Diceware passphrase generator

This generator runs entirely in your browser and needs JavaScript (and HTTPS) to verify the wordlist hash and draw random words. Please enable JavaScript to use it.

Pick a length, pick a separator, hit regenerate. Everything runs in your browser· no passphrase, no seed, nothing that looks like one, ever leaves the page. Words come from the EFF large wordlist (7,776 words). I bundled a copy with this site so you can audit what you actually ran.

Loading wordlist…

Length: 6 words

Separator

space

dash

dot

Capitalize each word

Entropy:: —

What is diceware?

Diceware is the idea of building a passphrase by picking random words from a fixed list. The EFF large list has 7,776 words, so each word you draw adds log₂(7776) ≈ 12.925 bits of entropy. Six words gets you about 77.5 bits· enough to survive offline cracking, and a lot easier to remember than a random string of characters.

Where does the list come from?

It's the EFF large wordlist for passphrases, published 2016-07-18 under CC-BY-3.0. A copy lives in this site's repository at /wordlists/eff_large_wordlist-v1.txt, and its SHA-256 is pinned in the page source (addd35536511597a02fa0a9ff1e5284677b8883b83e986e43f15a3db996b903e). Your browser verifies that hash before drawing a single word; if the file on disk doesn't match, the generator refuses to run. Upstream source: eff.org/files/2016/07/18/eff_large_wordlist.txt.

How random is this, really?

Words are drawn with crypto.getRandomValues, the browser's cryptographically secure RNG. The code uses rejection sampling so the distribution over the 7,776 words stays exactly uniform; there is no Math.random anywhere, and nothing is seeded from anything predictable. After the first load the wordlist sits in your browser's Cache Storage, so revisiting the page makes no network request at all.

What the crack-time figures mean

The numbers above are average-case estimates for brute-forcing an unknown passphrase, given that the attacker already knows it's a diceware phrase of the shown length. The three rows cover the attacker profiles that tend to matter in practice: an online service throttling to ~10 guesses/sec; an offline attacker hammering a fast hash like NTLM at ~10¹¹ guesses/sec on a modern GPU; and an offline attacker up against a slow KDF like argon2 or bcrypt, which holds them to ~10⁴ guesses/sec if the parameters are sensible. Real attacker rates vary, so treat these as orders of magnitude, not precision figures.