Skip to content

Asian Diceware: an Asian-flavored passphrase wordlist

A long random password is the safest option, but nobody can remember one — so most people fall back on a birthday plus a pet's name and reuse it everywhere. There is an easier way: roll a few dice, pull a handful of English words from a fixed list, and string them together as your password. This kind of "passphrase" is easy to remember and easy to type, yet far stronger than a hand-picked password. You have probably encountered this idea before (the next section lists a few examples). What we made is an Asian-flavored version, blending in Asian loanwords that English already absorbed, so the words feel familiar to people who grew up around Asian languages and food. Before you start, read Threat modeling to be clear about who you are defending against.

You have already seen this idea

Turning a string of computer-generated randomness into a few memorable, writable English words shows up in many places you have used:

  • The seed phrase from a crypto wallet: the 12 or 24 English words your wallet told you to write down and keep safe are the largest deployment of this idea, turning the wallet's key into a string you can copy onto paper (the standard is called BIP-39, with wordlists in many languages)1. See The cryptocurrency privacy spectrum for background.
  • The generator built into your password manager: Bitwarden's "Passphrase" and 1Password's "Memorable Password" produce one of these with a click, backed by the same kind of wordlist — open the manager you already have and try it now2.
  • Accounts that take no personal data: Tor's AnonTicket lets people file reports anonymously with no email; the identifier is just six random English words3. SecureDrop, which lets journalists receive leaks, generates a "seven random words" login codename for each anonymous source4.
  • That famous comic: xkcd's "correct horse battery staple" is exactly this — four random English words a computer struggles to guess but a human can remember5.

Tails suggests one of these passphrases when you create its encrypted storage (since 5.12)6, and reading a long key fingerprint aloud as words rather than digits is less error-prone on a phone call (the old PGP word list trick)10. What we made is the same idea, with an Asian flavor.

It is called Diceware

The technique has a name, Diceware, proposed by Arnold Reinhold in 19958. The idea is simple: each word maps to a set of dice values, you roll the dice, look the number up in the table, and the word you find becomes part of your passphrase; repeat a few times to build a phrase. The randomness comes from real dice and never passes through your hands, so the result cannot be guessed from your habits or preferences. The 7,776-word list EFF released in 2016, which was designed to avoid hard spellings, profanity, and confusable homophones, is the most widely recommended English version7.

What we made

asian-diceware is a 7,776-word, EFF-compatible wordlist that works as a drop-in replacement for the EFF Large Wordlist, matching its security and usability. The difference is the vocabulary: we include 292 dictionary-attested Asian loanwords (verified against OED, Merriam-Webster, and Cambridge) and fill the rest with the most common, easy-to-spell English words.

Many of these are already everyday English words anywhere, with extra resonance for anyone who grew up around Asian languages and food: tofu, ramen, miso, matcha, karaoke, tsunami, kimchi, bibimbap, typhoon, oolong, yoga, karma, curry, mango. Some carry a Sinophone flavor — oolong, boba (bubble tea, which originated in Taiwan), ketchup (whose root traces to Hokkien, a southern Chinese language), pinyin. Others you might not realize are Asian loanwords at all, like shampoo, bungalow, jungle, gecko, bazaar, and guru.

Two limits on word choice are deliberate. First, a loanword must be a single English-dictionary token, so spaced forms like feng shui, kung fu, and dim sum are out. Second, we do not transliterate Mandarin ourselves, because several competing romanizations (Hanyu Pinyin, Wade-Giles, Tongyong) coexist, so we only accept words whose English spelling is already fixed in a dictionary.

The wordlist is open source (code under MIT, the wordlist data under CC-BY-4.0); the source and full list are at GitHub anoni-net/asian-diceware. The list itself only makes the individual words easy to recognize and remember; it provides no encryption. The real security comes from how you generate, store, and use the passphrase.

Looking ahead, the community also wants to build an anonymous-service platform along the lines of AnonTicket (still at the planning stage), where an account is identified by a string of random words instead of an email — and this list is meant to be the word source for those codes.

