🎲 EFF Diceware

Passphrase Generator

Cryptographically secure passphrases using the EFF large wordlist.
Matches the Get-Password PowerShell function.

🔒 Security & Privacy Notes

This file runs entirely in your browser. No passphrase, roll, or setting is ever transmitted — there are no network calls, no cookies, and nothing is written to local storage.

Randomness uses crypto.getRandomValues() — the OS-level cryptographic RNG (equivalent to /dev/urandom), not the weaker Math.random().

Verify the file: Get-FileHash .\diceware.html -Algorithm SHA256 — compare against the publisher’s published hash to confirm the file has not been tampered with.

4
5
Click passphrase to reveal
Reconstruction rolls & PowerShell command
Click QR to reveal
Scan with any QR reader to restore • encodes rolls, salt & settings
🔁 Reconstruct from Rolls
Scan QR Code
e.g. 13163 13223 11663 53261 51426 15331
e.g. 334 322 525 535 321
📷 Stego Export / Import
Encrypt & Embed

Encrypts the current passphrase rolls with AES-256-GCM and hides the ciphertext inside a carrier image using LSB steganography. The output PNG looks identical to the original — share it freely. Keep the .key file on a separate secure channel.

or
Extract & Decrypt

Upload the stego image and the matching .key file to recover the rolls. The Reconstruct card will be filled automatically.

📖 How Passwords Are Generated

Diceware Words (5d6)

Each word is chosen by rolling five virtual six-sided dice. The five results form a 5-digit key (e.g. 32541) looked up in the EFF Large Wordlist — 7,776 words, one per unique 5-dice combination. Every roll maps to exactly one word; each word contributes ~12.93 bits of entropy.

Salt Characters (3-dice table)

Salt characters are produced by rolling three dice and looking up the result in the table below. Dice 1 selects the character group (uppercase/digits, lowercase, or special); dice 2 selects the column; dice 3 selects the row. Combinations with no mapping are re-rolled, so all 95 valid characters are equally probable. Each salt character contributes ~6.57 bits of entropy. 

Die 1 →       1 or 2               3 or 4               5 or 6
           (Uppercase/Digits)   (Lowercase/Symbols)    (Special)
Die 2 →     1  2  3  4  5  6     1  2  3  4  5  6     1  2  3  4  5  6
         ┌──────────────────────────────────────────────────────────────
Die 3  1 │  A  B  C  D  E  F     a  b  c  d  e  f     !  @  #  $  %  ^
       2 │  G  H  I  J  K  L     g  h  i  j  k  l     &  *  (  )  -  =
       3 │  M  N  O  P  Q  R     m  n  o  p  q  r     +  [  ]  {  }  \
       4 │  S  T  U  V  W  X     s  t  u  v  w  x     |  `  ;  :  '  "
       5 │  Y  Z  0  1  2  3     y  z  ~  _  sp  ·    <  >  /  ?  .  ,
       6 │  4  5  6  7  8  9     ·  ·  ·  ·  ·   ·    ·  ·  ·  ·  ·  ·

sp = space  ·  · = no mapping (re-roll)

Randomness

All rolls use crypto.getRandomValues() — the browser's cryptographically secure random number generator — with rejection sampling to eliminate modulo bias. This is equivalent in security to the Invoke-CryptoRandom function used by the PowerShell module.