Documentation
How to use this tool, practical use cases, and technical notes.
Generating a secure Diceware passphrase takes less than 60 seconds. Here is a complete step-by-step guide covering every configuration option and how to get the most out of each setting.
Step 1 — Set Your Word Count
The Word Count slider (range: 4–12 words) is the single most important security control in the tool. Every additional word multiplies the passphrase's entropy by the size of the wordlist, dramatically increasing resistance to brute-force attacks.
Word Count | Approximate Entropy | Security Level | Recommended For |
|---|---|---|---|
4 words | ~52 bits | Minimum | Low-value, non-critical accounts |
5 words | ~65 bits | Moderate | Standard personal accounts |
6 words | ~77 bits | Recommended | Most accounts; password manager master key |
7 words | ~90 bits | High | Financial accounts, work credentials |
8 words | ~103 bits | Very High | Admin accounts, VPN access, server root |
10 words | ~129 bits | Maximum practical | Encrypted disk/vault keys, GPG private key |
12 words | ~155 bits | Extreme | Long-term cryptographic key material |
NIST guideline: NIST SP 800-63B recommends at least 64 bits of entropy for memorized secrets in high-assurance scenarios — satisfied by 5 words or more.
Step 2 — Set Generate Count
The Generate Count option controls how many passphrases are produced in a single click. Use this when:
You want to choose your favorite from multiple options
You are generating credentials for several accounts at once
You want to compare entropy across passphrases
You are running a security awareness workshop and need a set of examples
Generating multiple passphrases does not reduce security — each is independently drawn from the CSPRNG.
Step 3 — Choose a Separator
The separator determines how words are joined in the final passphrase. This affects both usability and compatibility with systems that have character restrictions.
Separator | Example Output | Best For |
|---|---|---|
Space (default) |
| Most password fields; password managers |
Hyphen |
| Systems that disallow spaces; URLs |
Underscore |
| Technical credentials; API keys |
Dot |
| Formatted credentials; some CLI tools |
Slash |
| Unix-style credential formatting |
Pipe |
| Command-line contexts |
Exclamation |
| Satisfies symbol requirements |
At |
| Email-style formatting |
Hash |
| Satisfies symbol requirements |
Dollar |
| Satisfies symbol requirements |
Pro tip: If a system requires at least one special character, use a symbol separator (!, @, #, $) instead of enabling the "Include Symbols" toggle — this keeps the passphrase cleaner and more memorable while satisfying the character class requirement.
Step 4 — Configure Additional Options
Three optional toggles allow you to augment the base Diceware passphrase with extra complexity:
Include Numbers Appends or inserts random digits into the passphrase. Useful when a system mandates at least one numeric character. Adds marginal entropy on top of the already-high word-based entropy.
Include Symbols Adds special characters (e.g., !, @, #, $, %) to the passphrase. Useful for systems that enforce symbol requirements in their password policy. Like numbers, this adds a small entropy boost on top of the word selection.
Capitalize Words Applies Title Case to each word (e.g., Comet Lunar Vague Orbit). Helps satisfy uppercase character requirements and can improve readability when words run together. Also adds a small entropy increment since the capitalization pattern is randomized.
Option | Entropy Boost | When to Enable |
|---|---|---|
Include Numbers | +3–6 bits | System mandates numeric characters |
Include Symbols | +4–7 bits | System mandates symbol characters |
Capitalize Words | +1–3 bits | System mandates uppercase; improves readability |
All three combined | +8–16 bits | Strict password policies; adds ~1 extra word worth of entropy |
Step 5 — Click "Generate Passphrases"
Click the Generate Passphrases button. The tool immediately:
Calls
crypto.getRandomValues()to simulate dice rollsMaps each set of five "die rolls" to a word in the EFF-derived wordlist
Joins words with your chosen separator
Applies any number, symbol, or capitalization overlays
Calculates and displays entropy in bits
Calculates and displays estimated time-to-crack
Shows the raw dice roll values used (for transparency and independent verification)
Step 6 — Review the Security Metrics
Each generated passphrase displays three key metrics:
Entropy (bits): The mathematical measure of unpredictability. Higher is better. See the table in Step 1 for interpretation.
Time to Crack: An estimated time for an attacker to crack the passphrase using brute force, calculated at 1 billion (10⁹) guesses per second — representative of consumer GPU cracking hardware (e.g., a high-end NVIDIA GPU running Hashcat).
Entropy | Time to Crack at 1B guesses/sec | Verdict |
|---|---|---|
< 40 bits | Seconds to minutes | Dangerously weak |
40–55 bits | Hours to months | Below modern standard |
56–70 bits | Decades | Acceptable for low-risk |
71–90 bits | Millions of years | Strong |
91–110 bits | Billions of years | Very strong |
111+ bits | Longer than age of universe | Overkill for most purposes |
Dice Rolls: The actual simulated die values used to select each word. You can use these to independently verify the word selection against the EFF Long Wordlist — confirming that the tool is not manipulating output.
Step 7 — Copy and Store Securely
Click the copy button next to your chosen passphrase to copy it to your clipboard. Immediately paste it into your target system or password manager. Best practice:
Do not write it on paper unless storing that paper securely
Do not email or message it to yourself in plaintext
Store it in a password manager (ironic as it sounds, this is the right approach for passphrases used on accounts other than the password manager itself)
For password manager master passphrases: memorize it through repeated typing over 5–10 sessions
Generating a secure Diceware passphrase takes less than 60 seconds. Here is a complete step-by-step guide covering every configuration option and how to get the most out of each setting.