Why only ~3.8%?

Treat the 3.8% (292 of 7,776 words) like a beer's ABV: a deliberately chosen number, not a watered-down accident. The share is capped by how many recognizable Asian loanwords English has actually absorbed as single dictionary words. An exhaustive OED / Merriam-Webster / Cambridge sweep turns up roughly 330 that a Sinophone reader would recognize; 292 are pinned and about 40 are held in reserve, so the recognizable well is nearly dry.

Pushing much higher (say 10%, ≈ 778 words) would force one of two things, and we want neither:

  • Flooding the list with obscure words (puttee, howdah, nilgai, maund) that most people can't spell, say, or recall. That breaks the EFF property this list exists to keep: a passphrase you can write down and read back without errors.
  • Switching to romanized Mandarin or Zhuyin syllables. That is a separate project — Hanyu Pinyin, Wade-Giles, and Tongyong all coexist, so spellings collide and turn ambiguous.

And here is where the ABV analogy breaks down: a higher percentage does not make the passphrase stronger. Every word carries the same 12.925 bits, whether it is tofu or the. The entropy comes from the list being exactly 7,776 words with each die roll uniform, never from where the words came from. The Asian share changes flavor and recognizability, never security. So unlike beer, "higher proof" buys you nothing here, and usability wins when it conflicts with cultural coverage.

How to use it

Rolling dice against a table is the most direct way; a handful of dice plus one table is enough, no coding required. There are two ways to get the table: print the A5 booklet (download the PDF; see Print a booklet below), or open the dice file asian_diceware_7776_dice.txt on GitHub.

Method 1 — physical dice. Roll 5 dice and read them left to right as a five-digit number (each die 1–6). The table is sorted in numeric order (from 11111 to 66666), so you can flip close to your number, or search for the line that starts with your five digits; the word after it is the one you drew. Repeat six times and join them with -. For example, rolling 6 3 4 4 4 reads as 63444, which maps to tofu.

No dice? They are cheap: stationery shops, convenience stores, and game shops all carry them, a set costs next to nothing, or you can borrow a few. Alternatively, use an offline dice-roll app (turn off the network first). Dice plus a table — print a booklet and you are set — is the complete method, with no computer needed at any point. Only if you want to skip the dice and you can code a little do you need the shortcuts below.

For developers: two no-dice shortcuts

Python's secrets is a cryptographically secure RNG, suitable for drawing words.

import secrets

words = open("asian_diceware_7776.txt").read().split()
assert len(words) == 7776
phrase = "-".join(secrets.choice(words) for _ in range(6))
print(phrase)        # e.g. tofu-ramen-bazaar-oolong-gecko-haiku

Use secrets, not random — the latter is not cryptographically secure and its output can be predicted.

No clone needed; pull the published list straight from GitHub:

curl -s https://raw.githubusercontent.com/anoni-net/asian-diceware/main/output/asian_diceware_7776.txt \
  | python3 -c "import secrets,sys;w=sys.stdin.read().split();print('-'.join(secrets.choice(w) for _ in range(6)))"

The list comes in two sizes; for real use always pick the default 7776 (5 dice per word). The other, 1296, is a strict subset that needs only 4 dice and prints shorter — handy for tests, demos, and teaching. The dice codes differ between the two, so always use the dice-code file that matches the list you chose.

If a site demands a digit or symbol, add one. Want more strength? Add words — each extra word makes it far harder to guess.

When to use it

A passphrase is not only for logins; this "number-to-word" table is useful in several places.

Not using a password manager yet? Upgrade your few most important accounts first

We still recommend a password manager — it makes a unique random password for every site. But if you cannot cross that hurdle yet, do not let it stop you from making your passwords stronger. At least give your most important accounts (email, the one that can reset the others, online banking) each a unique passphrase and memorize them. You can do this without a manager, and it is far stronger than what most people use. It does not solve the "dozens of sites each need a unique password" problem — that is the manager's job — so treat this as a first step and adopt a manager later.

