copyable text with spaces or dashes

entropy stats

There are words in your password, resulting in ~ bits of entropy (~12.92 bits/word, ~10 bits/letter, and ~5.16 bits/symbol). That many words equates to a total keyspace of ~ possible phrases (7776^WordsInPhrase). An adversary might get lucky and guess your phrase on the first try, though the chances of that happening are very slim. On the other hand, the brute-force attacker might be forced to try all of the keys in the keyspace to finally find that the last guess was the correct one. On average, it takes trying 50% of all phrases in the keyspace to find your phrase. The time it takes to discover your passphrase is based on how many guesses per second your attacker can muster. At the lower end in 2016 a small cluster of GPU's have demonstrated the ability to crack ~350 billion hashes/second. A nation state actor like the NSA may be able to perform quadrillions/second. Conservatively assuming a professional adversary can guess passwords at the rate of a keys/second (Edward Snowden suggests being prepared for a Trillion guesses per second), an exhaustive brute-force search on 50% of the total keyspace might take:

~ seconds

~ minutes

~ hours

~ days

~ years

~ x avg. lifespan

~ millenia

~ x age Universe

Learn more about calculating entropy


Diceware is used to generate cryptographically strong passphrases. Don't let that frighten you away though, a passphrase is just a password made of words you can remember. It is based on the principle that truly random selection of words from a wordlist, can result in easily memorable passwords that are also extremely resistant to attack. Traditional Diceware uses rolls of physical dice, this application uses a strong random number generator in place of the dice. Passwords that are six words or longer are thought to be safe for any very high security applications.

Who created this?