dicendo mean?
Yes. The entire dicendo project is open source (see
3. Where can I find the source code?), so the implementation
can be inspected and audited by anyone.
In addition, the core password generation algorithm is implemented as a very small reference program: a one-page Python script available in the same repository. Simplified version of this script is here: Python script.
When the same input data (faces, directions, and order) are provided, both the Android application and the Python script produce exactly the same password. This makes it easy to independently verify that the application correctly implements the documented algorithm. A detailed description of the algorithm is available in the security model section.
Most password generators rely on the operating system’s random number generator (RNG). While these generators are usually cryptographically secure, their internal state and entropy sources are not visible to the user.
dicendo takes a different approach: the entropy is provided
explicitly through physical dice rolls. This makes the source of randomness
transparent and fully under the user’s control.
The transformation from dice input to the final password is deterministic and publicly documented. A detailed explanation of this model can be found in the security model documentation.
dicendo is open source. The source code and build instructions are available at:
https://github.com/rafal-dot/dicendo.
A simplified but fully functional Python implementation of the core password generation algorithm is also included in this help: Python script.
Before designing dicendo, I performed approximately 10 000
test rolls using several sets of dice of different sizes (12 mm, 16 mm, and
19 mm). The results suggest that, especially for the smallest dice, there can
sometimes be a slight tendency to land on faces with odd numbers of pips. Interestingly,
some dice showed the opposite tendency and produced even numbers slightly more often.
In the worst cases, the deviation from the ideal probability (16.67%, i.e.
1/6) was about 1.5 percentage points. In the extreme worst
dice observed, a specific face appeared
with a probability roughly 3 percentage points higher than 1/6.
Such bias can usually be avoided by using good-quality dice. Even when present,
however, the deviation appears small enough to be difficult to exploit in practice
when attempting to guess a password.
It is also important to note that this type of bias mainly affects situations where passwords are generated using only face values. When dice are additionally marked (e.g. with a permanent marker) so that their orientation and order can be used, the effective randomness increases significantly, further reducing the impact of any imperfections in the dice.
More generally, physical processes are not perfectly random. For example, studies of coin flips show that coins tend to land on the same side they started on: Fair coins tend to land on the same side they started: Evidence from 350,757 flips
Secure password generation depends not only on the generation method itself, but also on the environment in which it is performed. Professional cryptographic software often implements additional protections, such as preventing sensitive memory from being swapped to disk or securely erasing memory after use.
dicendo focuses on simplicity and deterministic mapping from
physical randomness (dice input) to the final password. It does not attempt to
implement advanced operating-system-level memory protections. Therefore, the
overall security of the generated password depends on the user maintaining
control over the device on which the application is running.
For secure use, ensure that the device is free from malware, avoid generating passwords in publicly observable environments, and clear sensitive data after use. The strength of the password itself derives from the entropy of the dice input; however, protecting that input and the generated result remains the user’s responsibility.
Base 67 characters alphabet is
abcdefghijkmnopqrstuvwxyzABCDEFGHJ
KLMNPQRSTUVWXYZ23456789!@#$%&()/?
So there are 10 special characters (!@#$%&()/?) out of 67 total
characters. During a single roll, there is a probability of (1-10/67) ≈
85% that no special character will be drawn. After the next draw, the
probability drops to ~73% (~85%2). The important
fact is that after drawing 10 characters, there is still a ~20%
probability (~85%10) that no special characters will be
drawn. So the conclusion is that among random passwords, each one is
equivalent. If a particular one has been rejected by your service, you can (i)
redo the roll, (ii) simply add new dice roll, (iii) modify one of existing dice
rolls, or (iv) simply add a required special character at the end (as entropy
is satisfied already).
There are at least two well-known alternatives for generating passwords using dice. These approaches also rely on physical randomness but differ in how the dice outcomes are mapped to words or symbols. Some methods focus on generating human-memorable passphrases, while others use specially designed dice sets and dedicated software to achieve very high entropy. Users can choose the solution that best matches their security requirements and usability preferences.
This solution is based on rolling the dice in sets by 5 rolls and -
for each set - selecting one of 7776 words (=65) from a
predefined wordlist. As it is easy to calculate, each such set corresponds to
approximately 13 bits of entropy. The advantage of the solution is that it
does not require a computer. The disadvantage is that the generated
passphrases can be long.
So, for our set of test dice rolls
442251356623323366441261532556661645, the password generated using this
method would be: pennant boneless dingo married aware grappling washboard.
Despite being 50 characters long it is easier to memorise than
vS7PK)UJ5#tUcVq but it is almost 4 times longer than
password generated by the method used in this tool.
EFF Dice-Generated Passphrases https://www.eff.org/dice
Another alternative is DiceKeys. This solution uses specially prepared
25 six-sided dice. In addition to the random side generated by
rolling the dice (625 ≈ 3 * 1019), each
die is unique and its order is taken into account
(25! ≈ 1.5 * 1025), as well as its orientation
(425 ≈ 1 * 1015). This gives a total of
roughly 5 * 1059. This approach achieves a very
high entropy density per die. This solution, however, requires the purchase
of dedicated dice with a box frame, requires the use of dedicated software,
and is basically limited to generating one long-lived passphrase that can be
used to protect a master password.
DiceKeys https://dicekeys.com
dicendo mean?The name combines dice with the three core components used in password generation: numbers (faces), directions, and order (N, D, and O). The project evolved from a Python script written in 2021.