Diceware Passphrase Generator — How the Method Works (And a Free Online Version)

Diceware is the gold-standard method for generating secure passphrases — and it has been since 1995. The idea is simple: roll dice, look up words in a list, get a passphrase that's both genuinely random and easy to remember. This guide explains how the method works, why it's still the best approach 30 years later, and how to use a free in-browser version that needs no dice.

How Diceware actually works

The original Diceware method, invented by Arnold Reinhold:

1. Get five physical dice (or roll one die five times)
2. Roll the dice and read them in order: e.g., 4-2-6-1-5
3. Look up that 5-digit number in the Diceware word list (a list of 7776 numbered words)
4. Write down the matching word
5. Repeat 4-7 times for a 4-7 word passphrase
6. Join the words with a separator (dash, dot, space, etc.)

Example sequence:

Roll 1: 4-2-6-1-5 → "horse"
Roll 2: 1-6-3-4-2 → "battery"
Roll 3: 6-2-1-5-3 → "staple"
Roll 4: 3-5-2-6-1 → "tiger"
Roll 5: 2-4-1-3-6 → "moon"

Passphrase: horse-battery-staple-tiger-moon

Why dice?

Dice produce true randomness. Computer random number generators are usually pseudo-random — they look random but are deterministic if you know the seed. For ultra-paranoid use cases (long-term encryption keys, crypto wallets, anonymity tools), some users prefer physical dice because they don't trust software entropy.

For 99% of uses, a modern browser's crypto.getRandomValues() is genuinely random — it uses entropy from hardware sources (mouse movements, keystrokes, CPU jitter) and is suitable for cryptographic use. Diceware created with Web Crypto is just as secure as Diceware created with physical dice for normal threat models.

Why not just random characters?

Method	Example	Entropy	Memorability
10-char random	xK7$mP9!q2	~66 bits	Hard
12-char random	vN3@hT8&jY5w	~79 bits	Very hard
Diceware 5 words	horse-battery-staple-tiger-moon	~65 bits	Easy
Diceware 6 words	horse-battery-staple-tiger-moon-river	~78 bits	Easy
Diceware 7 words	horse-battery-staple-tiger-moon-river-bright	~90 bits	Moderate

A 5-word Diceware passphrase has roughly the same entropy as a 10-character random password — but it's dramatically easier to remember. That's the entire point of the method: equivalent security with vastly improved usability.

Entropy math, in detail

The original Diceware list has 7776 words (6^5 = 7776, the number of possible outcomes when rolling 5 six-sided dice). Each word picked from this list contributes log2(7776) ≈ 12.92 bits of entropy.

• 4 words: 51.7 bits
• 5 words: 64.6 bits
• 6 words: 77.5 bits
• 7 words: 90.4 bits
• 8 words: 103.4 bits

For comparison, common entropy targets:

• 50 bits: Resists offline brute force for ~1 year with current hardware
• 64 bits: Resists offline brute force for ~10,000 years (recommended minimum)
• 80 bits: Resists nation-state-level adversaries (recommended for long-term secrets)
• 128 bits: Cryptographically infeasible to brute force, ever

Diceware vs the Bison Passphrase Generator

The free Bison Passphrase Generator uses the same Diceware approach without requiring physical dice:

Aspect	Original Diceware	Bison Generator
Word list	7776 words	~2048 words (BIP-39 style)
Randomness source	Physical dice	Web Crypto API
Bits per word	~12.9	~11.0
5-word entropy	~65 bits	~55 bits
6-word entropy	~78 bits	~66 bits
7-word entropy	~90 bits	~77 bits
Speed	30-60 seconds per word	Instant
Required equipment	5 dice	Any browser

The Bison generator uses a slightly smaller word list (2048 words) which gives slightly fewer bits per word. To match the entropy of a 5-word original Diceware passphrase, use a 6-word Bison passphrase. The result is equally easy to remember and equally secure for normal threat models.

Is Diceware still the best method in 2026?

Yes. Three decades after its invention, Diceware-style passphrases are still recommended by:

• The Electronic Frontier Foundation (EFF) — publishes their own Diceware word list for tighter, more memorable words
• The U.S. National Institute of Standards and Technology (NIST) — SP 800-63B endorses long passphrases over short complex passwords
• Major password managers — 1Password, Bitwarden, KeePass all include Diceware-style passphrase generators
• Cryptocurrency wallets — BIP-39 seed phrases use the same approach (24 words for the actual seed)

When NOT to use Diceware

• When the password field has length limits. Some legacy systems cap at 12-16 characters, which forces character-based passwords.
• When the field requires special characters. Systems that mandate symbols force you to add them manually (the generator has a toggle for this).
• When you need a master password you'll type 50 times a day. Diceware passphrases are good but typing 5-7 words is slower than a memorized 10-character password.

How to use the Bison Passphrase Generator

1. Open the generator
2. Pick the number of words (5 is the default, 6+ for important accounts)
3. Pick a separator (dash works in most fields; space if the field allows it)
4. Optional: capitalize, add a number, add a symbol
5. Click Generate New until you get one you like
6. Copy and save in your password manager