# My Diceware method

# My Diceware method

### Posted November 25, 2018

#### Last updated February 24, 2019 | 8ec2bc9

4 minute read

In my journey down the rabbit hole of security, at some point I came across Diceware, probably in some discussion about xkcd #936. If this is the first time you’re hearing of Diceware, I will summarize it as a way of using the natural random entropy generated by rolling five dice to generate a secure passphrase for keeping your most valuable digital items secure. I just thought it was the coolest thing, and it made so much sense to create a long passphrase that is easy to remember, but hard to crack.

In my infinite overdoing of things that I fall victim to sometimes, I have modified the original Diceware method a bit. And in the spirit of open source, I thought I’d share my modifications!

# What you will need 🔗

To travel down my same path, you’ll need to grab: 1. a trusty set of polyhedral dice 2. five of your favorite casino dice and we can generate a great passphrase. Oh wait…you’ll also need a 3. wordlist!

The standard wordlist (or any of the EFF or other variations) should work just fine, but I’m using a special wordlist (which is the EFF wordlist plus some extra characters at the end) that I can only attribute to “Dr. October”. The original post I found the wordlist a part of was (but archived by archive.org) at Hackaday.io. With the instructions on that page, I was able to create myself a pocket sized version using the other PDF linked on that page, but that’s another story.

So now that we have all of our materials, we can finally generate our passphrase.

# The steps 🔗

You could definitely just roll five dice five (or more) times to get a passphrase that should be able to stand on its own, but I have come up with some ways to generate more randomness through analog means.

## Generating the phrase 🔗

- Roll 8-sided die to choose number of words (
`N`

)*(re-roll if less than 4)*- I’ll pretend I rolled a 5

- Roll your five dice
`N`

times (5 for my example) to come up with a random phrase, such as:

`carnage`

`manager`

`ahoy`

`disprove`

`tiger`

## Spicing it up 🔗

Now, to make it more secure, do the following:

- Roll 4-sided die to see how many words to capitalize (
`R`

)- I’ll pretend I rolled a 2

- Roll the 8-sided die
`R`

times to see which word to capitalize (re-rolling if the number is higher than`N`

)- I’ll pretend I rolled a 4 and a 1

- Roll the D6 die to see how many extra symbols to add to the end (
`Z`

)- I’ll pretend I rolled a 2
- I’ve rolled twice to get 5-1-1 (
`!`

) and 4-3-1 (`c`

)

- Roll the 20-sided die to see if words are separated by spaces (even number) or a symbol (odd number)
*if an odd number is rolled in step 6, roll three D6 dice to find the delimiting symbol*- I’ll pretend I rolled a 19
- I will roll three D6 dice to determine the symbol from the same symbols on the last three pages of the EFF wordlist
- I have rolled 5-1-3 (
`+`

)

And that is how I have modified Diceware to generate even more secure passphrases. I highly suggest this method if you have a spare set of polyhedral dice and you like complex passphrases.