Privacy Tools #Diceware#passphrase#password security

Diceware Passphrases: Strong Passwords You Can Remember

Learn how to create Diceware passphrases using dice rolls and word lists. Stronger than random characters and far easier to remember.

5 min read

A Diceware passphrase like correct-horse-battery-staple is far stronger than a password like P@ssw0rd! despite being easy to remember. Diceware uses physical dice to generate random word sequences, eliminating bias from your memory or intuition.

Why Passphrases Beat Passwords

Entropy (randomness) determines password strength, not complexity. Consider:

  • P@ssw0rd1! — looks complex, ~20 bits of entropy (predictable substitutions)
  • correct horse battery staple — 4 random words, ~44 bits of entropy
  • verbatim-elbow-cosmic-flair-shrug — 5 random words, ~64 bits of entropy

At 64 bits of entropy, brute-forcing takes millions of years at modern GPU speeds. And you can actually type it.

The Diceware Method

The EFF (Electronic Frontier Foundation) publishes a 7,776-word list (eff.org/files/2016/07/18/eff_large_wordlist.txt). Each word maps to a 5-digit dice roll (e.g., 21562 = “cream”).

What you need: Five standard 6-sided dice (or one die rolled five times).

Steps:

  1. Roll five dice, note the result in order (e.g., 3, 1, 4, 5, 2 → 31452)
  2. Look up the 5-digit number in the EFF word list → one word
  3. Repeat steps 1–2 for each word you want (4–6 words recommended)
  4. Join with spaces or hyphens: lamp-cargo-brisk-fossil

That’s it. No computer involved — physical dice ensure true randomness your brain can’t influence.

Entropy by Word Count

WordsEntropyCracking Time (1 trillion guesses/sec)
451 bits~2 weeks
564 bits~27,000 years
677 bits~3.5 billion years

Use 5 words minimum for master passwords (password manager, full-disk encryption, email). 4 words is acceptable for less critical accounts.

Generating Diceware Digitally

If you trust your device’s random number generator (and you’re not in a high-threat environment), use these tools:

# Linux — use /dev/urandom directly
shuf -n5 /usr/share/dict/words | tr '\n' '-'

# Better: use the EFF word list
wget https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt

python3 -c "
import secrets, re
words = [line.split()[1] for line in open('eff_large_wordlist.txt')]
passphrase = ' '.join(secrets.choice(words) for _ in range(5))
print(passphrase)
"

KeePassXC’s passphrase generator: Settings → Generate Password → Passphrase tab — uses the EFF word list with configurable word count and separator.

Bitwarden: Password Generator → select Passphrase type → set word count to 5+.

Physical vs. Digital Generation

MethodTrust LevelBest For
Physical diceHighest — no softwareMaster passwords, high-threat situations
KeePassXC / BitwardenHigh — audited code, localDaily password generation
Online generatorsLow — server sees your passwordAvoid

For your password manager master password and disk encryption key, use physical dice. The 5-minute investment is worth it.

Storing Passphrases

Don’t try to memorize more than 2–3 passphrases long-term. Instead:

  • 1 master passphrase (memorized): your password manager
  • 1 device passphrase (memorized): disk encryption
  • Everything else: stored in your password manager as long random strings

For the passphrases you must memorize, use spaced repetition:

  • Write them down on paper initially (store securely)
  • Type them daily for one week
  • After that, muscle memory takes over
  • Destroy the paper once memorized

The EFF Short Word List

For situations where you need a shorter passphrase (e.g., for less literate users or spoken sharing), the EFF also publishes a Short Word List using only 3 dice rolls (216 words × 2 lists). It produces simpler, more memorable words at lower entropy.

For most privacy-conscious users, the standard 5-word EFF list passphrase is the correct default for anything you need to type and remember. For everything else, your password manager generates and stores high-entropy random strings.

#privacy #password security #passphrase #Diceware