wordlist

It's really simple. Just click on one of the random passphrase generator buttons above. This will allow you to generate passphrases that are 4,5,6,7, or 8 words long. Clicking any of these again will generate a totally new passphrase and your will never see the previous one again.

At any time you can click on the + Word or + Symbol buttons to add them to the existing passphrase.

Lastly, you can manually roll real dice (two or five dice rolls for each symbol or word) and enter the results of each set of rolls in the form and hit the return/enter key to add that word to your passphrase.

Each word or symbol displayed will also be shown with its index number that was used to look it up in the diceware word list in small text.

You can copy the generated passphrase from the copyable string on the page. You should store it somewhere safe and secure. You might want to write it down and refer to the written version until you can remember it which shouldn't take long.

Reload or close the browser tab once you are done so others can't discover your passphrase.

I have been using Diceware for several years but its kind of a hassle for everyday passphrases. I wanted something that was easy to use, and yet secure for all but the most extreme security needs. Micah Lee's excellent overview in his article entitled Passphrases That You Can Memorize — But That Even The NSA Can't Guess is a great read on the topic. For me, this is about 'scratching my own itch' and using a tool I know I can trust.

It depends. Are you the target of a nation-state level adversary? If so, you should probably not use this and should instead use Diceware to roll real physical dice and look up the words from the wordlist manually. This is the official recommendation of the Diceware FAQ. As a normal person, even if you have high security needs like protecting long term cryptographic keys, you should be safe using this tool. Using real dice is the most secure way, but relying on the random number generator should be safe as well.

The JavaScript window.crypto.getRandomValues() CSPRNG that ships with modern browsers to get random bytes is used. The Bytes output from the RNG are converted to die rolls with (BYTE % 6) + 1. You can learn more about window.crypto.getRandomValues() and make your own determination. Many cryptographic library authors are now targeting the browser environment and most are using this API as their primary source of entropy.

The canonical site for this version is currently hosted by Github using Github pages with a TLS certificate. You can find it at //grempe.github.io/diceware/. The original version by Ben Pritchard (@yesiamben) is still online at //www.diceware.net/. It does not (yet?) incorporate the security and UI changes I have made, nor is it served over an HTTPS connection. So I recommend using this version until that changes. From a security standpoint the major difference is the elimination of Math.random() as the source of random numbers which is not secure. Additionally this page's JavaScript and CSS files are totally self-contained and the site itself is served over a known good TLS connection which helps prevent MITM attacks on the code or the wordlists.

No! Once the initial page is loaded everything is done locally in your browser. None of the generated password information is sent anywhere. In fact, once you load this application in your browser you can turn off your network connection and it should work just fine.

The entire application is just HTML, JavaScript and CSS. There is no server side component and no database. All of the JavaScript and other assets are versioned in the repository and no code is served from outside of the repository. Tools like Jquery, and Bootstrap are not served from a Content Delivery Network (CDN), which would enhance performance but decrease the security of the application.

You should ensure that:

• You read about Diceware and understand the strengths and limitations of this approach.
• Don't generate passphrases on a machine you don't own and control. No public machines!
• Make sure no-one else is in the room and you are not being video recorded.
• Ensure you close the browser tab, or reload it, when you are done.
• You always visit this site over an HTTPS connection. A plain HTTP connection opens you up to trivial manipulation of the code or the wordlists by an attacker.
• You verify that the TLS certificate is valid.
• You are using the latest version of a modern browser.

Entropy is a measure of the uncertainty or randomness of a system. The concept is a difficult one to grasp fully and is confusing, even to experts. Strictly speaking, any given passphrase has an entropy of zero because it is already chosen. It is the method you use to randomly select your passphrase that has entropy. Entropy tells how hard it will be to guess the passphrase itself even if an attacker knows the method you used to select your passphrase. A passphrase is more secure if it is selected using a method that has more entropy.

Entropy is measured in bits. The outcome of a single coin toss -- "heads or tails" -- has one bit of entropy.

Each standard Diceware word is assigned ~12.92 bits of entropy (Math.log2(7776)), each special character added is ~5.16 bits (Math.log2(36)). The total is the sum of the entropy in each full word or special character.

Yes! The source code is available on Github. Its a simple static HTML application and you can clone and run it by opening the index.html file in your browser. When run locally it should word when your computer is completely offline.

Yes, I believe so.