When online security is literally a roll of the dice, which dice do you use?

When online security is literally a roll of the dice, which dice do you use?
My search for an easy way to generate strong passwords and passphrases led me to the “Diceware” method Cory wrote about on Boing Boing. This was no game. I needed serious dice.
By RJCJR
Jul 31 2015
<http://boingboing.net/2015/07/31/dice.html>

I needed to update my passwords. I have long had a bad habit of using a funny little personal “system” for creating passwords–you may have one, too–but I knew it was outdated and insecure. 

There is much about my life online that I have no control over. But one small thing I have absolute control over is my password. Passwords must be strong, easy to remember, and they must be routinely changed. Fail any of those three requirements, and the results can be devastating. 

When I read Cory’s recent post about creating strong, easy-to-use passphrases with a method that involved actually rolling physical dice, I knew I had to try it out.

The so-called  Diceware Method seemed like a great security tool, but it also spoke to me on a personal level. I feel a real affinity for old-school Vegas and craps. It’s in my blood. My mom and dad often brought me “cancelled” casino dice when they returned home to Brooklyn from trips to Las Vegas back in the day. Holding casino dice in my hands today invokes a feeling of fond nostalgia.

Casinos do not use the same kind of dice that come in Yahtzee! or backgammon sets. They use what’s called Precision Dice. Gaming dice are cheaply made and importantly, they are not random. Gaming dice have rounded edges and pips. The little dots cut out from each side to form its numerical value. This produces an uneven balance as the “six” side has more pips (less material/weight) than the “one” side. 
Because of this, pips and rounded edges can skew the randomness pretty heavily:

“Afterwards we calculated the results and the Chessex and GW dice averaged 29% ones. Mind you that this is an average and our high was 33 and our low was 23. We removed any statistical anomalies and came up with 29%. Game room logic, a poor source of anything, would dictate that the side with the one is heavier and would therefore be on the bottom more. Unfortunately this is just not true, take popcorn or batholiths as an example. The 6 is too light to stop the momentum of the die, the rounded corners cannot prevent the die from turning due to the weight. In the end 1s are by far the most common result. On a 6 sided die any given number should appear 16.6% of the time, the Vegas dice were dead on and the square dice with pips were pretty close, only displaying a 19% ratio for ones.”

~That’s How I Roll – A Scientific Analysis of Dice

Using those dice might be fine for board games with family, but not for making the keys to my house.

Only precision dice, used correctly, are truly random. For our science and math whiz readers, I’ll note the 2012 study examining whether dice are truly random or chaotic, but such debates are beyond my expertise.

[snip]

Comments closed.

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s