secretgenerator v2.0.0 ↗ github

home / passphrase

secretgenerator · passphrase

Diceware passphrase generator

Words sampled uniformly from the EFF Large Wordlist (7,776 entries, ~12.92 bits per word) with the wordlist hash verified at process start. Eight words gives ~103 bits — strong against everything short of a nation-state, memorable enough for humans.

defaults

words 8
separator -
wordlist EFF Large (7,776 words)
min entropy 80 bits (Reinhold/EFF floor)

generate

runs in your browser · WebAssembly · same code as the CLI

cli

Default 8-word, dash-separated
secretgenerator passphrase --json --show-crack-time
10 words, space separator
secretgenerator passphrase --words 10 --separator " " --json
Compatibility flags for legacy verifiers
secretgenerator passphrase --capitalize --digit-suffix --json

snippets

Python generate_passphrase.py 
import secretgenerator_py as sg

result = sg.passphrase(words=10, separator="-")
print(result["password"], "—", result["entropy_bits"], "bits")
Node.js generate-passphrase.mjs 
import { execFileSync } from "node:child_process";

const json = execFileSync("secretgenerator", [
  "passphrase", "--json", "--require-schema-version=1",
  "--words", "10", "--separator", "-"
], { encoding: "utf8" });
const out = JSON.parse(json);
console.log(out.password, "—", out.entropy_bits, "bits");
Rust main.rs 
use secretgenerator::{passphrase, PassphraseOptions};

let r = passphrase(PassphraseOptions::default().words(10).separator("-"))?;
println!("{} ({:.1} bits)", r.password, r.entropy_bits);
# Ok::<_, secretgenerator::Error>(())

faq

Why diceware instead of just a long random password?

Memorability without sacrificing entropy. Six diceware words (~77.5 bits) is roughly equivalent in strength to a 13-character random alphanumeric, but a human can actually retain it.

How is the wordlist's integrity verified?

The binary embeds the EFF Large Wordlist with a SHA-256 hash that is verified at process start. If the embedded copy ever drifts from the published EFF list, generation refuses to start.

related

↗ password ↗ secret ↗ api-key ↗ pin