.

Are separators counted in the entropy?

No. The separator is chosen by the user, so it helps readability and policy fit but does not add random Diceware word entropy.

What happens if Web Crypto is unavailable?

The Browser randomness row warns that the browser fell back. Generate the final credential in a Web Crypto capable browser or with physical dice.

Can I use my own physical dice?

Yes. Choose Manual five-dice keys and enter one five-digit key per word, using only digits 1 through 6.

Glossary:

Diceware entropy: The estimated unpredictability from random word choices.
Five-dice key: A five-digit code from rolling five six-sided dice, used to select one word.
Compatibility suffix: Random digit(s) appended to satisfy sites that require numbers.