Generate a Diceware Passphrase
Generate passphrases using the Diceware method — a technique that uses dice rolls to select words from a 7,776-word list. Understand the math behind Diceware security and its real-world applications.
Detailed Explanation
The Diceware Method
Diceware is a passphrase generation method created by Arnold Reinhold in 1995. It uses physical dice to select words from a specially designed wordlist containing exactly 7,776 entries (6^5 = 7,776, representing all possible five-dice combinations).
How Diceware Works
- Roll five dice (or one die five times) to get a 5-digit number
- Look up the number in the Diceware wordlist
- Repeat for each word you want in the passphrase
Example:
Roll: 1-6-2-3-4 → "apple"
Roll: 3-5-1-2-6 → "hammer"
Roll: 4-2-4-5-1 → "ocean"
Roll: 5-3-1-6-2 → "plaza"
Roll: 2-4-1-5-3 → "tiger"
Passphrase: apple hammer ocean plaza tiger
Digital Diceware
While the original method uses physical dice, a cryptographically secure random number generator (CSPRNG) provides equivalent randomness. The Web Crypto API's crypto.getRandomValues() is suitable:
// Select a random index from 0 to 7775
const array = new Uint32Array(1);
crypto.getRandomValues(array);
const index = array[0] % 7776;
Security Analysis
Each word provides log2(7776) = 12.9 bits of entropy:
| Words | Entropy | Crack Time (1T/sec) |
|---|---|---|
| 4 | 51.7 bits | ~26 days |
| 5 | 64.6 bits | ~584 years |
| 6 | 77.5 bits | ~4.5 million years |
| 7 | 90.5 bits | ~35 billion years |
At a rate of one trillion guesses per second, a 6-word Diceware passphrase would take millions of years to crack.
Diceware Wordlist Characteristics
The official Diceware wordlist is designed with specific properties:
- Short words — most are 3-6 letters for easy typing
- Common words — easy to recognize and remember
- Unique spellings — no homophones or easily confused words
- No offensive words — safe for professional use
Enhanced Diceware
Some users add extra security measures:
- Extra symbol: add a random symbol between two words
- Random capitalization: capitalize one random word
- Extra digit: append a random digit
- These add a few extra bits of entropy without significantly hurting memorability
Use Case
Diceware is recommended by the Electronic Frontier Foundation (EFF) and is used for master passwords, full-disk encryption passphrases, and any scenario where a human must memorize a high-security credential without writing it down. The physical dice option is valued in high-security environments where software randomness is questioned.