My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice.

I needed to update my passwords. I have long had a bad habit of using a funny little personal "system" for creating passwords–you may have one, too–but I knew it was outdated and insecure.

There is much about my life online that I have no control over. But one small thing I have absolute control over is my password. Passwords must be strong, easy to remember, and they must be routinely changed. Fail any of those three requirements, and the results can be devastating.

When I read Cory's recent post about creating strong, easy-to-use passphrases with a method that involved actually rolling physical dice, I knew I had to try it out.

The so-called Diceware Method seemed like a great security tool, but it also spoke to me on a personal level. I feel a real affinity for old-school Vegas and craps. It's in my blood. My mom and dad often brought me "cancelled" casino dice when they returned home to Brooklyn from trips to Las Vegas back in the day. Holding casino dice in my hands today invokes a feeling of fond nostalgia.

swirling die 30

Precision balance

Casinos do not use the same kind of dice that come in Yahtzee! or backgammon sets. They use what's called Precision Dice. Gaming dice are cheaply made and importantly, they are not random. Gaming dice have rounded edges and pips. The little dots cut out from each side to form its numerical value. This produces an uneven balance as the "six" side has more pips (less material/weight) than the "one" side.

Because of this, pips and rounded edges can skew the randomness pretty heavily:

"Afterwards we calculated the results and the Chessex and GW dice averaged 29% ones. Mind you that this is an average and our high was 33 and our low was 23. We removed any statistical anomalies and came up with 29%. Game room logic, a poor source of anything, would dictate that the side with the one is heavier and would therefore be on the bottom more. Unfortunately this is just not true, take popcorn or batholiths as an example. The 6 is too light to stop the momentum of the die, the rounded corners cannot prevent the die from turning due to the weight. In the end 1s are by far the most common result. On a 6 sided die any given number should appear 16.6% of the time, the Vegas dice were dead on and the square dice with pips were pretty close, only displaying a 19% ratio for ones."

~That's How I Roll – A Scientific Analysis of Dice

Using those dice might be fine for board games with family, but not for making the keys to my house.

Only precision dice, used correctly, are truly random. For our science and math whiz readers, I'll note the 2012 study examining whether dice are truly random or chaotic, but such debates are beyond my expertise.

Precision- but not random

Precision nonrandom numbers – "No roll!"

Interesting: Precision dice are made with rounded/beveled edges too– for high-end backgammon!

anatomy of casino die

General attributes of precision casino dice

Casinos take infamous care when it comes to protecting the house odds. Precision casino dice are designed and manufactured strictly to ensure perfect balance and true randomness on every roll. Precision dice come in various sizes depending on the country and casino's requirements– most commonly a 3/4 inch or 19mm cube. Made with "Razor" (sharp) or "Feather" (rounded/beveled) edges, they come in a variety of colors with a "Polished" (gloss) or "Sanded" (satin) finish, (making them transparent or translucent respectively).

Precision dice do not have pips. Instead they're called "spots"– shallow borings drilled into the die, like pips, that are then filled-in with a special paint of equal density, bringing the die's weight and balance back to par. Each set gets a serial number and can be custom monogrammed to a casino's specs.

Standard casino practices add security: all dice used on a casino floor are issued and retired with that particular workshift (every 4-8 hours). After each shift, the dice are then "canceled" by having a hole drilled though them (randomness is lost) to be sold in the gift shop. Casino precision dice that are still valid can be harder to find.

Paul-son Dice Manufacturing Process Paul-Son precision dice manufacturing process.

Digging deeper, I found that genuine precision dice are made for and sold to casinos by few companies, with the main players being: GMI's Paul-Son, and Midwest Game Supply. Midwest has been around since 1945, and their "Certified Perfects" are the only precision dice manufactured in the U.S.A.

