Memorable and secure passwords.

Why diceware?

Which is more memorable? Da6ee^ch.aij or mock omen laugh weary dy glen?

The entropy offered by Diceware is 12.9 bits per word - log2(7776) - so the six-word passphrase above has an entropy of 77.4 bits.

Compare this to choosing 10 letters at random: the entropy of that is 10 * log2(26) = 47.0 bits.

If you were to use ASCII printable characters, you'd need at least 12 characters to surpass a six word memorable diceware password.

How does it work?

Feel free to check out the source code on Github.

Diceware is a method for creating passphrases, passwords, and other cryptographic variables using an ordinary die from a pair of dice as a hardware random number generator. For each word in the passphrase, five rolls of the dice are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five digit number, e.g. 43146. That number is then used to look up a word in a word list.

Password.diet is using the secure crypto API in your browser to generate random values. Check out the browser compatibility chart.

The generation is entirely done on the client side, in your browser. There's no communication with the server apart from downloading the word list, we're not logging any of the passwords you generate, they are not sent over the wire.


This is a one man show :)