Diceware Passphrase Generator
Generate a Diceware passphrase from EFF long-list rolls, then check entropy, manual dice evidence, length limits, and site policy fit.Latest roll
Generated result
| Metric | Value | Copy |
|---|---|---|
| {{ row.label }} | {{ row.value }} |
| Position | Roll code | Rendered word | EFF word | Copy |
|---|---|---|---|---|
| {{ row.position }} | {{ row.code }} | {{ row.renderedWord }} | {{ row.rawWord }} |
| Check | Status | Why it matters | Next move | Copy |
|---|---|---|---|---|
| {{ row.label }} | {{ row.status }} | {{ row.detail }} | {{ row.action }} |
Introduction:
Random passphrases solve a different problem from the passwords people usually invent. A person-made password often has a theme, keyboard pattern, familiar substitution, or reused phrase behind it. A Diceware-style passphrase starts with chance instead. Each word is selected from a numbered wordlist by a random five-dice key, so the strength comes from the number of possible word sequences rather than from unusual spelling or punctuation.
The EFF long list has 7,776 words, matching the ordered outcomes of five six-sided dice. That size matters because every randomly selected word adds another independent choice from the same 7,776-entry set. Six words are widely used as a starting point because they produce about 77.5 bits of entropy before any extra formatting. Seven words pass about 90 bits, and eight words pass about 103 bits.
Passphrases are most useful when a secret may need to be typed, read aloud to yourself, written down temporarily, or recovered from memory. They are a poor substitute for machine-only secrets such as API keys, cryptographic keys, recovery tokens, or session identifiers, where a password manager or generator can create random characters that nobody needs to remember.
Formatting choices can still matter. Some password forms reject spaces, require a digit, demand uppercase letters, or set a maximum length that makes a long phrase hard to submit. Those rules affect acceptance, not the main Diceware entropy calculation. A five-word phrase with a digit and punctuation can look more complicated than a six-word phrase while still offering a smaller random search space.
A strong passphrase also has ordinary credential risks. It can be stolen by phishing, copied from clipboard history, captured by malware, reused after a breach, or lost if nobody stores it correctly. Random generation improves guessing resistance, but account protection still depends on one-passphrase-per-account use, safe storage, and multi-factor authentication where it is available.
How to Use This Tool:
Start with the word count and readability choices, then use the advanced controls only when a target password form needs a specific shape.
- Set Word count. Six words is the normal EFF long-list start, seven clears about 90 bits, and eight clears about 103 bits.
- Choose a Preset if it matches your situation. The available presets cover a six-word EFF start, compatibility checks, readable title-case spacing, and a longer uppercase underscore style.
- Pick a Separator and Case style. Hyphens and spaces keep word boundaries visible, while uppercase or title case can help with site rules that require capital letters.
- Use Roll words to create a new phrase. The passphrase appears in the summary with badges for word count, estimated entropy, character count, randomness source, EFF guidance, and active policy checks.
- Open Advanced when you need physical dice input or site-policy checks. Roll source can use browser secure rolls or manual five-dice keys.
- In manual mode, enter one five-digit key per word in Manual dice keys. Valid keys use only digits 1 through 6, such as
43146, and the number of keys must match the selected word count.Manual mode clears the result when the key count is wrong or any key contains a digit outside 1 through 6. - Use Compatibility suffix only when a site requires digits. The suffix can add 0 to 4 random digits, but another full Diceware word adds much more entropy than several digits.
- Set Minimum length goal, Maximum length cap, and the uppercase, digit, symbol, and no-space switches to mirror the target form. The policy table reports those selected checks without treating them as a full security grade.
- Before copying, check Estimated total entropy, Randomness source, Roll Sheet, and Policy Fit. A fallback randomness warning means the generated phrase should not be used as the final credential.
Interpreting Results:
Estimated total entropy is the primary strength estimate. It counts the random word choices and any random suffix digits. It does not count capitalization or separators because those are selected formatting choices rather than independent random choices.
Randomness source tells you where the current phrase came from. Browser-side rolls use cryptographic random values when the browser provides them. Manual dice keys make the word choices traceable to the codes you entered. If manual mode also adds suffix digits, those suffix digits still come from browser randomness.
| Result cue | What it means | What to check next |
|---|---|---|
| Below EFF 6-word start | Four or five EFF long-list words. | Add random words before relying on case, punctuation, or digits. |
| EFF 6-word start | About 77.5 bits from six random words. | Confirm the phrase is unique and generated from a secure source. |
| ~90-bit headroom | Seven words, or enough total bits with a suffix to pass about 90 bits. | Use this when you want more margin for important accounts. |
| Policy 4/4 pass | All selected site rules are satisfied. | Still read the entropy and randomness fields before storing the phrase. |
| Math.random fallback | The browser did not provide cryptographic random values for browser-generated rolls or suffix digits. | Regenerate in a Web Crypto-capable browser or switch to physical dice. |
The Roll Sheet is useful when you need an audit trail. It lists each word position, the five-dice code, the rendered word after case styling, and the original EFF word. For physical dice workflows, this lets you compare the typed codes against the final phrase without exposing any internal page details.
Policy Fit is an acceptance check, not a password-strength meter. A phrase can pass a site's uppercase, digit, symbol, and no-space rules while still being short by Diceware standards. If the policy and entropy fields disagree, add random words before adding more decoration.
Technical Details:
Diceware strength is counted from independent random selections. A five-dice key has 65 ordered outcomes, which equals 7,776. A 7,776-word list therefore gives one possible word for every five-dice result. Repeating the process creates a sequence whose search space is the wordlist size raised to the number of words.
