A Diceware passphrase generator, implemented in JavaScript, that uses the Cryptographically Secure Pseudo Random Number Generator (CSPRNG) in your browser as its source of entropy instead of rolling physical dice.

https://www.rempe.us/diceware/

• All random number generation is done in your browser using window.crypto.getRandomValues()
• Single page JavaScript application with no communication back to a server
• Can be run locally from a Git clone, with all dependencies baked in
• Git tags and commits are signed with my public code signing key
• Can be run without a network connection. No logging or analytics
• All assets are served from www.rempe.us, an A+ rated TLS website
• All CSS/JS have Subresource Integrity hashes
• Realtime estimate of the security level of your generated passphrase
• Support for many language specific word lists

It may just be the closest thing to rolling your own dice. You can do that too of course, and just use this app as a quick way to lookup your passphrase in the word lists.

Just choose a language and click a button corresponding to the number of words you want to generate. You'll get a new passphrase with each click. Each generation rolls a set of five virtual dice for each word. Words are chosen from the included Diceware word lists. The die roll numbers are shown next to each word.

If you are security conscious you are of course encouraged to download the source code for this app and run it locally by simply opening the index.html file. If you run it from the web feel free to run it without a network connection to demonstrate nothing is sent or received from an upstream server once the initial page load is complete.

If you want to be REALLY REALLY secure. Roll the dice with a flashlight under a black hood with a printout of the Diceware word list. No computers needed!

Not really kidding

Most, if not all, of the commits and tags in the repository for this code are signed with my PGP/GPG code signing key. I have uploaded my code signing public keys to GitHub and you can now verify those signatures with the GitHub UI. See this list of commits and look for the Verified tag next to each commit. You can click on that tag for additional information.

You can also clone the repository and verify the signatures locally using your own GnuPG installation. You can find my certificates and read about how to conduct this verification at https://www.rempe.us/keys/.

Bug reports and pull requests are welcome on GitHub at https://github.com/grempe/diceware. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

(c) 2016 Glenn Rempe <[email protected]> (https://www.rempe.us/)

The gem is available as open source under the terms of the MIT License.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE.txt file for the specific language governing permissions and limitations under the License.

This implementation was inspired by the very nicely done https://github.com/yesiamben/diceware. I took the opportunity to upgrade some security aspects and the UI.