  • The master password for a password manager: the single pivot of your whole system, worth a memorable, strong passphrase; let the manager generate random long passwords for every other site.
  • Passwords you have to type by hand: a home Wi-Fi password, signing in to a streaming account on a TV or game console, a device shared with family — anywhere you enter it character by character, a random string is painful while a passphrase is easy to type and say.
  • Passphrases for encrypted disks, backups, and keys: full-disk encryption, encrypted backups, a PGP private key — anything where a typo locks you out and a leak exposes everything.
  • Verification numbers you read aloud: to check a key fingerprint or safety number, encode the number with this table and read the words instead of the digits; it is far less error-prone. This is what the PGP word list does10.
  • A shared codebook with a trusted contact: use the list as a private codebook to confirm identity or pass a pre-arranged signal — see the next section.

How strong are six words

Six random words give a passphrase as strong as a random string you could never remember; an attacker can only try one combination at a time, essentially forever. EFF treats six words as the baseline for general use; for the most important secret, like a master password, go to seven or eight.

If you are used to 12–16 character passwords, here is the rough equivalence (the left column assumes a truly random string from a password manager, with mixed case, digits, and symbols):

Random character password Equivalent Asian Diceware passphrase
12 characters 6 words
14 characters 7 words
16 characters 8 words

At the same strength the two are about equal; the difference is memorability. A truly random 12–16 character string is unmemorable and has to live in a manager. Six to eight passphrase words reach the same strength while you can still remember and type them. So a passphrase suits the few secrets you must memorize (a manager's master password, a disk-encryption passphrase), while the manager generates random character passwords for everything else. Those are exactly the secrets a manager cannot store for you — the master password cannot live inside the vault it guards, and disk unlock happens before the manager starts. So this list earns its place whether or not you use a manager.

One caveat: the equivalence above only holds for truly random generation. A password you think up yourself (swapping a for @, appending 1 at the end) follows patterns and is usually much weaker. A passphrase's strength holds as long as you draw the words with real randomness — what you rolled with dice or secrets counts, while hand-picking or choosing nice-looking words does not.

The numbers behind it

Passphrase strength is measured in entropy (roughly, how many possibilities an attacker must try). Each word drawn from 7,776 contributes log2(7776) ≈ 12.925 bits, so six words are about 77.5 bits, or 2 to the power of 77.5 combinations7. Even at hundreds of billions of guesses per second (a rate depending heavily on the hashing algorithm and hardware)9, the average time to find it runs to thousands of years. Each extra 7776 word adds about 12.9 bits.

The full comparison with bit values (character passwords assume a ~94-character set):

Random character password Entropy Asian Diceware passphrase Entropy
12 characters ~79 bits 6 words ~77.5 bits
14 characters ~92 bits 7 words ~90.5 bits
16 characters ~105 bits 8 words ~103 bits

A self-invented password follows patterns, so its real entropy is often far below a truly random string of the same length.

Randomness is what matters

No matter how good the list, if the word-picking is not random, the whole passphrase falls apart.

  • Always use true randomness: physical dice, or a cryptographically secure RNG (Python's secrets, /dev/urandom). Do not use a non-secure RNG like random, do not hand-pick words, and do not choose ones that "look random" — human-picked words are far easier to guess.
  • Do not rewrite it into a sentence: if tofu-ramen-gecko reads awkwardly and you smooth it into a fluent phrase, you have destroyed the randomness. Keep the order and words exactly as drawn.
  • Do not reuse: one passphrase, one place; a master password especially must not be shared with any other service. Unless it may have leaked, you do not need to rotate it on a schedule — frequent changes tend to become unmemorable or reused. If a service does report a breach, just change that one account.
  • Store it immediately: do not screenshot it to a cloud photo album or paste it into a chat. Save it straight into your password manager's vault, or write it on paper and lock it away. When rolling, watch for shoulder surfers.

