copyable text with spaces or dashes

entropy stats

There are words in your password, resulting in ~ bits of entropy (~12.92 bits/word, ~10 bits/letter, and ~5.16 bits/symbol). That many words equates to a total keyspace of ~ possible phrases (7776^WordsInPhrase). An adversary might get lucky and guess your phrase on the first try, though the chances of that happening are very slim. On the other hand, the brute-force attacker might be forced to try all of the keys in the keyspace to finally find that the last guess was the correct one. On average, it takes trying 50% of all phrases in the keyspace to find your phrase. The time it takes to discover your passphrase is based on how many guesses per second your attacker can muster. At the lower end in 2016 a small cluster of GPU's have demonstrated the ability to crack ~350 billion hashes/second. A nation state actor like the NSA may be able to perform quadrillions/second. Conservatively assuming a professional adversary can guess passwords at the rate of a keys/second (Edward Snowden suggests being prepared for a Trillion guesses per second), an exhaustive brute-force search on 50% of the total keyspace might take:

~ seconds

~ minutes

~ hours

~ days

~ years

~ x avg. lifespan

~ millenia

~ x age Universe

Learn more about calculating entropy

Frequently Asked Questions

How do I use it?

Click on one of the numbered passphrase generator buttons above. Click again to generate a totally new passphrase.

The + Word or + Symbol buttons will enhance the strength of the existing passphrase.

For extra security you can manually roll physical dice (two or five die rolls for each symbol or word respectively) and enter the results to add a word to your passphrase.

Each word or symbol displayed is shown with the index number that was used to look it up in the diceware word list.

You can copy the generated passphrase from the copyable string on the page. You should store it somewhere safe and secure. You might want to write it down and refer to the written version until you can remember it.

Close your browser window once you're done so others can't discover your passphrase.

What inspired you to create this?

I have been using Diceware for several years but its kind of a hassle for everyday passphrases. I wanted something that was easy to use, and yet secure for all but the most extreme security needs. Micah Lee's excellent overview in his article entitled Passphrases That You Can Memorize — But That Even The NSA Can't Guess is a great read on the topic. For me, this is about 'scratching my own itch' and using a tool I know I can trust.

Is it safe?

It depends. Are you the target of a nation-state level adversary? If so, you should probably not use this and should instead use Diceware to roll real physical dice and look up the words from the wordlist manually. This is the official recommendation of the Diceware FAQ. As a normal person, even if you have high security needs like protecting long term cryptographic keys, you should be safe using this tool. Using real dice is the most secure way, but relying on the random number generator should be safe as well.

Does this use a cryptographically strong random number generator to choose the words?

The JavaScript window.crypto.getRandomValues() CSPRNG that ships with modern browsers to get random bytes is used. The Bytes output from the RNG are converted to die rolls with (BYTE % 6) + 1. You can learn more about window.crypto.getRandomValues() and make your own determination as to its suitability. Many cryptographic library authors are now targeting the browser environment and most are using this API as their primary source of entropy so you are in good company.

What URL should I be using to access this application?

The canonical link for this version is https://www.rempe.us/diceware/.

Does this application send any data anywhere?

No security sensitive information such as your selected passphrase size, die rolls, or the generated passphrase ever leaves your browser or is logged anywhere. Ever. Once the initial page is loaded as static files everything is done locally in your browser. In fact, once you load this application in your browser you can turn off your network connection and it should work just fine. Of course these guarantess only apply if you are viewing this page from a rempe.us domain. I don't suggest you use any other hosted version of this page unless you hosted it yourself.

In the spirit of complete transparency, there is one exception to the no data sent claim. I do run a privacy respecting instance of the Piwik web analytics software to track page view statistics for this page. Piwik is an open source analytics tool that I installed myself and maintain on a server that only I have access to. No log data leaves this private server. Piwik uses a tracking script to send usage data to that server so I can see for example how many people are visiting this page, roughly where in the world visits come from, and how long people stay on the page. I have configured this server to only retain data for a short time and using privacy preserving settings (e.g. obfuscating IP addresses). I went to considerable effort to set it up to avoid using Google Analytics which is not privacy protecting. You can of course remove this tracking Javascript from the head tag of the index.html file (I have comments to show you which two lines to remove) and host your own copy. You can also mitigate this by using a privacy blocker in your browser to block the piwik server (piwik.rempe.us) or by visiting this page using the Tor browser.

Where is the code for this application being served from?

The entire application is just HTML, JavaScript and CSS. There is no server side component and no database. All of the JavaScript and other assets are versioned in the repository and no code is served from outside of the repository.

How should I use this most safely?

You should ensure that:

  • You read about Diceware and understand the strengths and limitations of this approach.
  • Don't generate passphrases on a machine you don't own and control. No public machines!
  • Make sure no one else is in the room with you that can 'shoulder surf'.
  • You close the browser window, when you are done.
  • You always visit this site over a TLS (HTTPS) connection. This is enforced with HSTS. A non-TLS HTTP connection opens you up to trivial man-in-the-middle attack on the code or the wordlists.
  • You are using the latest version of a modern browser.

What is entropy?

Entropy is a measure of the uncertainty or randomness of a system. The concept is a difficult one to grasp fully and is confusing, even to experts. Strictly speaking, any given passphrase has an entropy of zero because it is already chosen. It is the method you use to randomly select your passphrase that has entropy. Entropy tells how hard it will be to guess the passphrase itself even if an attacker knows the method you used to select your passphrase. A passphrase is more secure if it is selected using a method that has more entropy.

Entropy is measured in bits. The outcome of a single coin toss -- "heads or tails" -- has one bit of entropy.

Arnold G. Reinhold - Diceware FAQ

How are you measuring entropy?

Each standard Diceware word is assigned ~12.92 bits of entropy (Math.log2(7776)), each special character added is ~5.16 bits (Math.log2(36)). The total is the sum of the entropy in each full word or special character.

Is the source code available and can I run my own copy locally?

Yes! The source code is available on Github. Its a simple static HTML application and you can clone and run it by opening the index.html file in your browser. When run locally it should work when your computer is completely offline. The latest commits in the git repository are signed with my public code signing key.

Would XKCD approve?

Yes, I believe so.

Who created this?