Diceware is a method for building strong, memorable passphrases by choosing random words from a fixed list. Originally you rolled physical dice to index the list; here the browser's cryptographic random generator does the same job without bias.

How is the randomness generated?

Words are selected with crypto.getRandomValues from the Web Crypto API, using rejection sampling so every word has an exactly equal chance. This avoids the modulo bias that a naive random % listSize would introduce.

How much entropy does each word add?

Each word adds log2 of the list size in bits. The tool reports the exact figure for the embedded list, so you can see your total entropy — a 6-word passphrase from a 770-word list is roughly 57 bits, and longer lists or more words push it higher.

How many words should I use?

For most accounts, 5–6 words is a strong, memorable choice. For high-value secrets like a master password or disk-encryption key, use 7 or more words to comfortably exceed 70 bits of entropy.

Is the passphrase sent anywhere?

No. The word list is embedded in the page and all generation happens locally with the browser's crypto API. The passphrase is never transmitted, logged, or stored, so it is safe to use as a real credential.

Diceware Passphrase Generator

A Diceware passphrase is a sequence of random words — like border-acorn-blizzard-anvil — that is both easy to remember and hard to guess. Because the words are chosen at random from a known list, the strength is exactly quantifiable, unlike a password you invent yourself. This generator uses the browser’s cryptographic random source and an embedded word list, so nothing ever leaves your device.

How it works

The generator follows the standard Diceware model with one important correctness detail:

For each word, it draws a uniformly random index into the list using crypto.getRandomValues.
To avoid modulo bias, it uses rejection sampling: it discards any raw 32-bit value above the largest exact multiple of the list size, then takes the remainder. This keeps every word equally likely.
Entropy is wordCount × log2(listSize) bits, reported live so you can see the strength of the exact passphrase you generated.
Optional formatting — separator, capitalisation, and a single appended digit — is applied without reducing the word-selection entropy.

Tips and notes

Entropy comes from the random word choice, not the formatting. Capitalising the first letter of every word adds almost nothing, because an attacker knows the pattern; it only helps satisfy a site’s character-class rule.
Resist the urge to swap a “boring” word for one you like — manual editing breaks the randomness guarantee and lowers entropy.
A passphrase is only as safe as where you store it. Generate it offline here, then save it in a reputable password manager rather than a note file.
The bits-per-word figure scales with the list: a longer embedded list raises entropy per word. The tool always shows the real number for the list it shipped with, so the strength you see is honest.