Browser generation uses cryptographic random values when available and selects each die face with rejection sampling from random bytes. Rejection sampling avoids modulo bias by discarding byte values that would make some faces slightly more likely than others. If cryptographic random values are not available, the result labels the session as a fallback so the user can avoid trusting that phrase.
Formula Core:
Total entropy is the sum of Diceware word entropy and optional suffix-digit entropy. The equation below matches the displayed estimate and deliberately leaves out separators and case styling.
| Quantity | Meaning | Value used |
|---|---|---|
| Words | Random entries selected from the EFF long list. | 4 to 12 |
| log2(7,776) | Entropy from each Diceware word. | 12.92 bits |
| SuffixDigits | Random decimal digits appended for compatibility. | 0 to 4 |
| log2(10) | Entropy from each random digit. | 3.32 bits |
Six words with no suffix produce 6 × 12.92, or about 77.5 bits. Six words plus one random digit produce about 80.8 bits. Seven words with no suffix produce about 90.5 bits, which is why one more random word is a larger security increase than several compatibility digits.
Rule Core:
| Area | Rule | Result effect |
|---|---|---|
| Word count | Whole numbers are kept between 4 and 12. | Changes word entropy, roll count, and EFF guidance badges. |
| Manual dice keys | One [1-6]{5} key is required for each selected word. |
Invalid count or digits clear the result until the manual input is corrected. |
| Length targets | Minimum and maximum goals are either off or set from 1 to 128 characters. | Browser rolls retry up to 64 attempts to satisfy active length limits. |
| Guidance bands | Six words meet the EFF start, seven words clear about 90 bits, and eight words clear about 103 bits. | The summary recommends the next useful word count when more margin is available. |
| Policy checks | Uppercase, digit, symbol, and no-space checks compare the rendered phrase with selected site rules. | They affect acceptance guidance, not the Diceware word entropy. |
The exact keyspace is also calculated from the wordlist size and suffix length. A six-word phrase without suffix digits has 7,7766 possible word sequences. Adding a one-digit suffix multiplies that by 10, while adding a seventh word multiplies it by 7,776.
Responsible Use Notes:
Use each generated passphrase for one account or one protected vault only. Reuse turns a breach in one place into a credential-stuffing risk somewhere else.
- Store the exact phrase in a password manager or another secure record before closing the page.
- Do not keep generated secrets in shared tickets, screenshots, unencrypted notes, or chat history.
- Prefer physical dice or a Web Crypto-capable browser for final credentials.
- Use multi-factor authentication where the account supports it, because passwords and passphrases are not phishing-resistant.
Worked Examples:
Standard account passphrase. Six words, hyphen separator, lowercase, browser secure rolls, and no suffix produce about 77.5 bits. The EFF guidance field reports the six-word start, and the Roll Sheet lists 30 die faces across six five-dice keys.
Policy-compatible form. The compatibility preset uses six words, a hyphen separator, first-word capitalization, one random digit, a 16-character minimum, and matching uppercase, digit, and symbol checks. The entropy estimate rises to about 80.8 bits because the suffix digit adds about 3.3 bits.
Longer readable phrase. Seven words with spaces and title case clear about 90.5 bits before any suffix. This shape is easier to read, but it should be used only where the target form accepts spaces.
Physical dice audit. Manual keys such as 43146 11512 35666 22461 63626 15424 create a six-word phrase and a roll sheet tying each displayed word to the supplied code. With no suffix, the randomness source remains manual only.
Invalid manual input. Six-word manual mode with five keys, an extra key, or a key such as 71234 clears the result and shows a validation message. Add the missing key, remove the extra key, or replace digits outside 1 through 6.
FAQ:
How many Diceware words should I use?
Six EFF long-list words are the normal starting point at about 77.5 bits. Seven words report about 90.5 bits, and eight words report about 103.4 bits.
Do uppercase letters or separators make the phrase stronger?
They can make the phrase easier to type or more likely to pass a site rule, but they are not counted as Diceware entropy because they are chosen settings. Random words and random suffix digits are the counted sources.
Can I use physical dice instead of browser rolls?
Yes. Choose Manual five-dice keys and enter one five-digit key per word. The roll sheet shows each key, the rendered word, and the underlying EFF word.
Why does the suffix add less entropy than another word?
One decimal digit has 10 possible values, or about 3.32 bits. One EFF long-list word has 7,776 possible values, or about 12.92 bits.
What should I do if the randomness source says fallback?
Do not use that phrase as the final credential. Regenerate in a browser that provides cryptographic random values or enter physical dice keys manually.
Is the generated passphrase sent away during generation?
The passphrase is generated in the browser as part of the page interaction. Treat clipboard copies, downloaded reports, JSON exports, and screen shares as sensitive after generation.
Glossary:
- Diceware entropy
- The estimated guessing resistance from independently selected random words.
- EFF long list
- The 7,776-word list used for five-dice passphrases, with one entry per ordered five-dice outcome.
- Five-dice key
- A five-digit code using digits 1 through 6, such as
43146, that selects one word. - Rejection sampling
- A random-selection method that discards out-of-range byte values so die faces stay evenly distributed.
- Compatibility suffix
- Optional random digits appended to satisfy password forms that require a number.
- Policy fit
- The selected checks for length, uppercase letters, digits, symbols, and spaces.
References:
- EFF Dice-Generated Passphrases, Electronic Frontier Foundation.
- EFF's New Wordlists for Random Passphrases, Electronic Frontier Foundation.
- NIST SP 800-63B: Authentication and Authenticator Management, National Institute of Standards and Technology.
- Crypto: getRandomValues() method, MDN Web Docs.