Diceware Anywhere




Posted in TechnologyComputers

Introduction: Diceware Anywhere

This Diceware method lets you generate secure passphrases with dice and a book. Welcome to the paranoid world of cryptography. For regular folks this method is probably a waste of time, at best. But for those interested in learning more about codes, and crypto, this is a real world method used by experts. For best security you are supposed to print out the Diceware word list and use real dice - not an electronic random number generator.

I don't like having to print the Diceware list, or open it up in a PDF reader when I am in a hurry to come up with a password, username, or passphrase. Also I don't like leaving the diceware list around on my desk. But a book is hidden in plain sight.

Luckily nearly every office supply, or better yet, dollar store carries dice, a pencil box, and a cheap paperback dictionary or thesaurus.

Step 1: Rolling and Reading

Here's how I use a book as a word list. This paperback thesaurus has 530 pages. Since 530 is a three digit number,  I'll need 3 dice, one for each digit.

Each page is divided into two columns, so I will need another die to choose a column. Each column has about 6 word entries, meaning I need one more die.

So for this book I end up rolling 5 dice in a pencil box for each word I need. A file box or a shoebox works also, as long as the dice can line up after you roll them.

In this example, the first 3 dice from left to right give the starting page number of 451

The 4th die chooses the column. I count columns from the starting page (for example, 451) and continue on to the next two pages if necessary. Here, the die reads 2, so it is the second column, and still on the starting page.

And the 5th die gives the number of entry words from the top of the column.

In this case the selected word is thought because it is the first entry word in the column.

Now, just repeat to get 6 or 7 words and you have a unique passphrase for a Wi-Fi key, or a PGP email signature, or other cryptographic uses.

Again, this is just another way of using the Diceware method, but without having to print out the Diceware word list.

If it all seems too elaborate, then it is probably not for you. This is for sys-admins, cryptographers, and others who frequently need to generate passphrases.

Step 2: Missing Pages?

You might wonder about all the skipped pages since the dice are only numbered from 1 to 6. Well, yeah, there will be lots of skipped pages.

For instance, all the pages from 67-110 and 267-310 and 367-410 and 467-510 are skipped.

Well actually because of how I count columns, there are potentially only 4*(43-2) = 164 skipped pages. This means about a third of the words in the book are left out.

But it really does not make a difference for our purposes. We just need random words, so if some are skipped, there are still more than enough.

So what to do if the first digit is higher than the number of pages in the book? Well if the first die had been 6, I would read it at as zero since there are only 530 pages. This would give a page number of 051, or just plain 51.

Step 3: Silly Passwords

You can modify this method to create improbable passwords. Just randomly choose two or three words using the method above.

Now roll the dice to pick a syllable in each word, wrapping the number around if the word has only 2 or 3 syllables.

Join up the syllables and get silly, but memorable, passwords like nopardstub or conbrolute !

It's simple, and is more secure than using your mother's maiden name.

You can read the Diceware FAQs for more information on passphrases and how to use them..



    • Pocket-Sized Contest

      Pocket-Sized Contest
    • Spotless Contest

      Spotless Contest
    • Trash to Treasure

      Trash to Treasure

    We have a be nice policy.
    Please be positive and constructive.




    Interesting method, and similar to what I did, but your base method is not as strong as the diceware method if the attacker knows your source (ie, someone who knows the dictionary you keep on your desk perhaps) . Diceware has 6^5 "words", or 7776 possible options. Your method only has ((6^3)+2)x6 possible words, or 1308.

    The entropy of each word in the diceware method is 12.9 bits. In your method it's 10.3.

    Actually, looking at it like that, it's not a huge difference, but you'd want to tack on an extra word over the diceware list of you were serious about your security.

    Combining syllables though, I really like that :-)

    The other option is to buy some d10 dice, and use all pages ;-)

    1 reply

    Wow, so I just noticed this is years old, my bad ;-)

    maybe I'm wrong, but couldn't you just do a dictionary attack? 6-7 words from a dictionary attack would be the same as 6-7 characters from brute force, wouldn't it?
    I guess it'd be harder because there are far more words than there are characters, but would it change that much?

    1 reply

    nevermind. I just did the math. That does make a big difference.
    The standard diceware list has 7776 words. 7776^7 is the possible number of passphrases. If we just do the 94 characters with even a 9 character passphrase, it would be 94^9.

    I will leave my comment to help anyone else who thought for a second like I did.

    Nice instructable! I especially like the combinations of random syllables. I'm planning to use the word "conbrolute" at future dinner parties as soon as I can figure out a definition.