Legit Paul-Son dice at retail can be hard to find, and Midwest only sometimes directly retails dice overruns. At the time of this blog post, I can easily find Midwest Game Supply's American made Certified Perfects, in their classic Gold Sleeve sets of 5, right on Amazon ($16). They come with free shipping via Midwest's client, Gambler's General Store, a local Las Vegas supplier who special-orders them for retail.

midwest_dice27 Midwest Game Supply's Precision Dice from Gambler's General Store via Amazon

I went with the classic polished reds to blow on (there's a bit of a street superstition in me). Mine arrived in the mail quickly: a double bubble-wrapped stick of dice in the company's signature Midwest gold foil.

As I unwrapped them, I had that feeling of being a child opening a new toy. Wide-eyed in anticipation, undoing the foil, I saw the dice gleaming in the light. They looked majestic. They looked like the kind of tool that a guy like me could use to generate strong crypto.

Security is no game. These are serious dice.

midwest_dice04 Unwrapping the signature "Gold Foil"

Each die has an engraved gold serial #148 on it, and is crystal-clear transparent red. The dots are smooth and seamless to the touch. The edges are, as the name implies, razor-cut, with sharp-to-the-touch pinpoint corners. They are smooth, and in their own way, genuine works of art. Call me a geek– but a symmetrically cut, perfectly balanced, and highly polished transparent red cube, with an ancient human history, is pretty cool.

midwest_dice18 Midwest's "Certified Perfects" from Amazon

These puppies are big and heavy. Three-quarter inch cubes coming in at about 9 grams each, or 46g all in the wrapped packet. They have a solid presence about them that scream "Let's Roll!" And given all the data breaches lately, me and my data are gonna need all the random Lady Luck we can muster.

Precision dice are not board dice. You can't just roll them on across your kitchen table. To ensure their randomness, they have to tumble a certain distance and/or bounce off a vertical surface at least once, like the walls of a crap table. Oh, and speaking of craps: if a craps player shoots the dice and they do not bounce off the table and a wall, it's the stickman's decision to disqualify the toss, shouting "No Roll".

Don't roll these high quality dice across your floor, or against a wall like you're on a street corner. I know it looks cool, and you may have seen people doing that in rap videos or whatever. But just don't. They can chip easily on hard surfaces, which ruins their randomness. Casinos have plenty of cushioned felt to roll dice on, but at home you can safely roll them with a board game dice cup (think: Yahtzee!) or a simple shoe box. I was lucky and found a nice felt-lined shoe box in my closet that worked perfectly.

midwest_dice25 A shoebox was my craps table.

Being security-minded, I always check for updates. It looks like the Diceware method got a bump-up to 6 words for general usage. This actually makes your passphrases stronger yet easier to remember. Considering writing's rule-of-three, 2 groups of three words should be more effective than one group of five words. Nice, for us.

midwest_dice22 History, art, science

With Diceware, you create five digit numbers with dice to match up to words on the Diceware list or the alternative Beale list (contains fewer Americanisms and obscure words). You can roll one die five times, five dice once, or any combo therein to create a five digit number. I threw all five dice into the shoe box and gave them a good shake and swirl–10 shakes is the recommendation. Then I leaned the box to one side settling the dice and opened the box to reveal my five-digit number with which to look up a word.


Shake, rattle, random

That's it. Just repeat and match up your six, five-digit numbers to the Diceware word list, and you're done! Don't like the passphrase? Still too clunky to remember? Roll again, it only takes a minute!

dice words

The idea of figuring out a new way to create secure passwords and putting that into practice felt like an intimidating hassle before. With Diceware, and these cool dice I found, I have an easy, fast, fun DIY way to do it.

Learning more about dice just drew me in deeper. Legitimate casino precision dice aren't commonly used, but they're very cool little toys to have around. I'd recommend their purchase for that enjoyment alone. The security is a bonus.


Midwest Game Supply's Polished Red "Certified Perfects" are available in sticks of 5 dice with free shipping on Amazon for $16. They also come in Polished Amber, Sanded Red, or Sanded Green.