Agreeing on a codebook with someone you trust

For everyday password use, the section above is enough. This section covers an advanced use of the list, for those who need it.

Know its limits first

This kind of code is obfuscation, not encryption. It stops a casual onlooker, but not an adversary who records messages to compare later or who obtains what you agreed on, and certainly not state-level surveillance. If the content truly cannot leak, or someone's safety depends on it, do not rely on this alone — pair it with end-to-end encrypted tools (see Secure messaging compared) and a complete safety plan. The uses below all assume this.

The dice table is really a "number-to-word" codebook, so beyond passphrases it can serve as a private code agreed with someone you trust. Decide in person what each word means; later, over a public channel (phone, text, social DM), you say that word, and an onlooker sees an utterly ordinary English word while the two of you know what it means.

Everyday, low-risk uses:

  • Confirming someone is really them: roll a set of words together in person and each keep it; later, exchange them over a call or message to confirm you are not being impersonated. Prefer one-time use, or split it (you say the first three words, they reply with the next three).
  • Neutral codenames for people, files, and projects: civil-society groups and journalists often need to name a source, a sensitive file, or an ongoing project. A random word as a codename leaks less than an obvious name like "official's leak file," and a list that is seen reveals nothing about who is who.

The uses below are for higher-risk people, where the limit above matters even more — the code is only a helper, and the real content and whereabouts are protected by encryption tools and a safety plan:

  • A contact signal between a journalist and a source: agree on a few words at the first meeting — one for "free to talk now," another for "I'm being watched, don't reach out." Later a single word on a call covers it, with no plain talk over an unsafe channel. See Journalists and source protection.
  • Check-in and distress words in the field: activists and election observers can agree on a check-in word with their logistics team and report in on a schedule; switching to another word means "something is wrong, start the plan." Because the word changes, anyone forcing you to report cannot fake it. See Activists and protest digital safety and Election observer self-protection.
  • A distress code in a dangerous relationship: someone leaving an abuser can agree on a distress word with a trusted friend; sending it means "call me" or "call the police," with no obvious words left on a phone that might be checked. See Domestic violence and tech-enabled abuse.

A few things keep a codebook workable: agree on meanings in person and do not write them where they can be found; keep the circle small; change words when you suspect they have been figured out; and do not use the same word as both a passphrase and a code.

We formatted the 7,776-word list as an A5 dice-lookup booklet, complete with a cover, instructions, a QR code, and a copyright page. It is the printed version of the table Method 1 above looks words up in, so anyone who would rather not install anything and just roll dice can print one and get started.

The wordlist is CC-BY-4.0, so anyone can print it and hand it out. When the community runs in-person events (mostly in Taiwan), we bring printed copies; if you run into us, you are welcome to say hello. See Activity for where we will be next, or Stay Informed for updates.

Download the A5 booklet (PDF)

asian_diceware_7776_booklet_a5_v0.4.0.pdf (about 36 pages; prints on A4 or US Letter with any home or shop printer, then fold into a booklet). The wordlist data is CC-BY-4.0, so you are welcome to print, hand out, and reuse it — please keep the attribution on the colophon page.

Get involved

  1. BIP-39: Mnemonic code for generating deterministic keys - Bitcoin Improvement Proposals (wordlists in many languages, including Traditional and Simplified Chinese) 

  2. Bitwarden Passphrase Generator and 1Password Password Generator 

  3. Anonymous GitLab Ticketing: An Exciting New Project at Tor - The Tor Project 

  4. SecureDrop - Freedom of the Press Foundation 

  5. Password Strength (xkcd 936) - xkcd 

  6. Creating the Persistent Storage - Tails 

  7. EFF Dice-Generated Passphrases - Electronic Frontier Foundation 

  8. The Diceware Passphrase Home Page - Arnold G. Reinhold 

  9. What is password entropy? - Proton 

  10. PGP word list - Wikipedia