How It Works

Diceware password generator is a website that generates passphrases following the Diceware methodology.
It aims to generate passphrases, at least, as right as the ones generated with real dices but without the hassle to actually get real dices. If you find a loophole in the passphrase process generation, please, open an issue and we will try to address it.

To be explained the process is divided in two parts that are the entropy gathering and then the passphrase building.

The Entropy Gathering

The entropy is gathered in two different places. First place is in the user browser, it is done in Javascript. Second place is on the backend server. It is done in Go.

In the user's browser

Entropy bytes are concatenated to one another until 512 bytes are generated. You can find the method _updateEntropyPool that do this job here.
On desktop, mouse movements are used to generate entropy bytes. The mousemove event is used to trigger a new entropy byte generation.
On touch devices, finger movements are used to generate entropy bytes. The touchmove event is used to trigger a new entropy byte generation.
Each time one of this event occurs three data are grab: the X position of the mouse, the Y position of the mouse and the current timestamp.
The 4 LSB of X and Y positions are isolated.
The timestamps is computed with the Performance.now() Javascript API to get a sub-millisecond accuracy. Then, it is multiply by 10 to take into account a tenth of millisecond. Finally the 8 LSB of the timestamp are isolated.

To compute a byte of entropy the method _addEntropyFromMouse that you can find here does the following bit operation:
((x << 4) | y) ^ r

Once 512 bytes are collected they are sent to the backend.

On the backend server

Another 512 bytes of entropy is generated using Read method of the crypto/rand package: here.

The first 512 bytes generated on the client side and the new ones are xor. The result is used to generate a SHA256 in the method hash here.

The SHA256 is the data source for the next part, the passphrase building

Passphrase building

The 32 bytes of the SHA256 is cut into groups of 3 bits. Each group of 3 bits is used to compute a dice value (here). If the 3 bits value is 0 or 7 it is not used and the next group of 3 bits is used to compute the same dice value. It means that at least 5 groups of 3 bits are needed to compute a dictionary word number (here).

Once a word number is computed the corresponding word is read from the key/value database here and the word is append to the passphrase.

When the passphrase length is equal to the number of word expected, the backend work is terminated.
The fresh, unique, strong and easy to remember passphrase is sent back to the client.