Security

Passphrase generator

Create memorable diceware-style passphrases: several random words picked with cryptographic randomness. Easy to remember, very hard to crack. With real entropy shown.

Instant🔒In your browserNo signup
Live
4

🔒 Everything is generated in your browser with cryptographic randomness. Nothing is sent to any server.

Why a word passphrase beats a "complex" password

For years we were told to build passwords like Tr0ub4dor&3: short, with symbols and substitutions. The problem is they are hard for humans to remember and easy for machines to crack. A passphrase flips that logic: it uses several real words chosen at random, like sky-dog-table-wind. It is long (which is what matters for security) and memorable (which is what matters for you).

The technical key is entropy: how many possible combinations exist. Four random words from a list of 256 give 256⁴ ≈ 4.3 billion combinations. Decorations like swapping an a for an @ add very little entropy, because attackers know those tricks and try them first.

The famous "correct horse battery staple"

The idea went mainstream with the webcomic XKCD #936, titled Password Strength. It compares Tr0ub4dor&3 (about 28 bits of entropy, hard to remember) against correct horse battery staple (four common words, about 44 bits, easy to remember). The punchline that stuck: "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess." This tool generates exactly that kind of passphrase, with real cryptographic randomness.

What diceware is

Diceware is a method published in 1995 by Arnold Reinhold. You roll five dice, note the result (say 3-1-6-2-4) and look that combination up in a numbered word list. You repeat for every word you want. The beauty is that each word is chosen with true physical randomness, not something that just "looks random". This generator replaces the dice with crypto.getRandomValues(), the browser's cryptographic randomness source, which is the recommended one for anything security-related.

How we calculate entropy

The formula is direct. If the list has N words and you pick k words at random (with repetition allowed), the entropy in bits is:

bits = k × log2(N)

With our 256-word list, log2(256) = 8, so each word adds exactly 8 bits. On top of that we add the extras: turning on "append a number" adds about 3.3 bits (one digit 0–9), and capitalizing each word adds k bits (one upper/lower choice per word). The number you see on screen is the total entropy of your specific passphrase.

When to use more words

Not every account is worth the same. For forums or minor services, 4 words is plenty. For your main email, your password manager or a crypto wallet, go up to 5 or 6: every extra word multiplies the attacker's effort by 256. And remember the golden rule: a different passphrase per account. If you reuse and one leaks, they all fall. The ideal is to use this tool for the master passphrase of a password manager, and let the manager generate and store the rest.

Reference: words and entropy

With a 256-word list (log2 = 8 bits per word), no extras:

WordsCombinationsEntropyLevel
3256³ ≈ 16.7 million24 bitsWeak
4256⁴ ≈ 4.3 billion32 bitsAcceptable
5256⁵ ≈ 1.1 trillion40 bitsGood
6256⁶ ≈ 281 trillion48 bitsVery good
7256⁷ ≈ 72 quadrillion56 bitsStrong
8256⁸ ≈ 1.8 × 10¹⁹64 bitsVery strong

Crack times assume a fast attacker trying 100 billion guesses per second (modern hardware against fast hashes). With slow, well-designed hashes the real time is much longer.

FAQ

What is a passphrase?

A password made of several random words, like "sky-dog-table-wind": easy to remember and hard to guess because it is long.

Why is it safer than "P@ssw0rd!"?

Because it has more entropy (more possible combinations) and is easier to remember. Symbol tricks add little entropy since attackers already know them.

What is diceware?

A 1995 method for building passphrases by rolling dice and looking each result up in a word list. Here we use crypto.getRandomValues instead of dice.

How many words should I use?

4 for everyday accounts; 5 or 6 for critical ones (main email, manager, crypto). Each extra word multiplies the attacker's work.

Are my passphrases sent anywhere?

No. Everything is computed in your browser with the crypto API; the passphrase never leaves your device.

What is entropy in bits?

It measures the password's uncertainty. With our 256-word list, each word adds 8 bits; 4 words is 32 bits.

Should I add a number or capitals?

It helps a bit, especially when a site requires it. But adding another word helps far more than the decorations.

Can I reuse the same passphrase?

You should not: if one leaks, all are exposed. Use a different passphrase per account, ideally in a password manager.

Was this generator useful?