In 1995, Arnold Reinhold published a simple method for generating truly random, memorable passphrases using nothing but a dictionary list and a physical die. Nearly thirty years later, Diceware remains one of the most cryptographically sound approaches to human-memorisable passwords ever devised.
How Diceware works
The EFF's Diceware wordlist contains 7,776 words — exactly 6⁵, the number of outcomes from rolling a six-sided die five times. To pick a word, roll a die five times and concatenate the results (e.g. 3-1-4-5-2 = 31452). Look up that number in the wordlist. Repeat for each word in your passphrase.
The beauty is in the math: every word is chosen with equal probability from 7,776 candidates, using a physical process that can't be predicted or biased by human psychology.
The entropy per word
log₂(7776) ≈ 12.9 bits per word. Four words: ~52 bits. Five words: ~65 bits. Six words: ~78 bits. At six words, even an attacker capable of a trillion guesses per second would need thousands of years to exhaust the possibility space by brute force.
💡 Five vs six words? Five words is fine for most purposes. Use six for your password manager master password or anything that will never change and protects everything else.
The EFF wordlist improvement
The original Reinhold wordlist contained some obscure and hard-to-spell words. In 2016, the Electronic Frontier Foundation published an improved wordlist specifically designed for memorability — words that are common, concrete, and easy to visualise. This is the list our generator draws from.
Physical dice vs digital generation
Physical dice are theoretically purer — no software, no random number generator to trust. But a cryptographically secure pseudo-random number generator (CSPRNG), like the one used in our generator and in most operating systems, is indistinguishable from true randomness for this purpose. The practical security difference is zero.
When to use Diceware vs a random password
- Use Diceware/passphrase for passwords you must memorise: manager master password, computer login, encrypted drive
- Use a random password for everything stored in your manager — higher entropy per character, no memorisation needed
✅ Try it: Use our passphrase generator set to six words. That passphrase will be stronger than any password you've ever manually created — and with a bit of practice, easier to remember too.