Diceware Passphrase Generator
Create a passphrase that is easy to remember but very hard to guess. This tool picks whole words at random from a list of over three thousand, the diceware method, so each word adds real entropy while the result still reads like a phrase you can recall. Choose how many words, the separator between them, and whether to capitalize words or add a number. The strength estimate shows the entropy in bits and how long a fast offline attack would take. Everything is generated in your browser using your device's secure randomness, so no passphrase is ever sent anywhere.
How to generate a diceware passphrase
- Choose how many words you want, usually six for strong security.
- Pick a separator and turn on capitals or a number if you like.
- Press Generate, then copy the passphrase. Regenerate until one sticks.
Examples
A six-word passphrase
6 words, hyphen separator
harbor-melon-cactus-velvet-anchor-puzzle
Frequently asked questions
What is a diceware passphrase?
Diceware is a method for building a passphrase by choosing whole words at random from a fixed list, originally by rolling dice. Because each word is picked uniformly from a large list, the passphrase is easy to remember yet has a precise, high amount of entropy, making it very hard to guess or brute force.
How many words should I use?
Six words is a strong, widely recommended default and is hard for any attacker to crack. Use five for low-stakes accounts and seven or more for high-value secrets like a password manager master password. The strength estimate updates as you change the count.
Is this more secure than a random character password?
For the same entropy, both are equally strong, but a diceware passphrase is far easier to remember and type. A six-word passphrase from this list carries roughly seventy bits of entropy, which is more than most random twelve-character passwords and much easier to recall.
Are these passphrases generated securely?
Yes. They are generated entirely in your browser and never sent to a server, so nothing is logged or transmitted. The word choices come from your device's randomness, and no passphrase you generate ever leaves your machine.
What do the entropy bits and crack time mean?
Entropy in bits measures how unpredictable the passphrase is: each extra bit doubles the number of possibilities. The crack time estimates how long an attacker guessing ten billion times per second would need on average, which is why more words and a longer passphrase push the estimate to centuries or beyond.
Related tools
Password Generator
Generate strong, random passwords online. Choose length, letters, digits, symbols and skip look-alike characters. Created in your browser, never stored.
Password Strength Checker
Check how strong your password is. See its entropy in bits, an estimated crack time and tips to improve it. Runs in your browser, never stored.
AES Encryption
Encrypt and decrypt text with AES-GCM and a password. Uses 256-bit keys derived with PBKDF2, runs entirely in your browser, and nothing is uploaded.
CSP Analyzer
Paste a Content-Security-Policy header and get it parsed into directives and audited for weaknesses, with severity and fixes. Runs in your browser.
CVSS Calculator
Calculate a CVSS v3.1 base score and severity from the eight base metrics. Build the vector string and see how each choice moves the score, in your browser.
Hash Identifier
Identify the likely hash algorithm of a string by its length, character set and prefix. Detects MD5, SHA, bcrypt and more. Runs in your browser.