How many words do you want?
0 bits of entropy in the pool.
Did you know that a passphrase of three to five randomly selected words can be just as difficult for a brute-force attacker to guess as a gibberish password of 5 to 9 randomly selected ASCII characters (uppercase, lowercase letters, numbers, and every printable symbol selected with no rhyme or reason at all)? However, because easily recognizable words can evoke imagery in the human mind and nonsense juxtoposition strengthens that imagry — teasing the brain to build a story to make sense of the chaos — passphrases are monumentally simpler for humans to remember.
Don't believe me? Try it! Click a button above to call up a selection of random words, and then just *try* to forget the words you just saw! xD.
I've culled together a dictionary of easily recognized, pretty easy to spell words for this purpose (dictionary available for download) so even if an attacker knows the wordlist you are picking from, it remains astronomically difficult for them to check every permutation to guess the correct one.
This webpage runs entirely in Javascript, please feel free to check the source if you are curious. The pros to this method are that whatever password you pick on this page is never transfered across the wire (via server-side script, for example). The potential cons include that I do not know the quality of the random number picker in your web browser.. and if an attacker knew you used a certain bad random number generator, it could reduce how many passwords they have to guess. If anyone has advice on beefing up this point, such as a head-start on using mouse-movements or keystrokes to drum up entropy in javascript, please drop me a line. ;3
I have added a higher quality, completely client-side random number generator of my own design! This samples mouse movements across the page and seeds a 256-bit entropy pool (mainly by dumping new information into a running SHA-256 hash) which you can withdraw from (mouse-driven-entropy widget also designed to be easy to drop into other applications, check out mouse_movement_entropy.js) by creating new pass phrases.
If there is not enough entropy in the pool, your button will light up red and pressing it will use the Math.random() function and give you a passphrase highlighted in red. If there is enough entropy, my ERandom() function gets used for the entire passphrase instead, the pool is withdrawn from and your password will be highlighted in green. :)