Generate a cryptographically random password from EFF's improved Diceware word list
In July 2016, EFF release a more user friendly Diceware list in the article Deep Dive: EFF's New Wordlists for Random Passphrases.
A Diceware list is a dictionary of
6^5 == 7776 words, making it possible to
use 5 normal dice as a source of entropy. Since the dictionary is fixed, it is
possible to reason about how much entropy each new word (token) contributes to
lg(6^5) ≈ 12.9 bits.
However in this module we use the CSRNG builtin to sample
n words from
the dictionary, and securely shuffle them. The sampling is without replacement
as to not confuse the user in case of repeated words.
This lowers the entropy by a negligible amount.
var generatePassphrase =// List of 8 wordsgeneratePassphrase // List of words with at least 100 bits of entropy
You can also get the JSON encoded dictionary directly:
var dictionary =
Bundle size considerations
Be aware that the JSON encoded Diceware list is just over
Making a minimal Browserify bundle with optimisations will yield
a bundle of
$ browserify -g uglifyify -g unassertify example.js | uglifyjs -cm | gzip - | wc -c34593
Generate a list of
count words, randomly shuffled and without replacement.
const arr = generatePassphrase.words
Sorted array of all words in the Diceware list
const arr = generatePassphrase.entropy(minimum)
Convenience function for generating a password with at least
mimimum bits of entropy.
const i = generatePassphrase.indexOf(word)
Array.prototype.indexOf. Returns the index in
-1 if not found.
const bool = generatePassphrase.includes(word)
true if part of
false if not found.
const i = generatePassphrase.indexOfPrefix(prefix)
Returns the index of the first occurrence of the prefix, or the end of the wordlist if no prefixes match. Can be used to slice the list for eg. autocomplete
npm install eff-diceware-passphrase