Security Tools

Passphrase Generator (Diceware style)

Generate cryptographically secure passphrases using the Diceware method with true random dice rolls. Perfect for creating memorable yet highly secure passphrases.

intermediate2-5 minutesRuns in your browser
passphrasedicewaresecuritygenerator

Interactive workspace

Inputs stay on your device — nothing is sent to our servers unless you choose to share.

Client-side only

Passphrase Settings

Diceware Method

This tool uses the Diceware method to generate cryptographically secure passphrases. Each word is selected using true random dice rolls, providing high entropy and memorability. The passphrases are generated entirely in your browser for maximum security.

Documentation

How to use this tool, practical use cases, and technical notes.

Generating a secure Diceware passphrase takes less than 60 seconds. Here is a complete step-by-step guide covering every configuration option and how to get the most out of each setting.

Step 1 — Set Your Word Count

The Word Count slider (range: 4–12 words) is the single most important security control in the tool. Every additional word multiplies the passphrase's entropy by the size of the wordlist, dramatically increasing resistance to brute-force attacks.

Word Count

Approximate Entropy

Security Level

Recommended For

4 words

~52 bits

Minimum

Low-value, non-critical accounts

5 words

~65 bits

Moderate

Standard personal accounts

6 words

~77 bits

Recommended

Most accounts; password manager master key

7 words

~90 bits

High

Financial accounts, work credentials

8 words

~103 bits

Very High

Admin accounts, VPN access, server root

10 words

~129 bits

Maximum practical

Encrypted disk/vault keys, GPG private key

12 words

~155 bits

Extreme

Long-term cryptographic key material

NIST guideline: NIST SP 800-63B recommends at least 64 bits of entropy for memorized secrets in high-assurance scenarios — satisfied by 5 words or more.

Step 2 — Set Generate Count

The Generate Count option controls how many passphrases are produced in a single click. Use this when:

  • You want to choose your favorite from multiple options

  • You are generating credentials for several accounts at once

  • You want to compare entropy across passphrases

  • You are running a security awareness workshop and need a set of examples

Generating multiple passphrases does not reduce security — each is independently drawn from the CSPRNG.

Step 3 — Choose a Separator

The separator determines how words are joined in the final passphrase. This affects both usability and compatibility with systems that have character restrictions.

Separator

Example Output

Best For

Space (default)

comet lunar vague orbit

Most password fields; password managers

Hyphen -

comet-lunar-vague-orbit

Systems that disallow spaces; URLs

Underscore _

comet_lunar_vague_orbit

Technical credentials; API keys

Dot .

comet.lunar.vague.orbit

Formatted credentials; some CLI tools

Slash /

comet/lunar/vague/orbit

Unix-style credential formatting

Pipe |

comet|lunar|vague|orbit

Command-line contexts

Exclamation !

comet!lunar!vague!orbit

Satisfies symbol requirements

At @

comet@lunar@vague@orbit

Email-style formatting

Hash #

comet#lunar#vague#orbit

Satisfies symbol requirements

Dollar $

comet$lunar$vague$orbit

Satisfies symbol requirements

Pro tip: If a system requires at least one special character, use a symbol separator (!, @, #, $) instead of enabling the "Include Symbols" toggle — this keeps the passphrase cleaner and more memorable while satisfying the character class requirement.

Step 4 — Configure Additional Options

Three optional toggles allow you to augment the base Diceware passphrase with extra complexity:

Include Numbers Appends or inserts random digits into the passphrase. Useful when a system mandates at least one numeric character. Adds marginal entropy on top of the already-high word-based entropy.

Include Symbols Adds special characters (e.g., !, @, #, $, %) to the passphrase. Useful for systems that enforce symbol requirements in their password policy. Like numbers, this adds a small entropy boost on top of the word selection.

Capitalize Words Applies Title Case to each word (e.g., Comet Lunar Vague Orbit). Helps satisfy uppercase character requirements and can improve readability when words run together. Also adds a small entropy increment since the capitalization pattern is randomized.

Option

Entropy Boost

When to Enable

Include Numbers

+3–6 bits

System mandates numeric characters

Include Symbols

+4–7 bits

System mandates symbol characters

Capitalize Words

+1–3 bits

System mandates uppercase; improves readability

All three combined

+8–16 bits

Strict password policies; adds ~1 extra word worth of entropy

Step 5 — Click "Generate Passphrases"

Click the Generate Passphrases button. The tool immediately:

  1. Calls crypto.getRandomValues() to simulate dice rolls

  2. Maps each set of five "die rolls" to a word in the EFF-derived wordlist

  3. Joins words with your chosen separator

  4. Applies any number, symbol, or capitalization overlays

  5. Calculates and displays entropy in bits

  6. Calculates and displays estimated time-to-crack

  7. Shows the raw dice roll values used (for transparency and independent verification)

Step 6 — Review the Security Metrics

Each generated passphrase displays three key metrics:

Entropy (bits): The mathematical measure of unpredictability. Higher is better. See the table in Step 1 for interpretation.

Time to Crack: An estimated time for an attacker to crack the passphrase using brute force, calculated at 1 billion (10⁹) guesses per second — representative of consumer GPU cracking hardware (e.g., a high-end NVIDIA GPU running Hashcat).

Entropy

Time to Crack at 1B guesses/sec

Verdict

< 40 bits

Seconds to minutes

Dangerously weak

40–55 bits

Hours to months

Below modern standard

56–70 bits

Decades

Acceptable for low-risk

71–90 bits

Millions of years

Strong

91–110 bits

Billions of years

Very strong

111+ bits

Longer than age of universe

Overkill for most purposes

Dice Rolls: The actual simulated die values used to select each word. You can use these to independently verify the word selection against the EFF Long Wordlist — confirming that the tool is not manipulating output.

Step 7 — Copy and Store Securely

Click the copy button next to your chosen passphrase to copy it to your clipboard. Immediately paste it into your target system or password manager. Best practice:

  • Do not write it on paper unless storing that paper securely

  • Do not email or message it to yourself in plaintext

  • Store it in a password manager (ironic as it sounds, this is the right approach for passphrases used on accounts other than the password manager itself)

  • For password manager master passphrases: memorize it through repeated typing over 5–10 sessions