How Diceware Works
Roll five dice and read the five numbers as a sequence (e.g., 2-4-1-3-5 = 24135). Look up that number in the diceware word list, which maps every possible 5-die result to a word. Repeat this process 5-6 times to generate a passphrase. The resulting words are genuinely random — your preferences and biases played no part.
The Entropy of Diceware Passphrases
The standard diceware word list contains 7,776 words (6^5 = 7776 possible dice combinations). Each word contributes log2(7776) ≈ 12.9 bits of entropy. Five words produce about 64 bits; six words produce about 77 bits. This is sufficient for most memorized credentials including password manager master passwords.
Memory Techniques for Passphrases
Create a vivid mental image linking the random words. If your passphrase is 'panel volcano castle spider thumb,' imagine a medieval castle on a volcano covered in giant spiders holding solar panels. The more absurd and sensory-rich the image, the more reliably you'll recall it. This memory palace technique makes 5-6 word passphrases remarkably durable.
Digital Diceware Generators
Software diceware generators use CSPRNG instead of physical dice, providing equivalent randomness more conveniently. A generator using window.crypto.getRandomValues() to select words from a well-known wordlist (EFF's large wordlist is a good choice) produces the same security properties as physical dice with less friction.
Diceware passphrases are the best solution for passwords that must be memorized. Use 5-6 words generated with true randomness, create a vivid mental image, and practice typing it until it becomes automatic.