Cloned from lightsecond.com/passphrase.html so I don't have to worry about someone else's uptime.
Back to Lightsecond main page
Download the dict file
How many words do you want?
0 bits of entropy in the pool.
Did you know that a passphrase of three to five randomly selected words can be just as difficult for a brute-force attacker to guess as a gibberish password of 5 to 9 randomly selected ASCII characters (uppercase, lowercase letters, numbers, and every printable symbol selected with no rhyme or reason at all)? However, because easily recognizable words can evoke imagery in the human mind and nonsense juxtoposition strengthens that imagry — teasing the brain to build a story to make sense of the chaos — passphrases are monumentally simpler for humans to remember.
Don't believe me? Try it! Click a button above to call up a selection of random words, and then just *try* to forget the words you just saw! xD.
I've culled together a dictionary of easily recognized, pretty easy to spell words for this purpose (dictionary available for download) so even if an attacker knows the wordlist you are picking from, it remains astronomically difficult for them to check every permutation to guess the correct one.
I have added a higher quality, completely client-side random number generator of my own design! This samples mouse movements across the page and seeds a 256-bit entropy pool (mainly by dumping new information into a running SHA-256 hash) which you can withdraw from (mouse-driven-entropy widget also designed to be easy to drop into other applications, check out mouse_movement_entropy.js) by creating new pass phrases.
If there is not enough entropy in the pool, your button will light up red and pressing it will use the Math.random() function and give you a passphrase highlighted in red. If there is enough entropy, my ERandom() function gets used for the entire passphrase instead, the pool is withdrawn from and your password will be highlighted in green. :)