Cryptography

🎲 Diceware Passphrases: How to Generate a Memorable, High-Entropy Passphrase in 2026

By AY Tanoli · 11 July 2026 · 9 min read
Diceware is a method for creating passphrases by rolling physical dice to pick random words from a numbered list of 7,776 entries. Because every word is chosen by pure chance rather than by a human, the result is both easy to remember and mathematically hard to guess — a rare combination in password security.

Most advice about strong passwords tells you to mash together uppercase letters, symbols, and digits until the strength meter turns green. The trouble is that humans are terrible at randomness, so we reach for the same predictable substitutions — a capital at the start, a 1 at the end, an @ for an a — and attackers know every one of them. Diceware takes the opposite approach: it removes you from the decision entirely and lets dice do the choosing.

Invented by Arnold Reinhold in 1995, Diceware has quietly become the gold standard for people who need a passphrase they can actually memorise: the master password to a vault, a disk-encryption key, or the passphrase protecting a PGP key. This guide explains what Diceware is, why it works, exactly how to do it, and how many words you need in 2026.

Why Random Words Beat Complex Strings

The strength of any secret is measured in entropy — the number of equally likely possibilities an attacker would have to search. A truly random 10-character password drawn from all keyboard symbols carries a lot of entropy, but almost nobody generates or remembers one correctly. What people actually create is a pattern, and patterns collapse entropy dramatically.

Random words sidestep the problem. Each word in a Diceware passphrase contributes a fixed, known amount of unpredictability, and stringing several together produces a secret that is genuinely random yet reads like a short, silly sentence you can picture in your head. As the Electronic Frontier Foundation put it when releasing its own wordlists in 2016, "a memorable, high-entropy passphrase" is far more useful in practice than a complex string the user writes on a sticky note. Memorability is not a weakness here — it is the whole point.

How Diceware Works

The wordlist

A Diceware wordlist contains exactly 7,776 words, each mapped to a five-digit number where every digit is 1 through 6. That number, 7,776, is not arbitrary: it is 6⁵ — the number of outcomes when you roll five six-sided dice. Every possible roll of five dice therefore points to exactly one word, with none left over and none duplicated.

Rolling the dice

To pick one word, you roll five dice (or one die five times) and read the results left to right — say 3 1 6 2 4. You then look up 31624 in the list and copy down whatever word sits beside it. Repeat the whole process once per word until you have as many words as you need, then join them with spaces. That sequence — nothing added, nothing "improved" — is your passphrase.

A worked example

Suppose five separate rolls produce the words anvil, cobra, ripen, fjord, lunar, and truce. Your passphrase is simply anvil cobra ripen fjord lunar truce. It looks whimsical, but it was chosen from roughly 2.2 × 10²³ possibilities. The vivid mental image — a cobra ripening beside an anvil on a lunar fjord — is exactly what makes it stick in memory while remaining impossible to predict.

The Entropy Math: How Many Words Do You Need?

Each word drawn from a 7,776-word list adds log₂(7,776) ≈ 12.9 bits of entropy. Entropy stacks additively, so the strength of a passphrase scales linearly with the number of words. The table below shows the trade-off between length and security.

WordsEntropyGuessing spaceSuitable for
4 words~51.7 bits3.6 × 10¹⁵Low-value or throwaway accounts
5 words~64.6 bits2.8 × 10¹⁹Everyday accounts behind a manager
6 words~77.5 bits2.2 × 10²³Recommended minimum for most uses
7 words~90.4 bits1.7 × 10²⁷Master passwords, disk encryption
8 words~103.4 bits1.3 × 10³¹High-value keys, long-term secrets

To put 77.5 bits in perspective: even an attacker able to test one trillion guesses every second — far beyond what any real credential-hashing system permits — would need, on average, longer than the age of the universe to exhaust a six-word passphrase. The EFF's guidance is blunt about the floor: it recommends "a minimum of six words" for its main wordlist, and that advice still holds in 2026.

