The method was published in 1995 by Arnold Reinhold, and the idea has aged remarkably well. The reason it endures is that it solves the one thing humans are catastrophically bad at: generating randomness. When you "make up" a password, you draw on patterns, dates, and favorite words — exactly the structure that cracking tools exploit. Dice don't have favorites.
How Diceware Works
The procedure is mechanical, which is the whole point:
- Roll five dice (or one die five times) and read off the digits in order — say, 4, 2, 6, 1, 3.
- Look up
42613in a Diceware word list, which maps every five-digit combination to a word. - That word is the first piece of your passphrase. Repeat until you have enough words.
- String them together with spaces or hyphens: correct horse battery staple, to borrow the famous example.
Because five dice produce 6⁵ = 7,776 outcomes, each word list has exactly 7,776 entries. Each word you roll contributes log₂(7,776) ≈ 12.9 bits of entropy. The strength comes entirely from the physical randomness of the dice — not from cleverness, special characters, or capital letters.
The security guarantee depends on each word being chosen uniformly at random. Real dice give you that for free and leave no digital trace. Software generators can match it only if they use a cryptographically secure random source — a coin-flip "random" routine or a predictable seed silently destroys the entropy you think you have.
The Entropy Math, Made Concrete
Entropy is just a measure of how many equally-likely possibilities an attacker must search. Each Diceware word multiplies the search space by 7,776. Here is how that scales:
| Words | Entropy | Resists |
|---|---|---|
| 4 words | ~51.6 bits | Online attacks; weak against serious offline cracking |
| 5 words | ~64.6 bits | Most realistic offline attacks |
| 6 words | ~77.5 bits | Well-resourced offline adversaries |
| 7 words | ~90.4 bits | Essentially anything foreseeable |
For perspective, 77 bits means roughly 1.5 × 10²³ possibilities. Even an attacker who could test a trillion guesses per second would, on average, need thousands of years. That is why the Electronic Frontier Foundation recommends six words for important passphrases, and published its own refined word lists in 2016 — chosen to avoid hard-to-spell words, profanity, and confusing near-duplicates while preserving the full 7,776-entry size.
The strength is in the number of words and the randomness of the selection — not in substituting "3" for "e" or bolting a "!" onto the end. Those tricks add almost nothing and make the phrase harder to type.
Diceware vs Random Characters
A 16-character random string of mixed letters, digits, and symbols has more entropy per character than a Diceware word has per word. So why not just use that? Memorability. A six-word Diceware phrase carrying ~77 bits is something a human can rehearse and recall; a 13-character truly-random string with comparable entropy is not. The relevant comparison is not "which is stronger per character" but "which strong option will you actually use and remember."
This is why Diceware shines for the handful of passwords you must memorize and cannot store anywhere: the master password to your password manager, your disk-encryption passphrase, or the credential that protects your encrypted accounts. For the hundreds of site logins you don't need to remember, let a password manager generate long random strings.
Common Mistakes
Diceware is robust, but a few errors quietly undermine it:
- Picking words you "like" instead of rolling. The moment you choose, you've reintroduced human bias and lost the entropy guarantee. Roll, and keep what you get.
- Using too few words. Four words is fine for low-stakes accounts behind rate limiting, but a master password protecting everything deserves six or more.
- Rearranging or "improving" the output. Reordering words to make a sentence reduces randomness. Keep the rolled order.
- Reusing one great passphrase everywhere. A strong passphrase is still a single point of failure if it's shared across services. Unique credentials per site, generated and stored by a manager, remain the rule. See why how a service stores your password matters too.
When to Reach for It
Diceware is not a replacement for two-factor authentication, hardware keys, or passkeys — those defend against entirely different attacks, like phishing and credential reuse. It solves one specific, important problem: producing a small number of high-strength secrets that live in your memory rather than on a screen.
Used for the right job — the master keys that anchor your encrypted life — a six-word Diceware passphrase is one of the best security investments you can make in five minutes with a pair of dice you already own.