Diceware is used to generate cryptographically strong passphrases. Don't let that frighten you away though, a passphrase is just a password made of words you can remember. It is based on the principle that truly random selection of words from a wordlist, can result in easily memorable passwords that are also extremely resistant to attack. Traditional Diceware uses rolls of physical dice, this application uses a strong random number generator in place of the dice. Passwords that are six words or longer are thought to be safe for any very high security applications.
There are words in your password,
resulting in ~
bits of entropy (~
12.92 bits/word
, ~10 bits/letter
, and ~5.16 bits/symbol
).
That many words equates to a total keyspace of ~
possible phrases
(7776^WordsInPhrase)
. An adversary might
get lucky and guess your phrase on the first try, though the chances
of that happening are very slim. On the other hand, the brute-force
attacker might be forced to try all of the keys in the keyspace to
finally find that the last guess was the correct one. On average, it
takes trying 50% of all phrases in the keyspace to find your phrase.
The time it takes to discover your passphrase is based on how many
guesses per second your attacker can muster. At the lower end in 2016
a small cluster of GPU's have
demonstrated the ability to crack
~350
billion hashes/second. A nation state actor like the
NSA
may be able to perform quadrillions/second. Conservatively assuming a professional adversary can guess
passwords at the rate of a
keys/second
(Edward Snowden
suggests being prepared for a Trillion guesses per second), an exhaustive brute-force search on 50% of the total keyspace
might take:
~ seconds
~ minutes
~ hours
~ days
~ years
~ x avg. lifespan
~ millenia
~ x age Universe
Click on one of the numbered passphrase generator buttons above. Click again to generate a totally new passphrase.
The + Word
or + Symbol
buttons will
enhance the strength of the existing passphrase.
For extra security you can manually roll physical dice (two or five die rolls for each symbol or word respectively) and enter the results to add a word to your passphrase.
Each word or symbol displayed is shown with the index number that was used to look it up in the diceware word list.
You can copy the generated passphrase from the copyable string on the page. You should store it somewhere safe and secure. You might want to write it down and refer to the written version until you can remember it.
Close your browser window once you're done so others can't discover your passphrase.
window.crypto.getRandomValues()
CSPRNG
that ships with modern browsers to get random bytes is used. You can
learn more about
window.crypto.getRandomValues()
and make your own determination as to its suitability. Many
cryptographic library authors are now targeting the browser
environment and most are using this API as their primary source of
entropy so you are in good company.
No security sensitive information such as your selected passphrase size, die rolls, or the generated passphrase ever leaves your browser or is logged anywhere. Ever. Once the initial page is loaded as static files everything is done locally in your browser. In fact, once you load this application in your browser you can turn off your network connection and it should work just fine. Of course these guarantess only apply if you are viewing this page from a rempe.us domain. I don't suggest you use any other hosted version of this page unless you hosted it yourself.
You should ensure that:
The EFF word list provides a thoughtful word list that aligns with the goals of Diceware. Making memorable, harder to confuse, passphrases. Other word lists are provided, in various languages, for you to choose from.
Entropy is a measure of the uncertainty or randomness of a system. The concept is a difficult one to grasp fully and is confusing, even to experts. Strictly speaking, any given passphrase has an entropy of zero because it is already chosen. It is the method you use to randomly select your passphrase that has entropy. Entropy tells how hard it will be to guess the passphrase itself even if an attacker knows the method you used to select your passphrase. A passphrase is more secure if it is selected using a method that has more entropy.
Entropy is measured in bits. The outcome of a single coin toss -- "heads or tails" -- has one bit of entropy.
Each standard Diceware word is assigned ~12.92 bits of entropy
(Math.log2(7776)
), each special character added is
~5.16 bits (Math.log2(36)
). The total is the sum of the
entropy in each full word or special character.
Yes! The source code is
available on Github. Its a simple static HTML application and you can clone and run it
by opening the index.html
file in your browser. When
run locally it should work when your computer is completely offline.
The latest commits in the git repository are signed with my
public code signing key.
Yes, I believe so.