Step 1 — Set Your Word Count
The Word Count slider (range: 4–12 words) is the single most important security control in the tool. Every additional word multiplies the passphrase's entropy by the size of the wordlist, dramatically increasing resistance to brute-force attacks.
Word Count | Approximate Entropy | Security Level | Recommended For |
|---|---|---|---|
4 words | ~52 bits | Minimum | Low-value, non-critical accounts |
5 words | ~65 bits | Moderate | Standard personal accounts |
6 words | ~77 bits | Recommended | Most accounts; password manager master key |
7 words | ~90 bits | High | Financial accounts, work credentials |
8 words | ~103 bits | Very High | Admin accounts, VPN access, server root |
10 words | ~129 bits | Maximum practical | Encrypted disk/vault keys, GPG private key |
12 words | ~155 bits | Extreme | Long-term cryptographic key material |
NIST guideline: NIST SP 800-63B recommends at least 64 bits of entropy for memorized secrets in high-assurance scenarios — satisfied by 5 words or more.
Step 2 — Set Generate Count
The Generate Count option controls how many passphrases are produced in a single click. Use this when:
You want to choose your favorite from multiple options
You are generating credentials for several accounts at once
You want to compare entropy across passphrases
You are running a security awareness workshop and need a set of examples
Generating multiple passphrases does not reduce security — each is independently drawn from the CSPRNG.
Step 3 — Choose a Separator
The separator determines how words are joined in the final passphrase. This affects both usability and compatibility with systems that have character restrictions.
Separator | Example Output | Best For |
|---|---|---|
Space (default) |
| Most password fields; password managers |
Hyphen |
| Systems that disallow spaces; URLs |
Underscore |
| Technical credentials; API keys |
Dot |
| Formatted credentials; some CLI tools |
Slash |
| Unix-style credential formatting |
Pipe |
| Command-line contexts |
Exclamation |
| Satisfies symbol requirements |
At |
| Email-style formatting |
Hash |
| Satisfies symbol requirements |
Dollar |
| Satisfies symbol requirements |
Pro tip: If a system requires at least one special character, use a symbol separator (!, @, #, $) instead of enabling the "Include Symbols" toggle — this keeps the passphrase cleaner and more memorable while satisfying the character class requirement.
Step 4 — Configure Additional Options
Three optional toggles allow you to augment the base Diceware passphrase with extra complexity:
Include Numbers Appends or inserts random digits into the passphrase. Useful when a system mandates at least one numeric character. Adds marginal entropy on top of the already-high word-based entropy.
Include Symbols Adds special characters (e.g., !, @, #, $, %) to the passphrase. Useful for systems that enforce symbol requirements in their password policy. Like numbers, this adds a small entropy boost on top of the word selection.
Capitalize Words Applies Title Case to each word (e.g., Comet Lunar Vague Orbit). Helps satisfy uppercase character requirements and can improve readability when words run together. Also adds a small entropy increment since the capitalization pattern is randomized.
Option | Entropy Boost | When to Enable |
|---|---|---|
Include Numbers | +3–6 bits | System mandates numeric characters |
Include Symbols | +4–7 bits | System mandates symbol characters |
Capitalize Words | +1–3 bits | System mandates uppercase; improves readability |
All three combined | +8–16 bits | Strict password policies; adds ~1 extra word worth of entropy |
Step 5 — Click "Generate Passphrases"
Click the Generate Passphrases button. The tool immediately:
Calls
crypto.getRandomValues()to simulate dice rollsMaps each set of five "die rolls" to a word in the EFF-derived wordlist
Joins words with your chosen separator
Applies any number, symbol, or capitalization overlays
Calculates and displays entropy in bits
Calculates and displays estimated time-to-crack
Shows the raw dice roll values used (for transparency and independent verification)
Step 6 — Review the Security Metrics
Each generated passphrase displays three key metrics:
Entropy (bits): The mathematical measure of unpredictability. Higher is better. See the table in Step 1 for interpretation.
Time to Crack: An estimated time for an attacker to crack the passphrase using brute force, calculated at 1 billion (10⁹) guesses per second — representative of consumer GPU cracking hardware (e.g., a high-end NVIDIA GPU running Hashcat).
Entropy | Time to Crack at 1B guesses/sec | Verdict |
|---|---|---|
< 40 bits | Seconds to minutes | Dangerously weak |
40–55 bits | Hours to months | Below modern standard |
56–70 bits | Decades | Acceptable for low-risk |
71–90 bits | Millions of years | Strong |
91–110 bits | Billions of years | Very strong |
111+ bits | Longer than age of universe | Overkill for most purposes |
Dice Rolls: The actual simulated die values used to select each word. You can use these to independently verify the word selection against the EFF Long Wordlist — confirming that the tool is not manipulating output.
Step 7 — Copy and Store Securely
Click the copy button next to your chosen passphrase to copy it to your clipboard. Immediately paste it into your target system or password manager. Best practice:
Do not write it on paper unless storing that paper securely
Do not email or message it to yourself in plaintext
Store it in a password manager (ironic as it sounds, this is the right approach for passphrases used on accounts other than the password manager itself)
For password manager master passphrases: memorize it through repeated typing over 5–10 sessions