Diceware is a method for generating passphrases developed by Arnold Reinhold in 1995. It uses five physical dice rolled simultaneously to produce a five-digit number (e.g. 43215), which is then looked up in a 7,776-word list to select a word. The process is repeated for each word in the passphrase — typically five or six times. The randomness comes from physical dice rolls, which are verifiably unpredictable. The resulting passphrase is a sequence of 5–6 ordinary English words.

Why does Diceware use five dice?

Five dice produce a number from 11111 to 66666 — 7,776 possible values (6⁵). This maps exactly to a wordlist of 7,776 words, giving each word in the list an equal probability of being selected (1 in 7,776). log₂(7,776) ≈ 12.92 bits of entropy per word. This figure is at the heart of all passphrase entropy calculations. The EFF revised Diceware wordlist uses the same 7,776-word count, and software implementations use a CSPRNG to simulate the same distribution without physical dice.

Is a software passphrase generator as secure as physical dice?

Cryptographic software random number generators (CSPRNGs) like crypto.getRandomValues() are considered equally secure to physical dice for passphrase generation — and in some respects more so. Physical dice can have subtle manufacturing biases; CSPRNGs backed by OS hardware entropy (used by crypto.getRandomValues()) are designed and audited to produce uniformly distributed random numbers meeting cryptographic standards. The EFF recommends software generators as equivalent alternatives to physical dice.

What is the EFF wordlist and why is it preferred?

The EFF (Electronic Frontier Foundation) revised the original Diceware wordlist in 2016 to remove words that were ambiguous, offensive, or difficult to spell and pronounce. The EFF large wordlist retains 7,776 words while prioritising words that are common, clearly distinct from each other, and easy to type and remember. The EFF also published a short wordlist (1,296 words) for cases where six words are needed instead of five.

How many words do I need for a secure passphrase?

The NCSC recommends three words as a baseline. Security researchers generally recommend four words (51.6 bits) for standard accounts, five words (64.5 bits) for high-value accounts without MFA, and six words (77.4 bits) for encryption keys and master passwords. At five words, a passphrase would take approximately 2,800 years to crack with dedicated hardware at 10 billion guesses per second — well beyond any practical attack horizon.

What Is Diceware and How Does It Work?

Diceware was invented by Arnold Reinhold in 1995 as a method for generating high-entropy passphrases without requiring trust in any software. Using only physical dice and a printed word list, anyone could generate a verifiably random passphrase. The method pre-dates modern password managers and was designed for memorisable encryption keys at a time when computers were far less powerful than today. Understanding how it works provides the mathematical foundation for all passphrase generation.

The Original Method

Obtain five standard six-sided dice.
Roll all five simultaneously. Record the results as a five-digit number (e.g. 3-1-5-2-4 = 31524).
Look up the number in the Diceware wordlist. The word at 31524 is "lance".
Repeat steps 2–3 for each word in your passphrase. For five words: five sets of five rolls = 25 total dice rolls.
The resulting sequence of words is your passphrase.

The Mathematics

Five dice produce 6⁵ = 7,776 equally probable outcomes. The Diceware wordlist maps each outcome to exactly one word. This means every word is selected with probability exactly 1/7,776 — a perfectly uniform distribution, which maximises entropy for a given wordlist size.

Each word adds log₂(7,776) ≈ 12.92 bits of entropy. For a five-word passphrase: 5 × 12.92 = 64.6 bits. At 10 billion guesses per second — the rate of a high-end dedicated cracking rig — exhausting 64.6 bits would take approximately 2,900 years. At six words (77.4 bits): over 4 million years.

Software Implementations

Modern software implementations replace physical dice with a CSPRNG. The Passphrase Maker uses crypto.getRandomValues() — the browser's OS-backed CSPRNG — to select a random index into a curated wordlist. The index selection uses rejection sampling to ensure perfectly uniform distribution (no modulo bias), matching the entropy of physical Diceware.

Verification: The EFF's Diceware page provides the complete large and short wordlists for download and explains the verification process for checking that a software generator matches physical dice entropy.

Why Diceware Words Are Ordinary

A common misconception is that passphrases should use obscure or technical words. The opposite is true. Ordinary common words — "cloud", "fence", "ocean", "bright" — are harder to crack than invented or technical words because: (1) the attacker's dictionary must include them regardless; (2) they are easier to remember and type accurately; (3) they resist the pattern-matching that makes "correct horse battery staple" memorable to an attacker who has seen it used as an example. The randomness of selection is what provides security — not the obscurity of individual words.

Diceware EFF wordlist passphrase generation entropy random

For informational purposes only. Password security requirements vary by context — consult your organisation's security policy and current NCSC/NIST guidance for your specific environment.

← Are Passphrases More Secure Than Passwords?How to Choose Your Password Manager Master Passw →