passgen
XKCD-936 passphrase generator
| Use case | Min. entropy | Words | Guidance |
|---|---|---|---|
| Online account | ~53 bits | 4 | Rate-limited services (login lockout) |
| Important account | ~66 bits | 5 | Email, banking — OWASP 12+ char recommendation |
| Offline / disk encryption | ~80 bits | 6 | Resists offline brute-force (leaked hashes, LUKS) |
| High security | ~106 bits | 8 | Long-term secrets, password manager vaults |
| Future-proof | ~133 bits | 10 | Paranoid — comparable to 128-bit symmetric key |