Draw words at random from a pool of 10,000 — BIP39, EFF Diceware, a custom list and 100 curated extras — to build a strong passphrase.
Optional. A secret that is HMAC-mixed into every draw — defense-in-depth, so your words stay secret even if the device RNG is ever weak. It adds robustness, not entropy.
…
Already have a passphrase? Paste or type it below to see its fingerprint, then check that against the one you recorded. If they match, your record is correct — a single wrong character produces a completely different fingerprint.
Every draw is a uniform 1-in-10,000 choice made with your browser's cryptographically secure RNG (crypto.getRandomValues), using rejection sampling so there is no modulo bias. Each word therefore carries exactly log₂(10000) = 13.29 bits of entropy.
Six words give roughly 80 bits, eight words roughly 106 bits. Draws are independent and made with replacement, so a word may repeat — this does not reduce entropy.
Auto-pick draws words for you, one after another, until the passphrase reaches at least Very strong — that is 8 words (about 106 bits). It clears any current passphrase first, so each press produces a fresh one.
Add extra sprinkles a few random digits and symbols into the gaps between words (never inside a word) to satisfy sites that demand them. The Amulet Vault does not need this: it accepts a plain word passphrase, so Add extra is only for third-party sites with rigid character rules. Because the characters are genuinely random, the strength meter counts the entropy they add, though words remain the bulk of it. Click any sprinkled character to remove the extra.
Fingerprint is a checksum of the whole passphrase — a 16-character hex code and a small symmetric glyph, both derived from its SHA-256 hash. Note it down with any backup; re-typing the passphrase must reproduce the exact same fingerprint, so a transcription error is caught at once.
Verify an existing passphrase lets you paste a passphrase you already hold to see its fingerprint and confirm it against your record — by eye, or by entering the fingerprint you recorded for an instant match check. Each word is also checked against the 10,000-word pool, which helps pinpoint a mistyped word.
The optional pepper is stretched with PBKDF2 (200,000 iterations) against the session salt, then HMAC-mixed into every draw. It does not add entropy — the count stays 13.29 bits per word — but it removes the single point of failure of trusting the RNG alone.
This tool is one self-contained file. It makes no network requests and works fully offline.