Diceware, EFF, and Human-Chosen Passphrases Compared

Not every "passphrase" is created equal. The distinction that matters is whether the words were selected randomly or by a person.

ApproachRandomness sourceEntropy per wordVerdict
Original Diceware (1995)Physical dice12.9 bitsStrong; some words short or obscure
EFF large wordlist (2016)Physical dice or CSPRNG12.9 bitsStrong; words longer and easier to type
Human-chosen "passphrase"The user's imaginationFar lower, hard to estimateWeak; vulnerable to phrase and pattern attacks

The EFF's large list was designed by cryptographer Joseph Bonneau to keep the same 12.9 bits per word while removing entries that are hard to spell, easy to confuse, or awkward to type. A human-chosen phrase such as a song lyric or a favourite quotation, by contrast, sits in wordlists that attackers already feed into cracking tools — which is why "correcthorsebatterystaple" only works when the words are genuinely random, not when you pick them yourself.

What NIST and OWASP Say

Modern standards have swung firmly behind long, memorable passphrases. NIST Special Publication 800-63B tells verifiers to permit secrets of "at least 64 characters," to accept spaces and all printable characters, and — crucially — to stop forcing periodic resets and arbitrary composition rules that pushed users toward weak, predictable choices. In its own words, length "is a primary factor in characterizing password strength," which is precisely the property Diceware maximises.

OWASP's guidance aligns: its Authentication Cheat Sheet lists passphrases as an acceptable and encouraged pattern, provided a generous maximum length is allowed so users are not punished for choosing longer secrets. The consensus across both bodies is that a six-word random passphrase is stronger, more usable, and more durable than the tortured eight-character string of yesterday's password policies.

Key takeaway: A passphrase is only as strong as the randomness behind it. Six or more words chosen by dice or a cryptographic generator gives you memorability and 77+ bits of entropy at the same time — but a phrase you invented yourself gives you neither. Let chance, not creativity, pick the words.

How to Use a Diceware Passphrase Safely

Generating the passphrase is only half the job. To get the full benefit, follow these practices:

  1. Use a full-length list. Only the 7,776-word lists deliver 12.9 bits per word. Shorter "short lists" trade entropy for typing convenience — add extra words to compensate if you use one.
  2. Never reuse it. A Diceware passphrase is ideal as the single master secret for a password manager, which then generates unique random passwords for every individual site. Store the rest of your logins in a reputable manager such as NordPass and memorise only the one phrase that unlocks it.
  3. Keep the words in order. Do not "improve" the passphrase by rearranging, capitalising, or inserting symbols from memory — you will forget exactly what you did and lock yourself out, while adding almost no real entropy.
  4. Add words for high-value secrets. Six words suits most accounts; use seven or eight for disk encryption, cryptocurrency wallets, or a PGP key that must stay secure for a decade.
  5. Trust the randomness source, not secrecy. The wordlist being public does not weaken your passphrase. If you skip physical dice, use a generator that draws from the operating system's cryptographic random number generator rather than a predictable one.

Why This Matters for You

The passwords most likely to be broken are not the ones attackers brute-force character by character — they are the ones that already sit in a breach wordlist because a human chose something guessable. Diceware defeats that entire class of attack by making the words unguessable in the first place, while still giving you something you can recall without writing it down. For the two or three secrets you truly must memorise — your vault master password chief among them — it remains the most reliable method there is. Roll six words, picture the scene they paint, and you will have a passphrase that is easy for you and effectively impossible for anyone else.

Generate a Free Strong Password →

More Password Security Tools

⚔️ TitanPasswords🛡️ Best Password Generator🔐 Free Strong Password⚡ Instant Password🗝️ Iron Vault Keys🔑 Random Pwd Tool🔒 Safe Pass Builder🛡️ Trusty Password⚙️ StrongPassFactory🔑 SecureKeyGen.org📚 TrustyPassword.org
We use cookies to improve your experience. Learn more