Passphrase Generator

Diceware (Arnold Reinhold, 1995) maps a 5-digit dice roll to a word. Five physical dice = 6^5 = 7,776 outcomes = log2(7776) ≈ 12.92 bits of entropy per word. The EFF long word list (2016) uses the same scheme with words chosen to be easy to remember and unambiguous to type. A 6-word passphrase has 6 × 12.92 ≈ 77.5 bits of entropy — comparable to a 12-character random alphanumeric password.

This generator uses crypto.getRandomValues for word selection — exactly the same source of randomness as crypto-grade random number generation. The entropy guarantee matches physical dice; the convenience is much higher.

• EFF Long (7,776 words) — the default. 12.92 bits/word. Words are 3-9 letters, no homophones, no offensive terms.
• EFF Short — 1,296 words (10.34 bits/word) but pickable from first 3 letters. Trade entropy per word for typing speed.
• BIP-39 — 2,048 words (11 bits/word), used by cryptocurrency wallets. Smaller list but standardized and used in multiple contexts.
• Original Diceware — Reinhold's 1995 list, 7,776 words including some short codes and rare words. Slightly less user-friendly than EFF Long; same entropy.
• Language-specific — Diceware lists exist for German, French, Spanish, Polish, and many others. Same entropy math; choose words you actually know.

• 4 words (52 bits) — adequate for a master password if protected by a rate-limited login (web service with bot protection). Inadequate against offline cracking (stolen password database).
• 5 words (65 bits) — comfortable for a master password of a password manager. Beyond the practical reach of GPU-based attackers as of 2026.
• 6 words (78 bits) — recommended default. Generous margin for foreseeable computing advances.
• 7 words (90 bits) — for paranoid cases: full-disk encryption keys, signing keys you cannot rotate, accounts with 30+ year sensitivity.
• 8+ words (100+ bits) — academic. The added security is theoretical for everyday human-typed passphrases.

For comparison, NIST recommends a minimum of 12 random characters for online accounts and 16+ for high-value or master passwords. Six Diceware words clears both thresholds with margin.

• You need a master password for your password manager and need it memorable. Diceware is the standard recommendation.
• You are setting up disk encryption (LUKS, FileVault, BitLocker) and need a phrase that survives muscle-memory typing under stress.
• You are setting up SSH key passphrases and want consistency between multiple keys and people remembering them.
• You are issuing temporary passwords to users that they will rotate but need to type once — easier to communicate by voice if they are real words rather than random characters.

• It will not generate complete account credentials. The passphrase is the password; you still need a username and 2FA wherever supported.
• It will not enforce passphrase rotation. For most modern guidance (NIST 800-63B), rotating without evidence of compromise is counterproductive — users pick weaker passphrases when forced to change.
• It will not check the passphrase against breach databases. The generation is from a fixed list; no specific output is precomputed. If you generate the same passphrase as someone else by chance, it is one in 10^20 — astronomically unlikely.