OnSumo Tools

Diceware Passphrase Generator

This tool generates Diceware passphrases entirely in your browser using cryptographically random word selection from the official EFF long wordlist. Choose how many words (4 to 8), and the tool produces a passphrase with calculated entropy and estimated crack time. No passphrase is stored, logged, or sent to any server. The tool is free, requires no login, and works offline once the page loads.

Passphrases are generated in your browser and are never saved or sent to a server. Copy them into your password manager right away.

Passphrase

comrade fiddling kitchen synopsis diagnosis endowment

Excellent77.5 bits

Wordlist size: 7776 · Crack time at 1012 guesses/s: 70 centuries

Words and dice rolls

DiceWord
16453comrade
26565fiddling
35426kitchen
61525synopsis
23225diagnosis
25325endowment

How this tool works

The Diceware passphrase generator creates random passphrases by selecting words from the EFF Large Wordlist (7,776 entries, covering all outcomes of 5 six-sided dice) using a cryptographically secure random number generator. Passphrase entropy is calculated as: Entropy (bits) = Word Count x log2(Wordlist Size). A 6-word passphrase from the 7,776-word list yields 6 x 12.92 = 77.5 bits of entropy, which would require over 1 billion years to brute-force at 10^12 guesses per second. The tool uses window.crypto.getRandomValues for all random index selection, ensuring the source entropy is cryptographically appropriate. Passphrases are displayed with configurable separators (space, hyphen, period, or none). Entropy bits and an estimated offline crack time are shown for each generated passphrase. Key assumption: all passphrase generation runs entirely in the browser. No passphrase or entropy data is transmitted to any server. Edge case: some services impose character limits that prevent 6-word passphrases. Adding a seventh word contributes 12.92 additional entropy bits -- equivalent to extending a random alphanumeric password by roughly 2 characters. If a system's character limit forces you below 6 words, the tool recalculates entropy for the shorter phrase and warns when it falls below 60 bits (the rough threshold where offline attacks become feasible within years rather than centuries).

Worked example

Six words from the EFF long list (7776 words) gives about 77.5 bits of entropy. Twelve words doubles that to about 155 bits, which is far beyond practical brute force at a trillion guesses per second.

Related tools

Frequently asked questions

  • What is the Diceware method?

    Diceware was invented by Arnold Reinhold in 1995. The original method uses physical six-sided dice: roll five dice to get a 5-digit number (each die produces a 1-6 digit, giving numbers from 11111 to 66666), then look up the corresponding word in a numbered wordlist with 7,776 entries. Repeat for each word in your passphrase. The result is a passphrase whose randomness comes entirely from physical dice rolls that no computer can predict or intercept. This tool uses the browser's crypto.getRandomValues() as an equivalent source of entropy.

  • Which wordlist does this tool use?

    The EFF (Electronic Frontier Foundation) long wordlist, published in 2016. It contains 7,776 words specifically chosen to be: unambiguous when spoken aloud, not offensive or obscure, and free of words that look similar to each other. The EFF list replaced Reinhold's original 1995 list, which contained some confusing words and proper nouns. The EFF long list is the current standard recommendation for Diceware passphrases.

  • How many words do I need?

    The EFF recommends at least 6 words for long-term security. 5 words (64.6 bits) is sufficient for most accounts if you also use two-factor authentication. 4 words (51.7 bits) is borderline for a password that will be targeted by an offline attack. For master passwords protecting other passwords (KeePass, Bitwarden), use 6 words or more.

  • Is a passphrase stronger than a random character password?

    It depends on the length. A 5-word Diceware passphrase has 64.6 bits of entropy. A random 11-character password using all 95 printable ASCII characters has 11 * log2(95) = 72.3 bits. So a character password is more entropy-dense (bits per character), but a passphrase is easier to remember and type correctly. For most people, a 6-word passphrase is a better security-usability tradeoff than a 12-character random password they will inevitably write down or forget.

  • Can I add numbers or symbols to a Diceware passphrase?

    You can, but it is not necessary if you use enough words. Adding a symbol and digit to a 5-word passphrase increases entropy by log2(95/7776) per substitution, which is actually negative (symbols reduce the effective wordlist size). The better approach is to add a 6th word instead of symbols. If a site requires a symbol, simply append one at the end; do not try to integrate it into the words.

  • Is the generated passphrase stored anywhere?

    No. The passphrase is generated entirely in your browser using the EFF wordlist bundled in the page. No words, indices, or passphrases are sent to any server. The wordlist is downloaded once when you first load the page; after that, the tool works fully offline. Verify this by disconnecting from the internet and refreshing: the tool continues to function.