“Diceware” is a technique for making secure passwords without using a computer. If you’re here, you probably know how it works. Roll some dice to get a bunch of five-digit numbers, then look up each number in a word list. These words form a secure, memorable, random passphrase — without using or trusting any software. (Here’s more detailed info)
So what you’re looking at here is a dice word list in book form. Sure, you could just download the word list and scroll around on your computer screen, or print it out on your inkjet. But the book is great because:
- It’s a book. Easier to use, store and carry than a loose sheet of papers from your printer. And it's a hardcopy, so using it keeps your computer out of the password-making process — more in the spirit of Diceware.
- It’s compact. Basically an A6 — close to the same size as a Beatrix Potter book or a Hobonichi Techo planner. It fits nicely in your hand and is easy to flip through.
- It’s cheap. $6.00 at Amazon (with free shipping for Prime members!). I donate half of all the miniscule profits to the EFF.
- It has a nice design. It’s typeset in Halyard Micro, a beautiful, modern font designed for reference texts and tabular data (it looks pretty sharp in display sizes as well — check out the headings on this page). Dice-style page headings help you quickly flip to the nearest two pages to your number, and there is a visual break in the list every time the second digit changes.
You should know: the dice that come with your Yahtzee and your board games are heavily biased in favor of the number 1, due to the weight imbalance caused by their hollowed-out pips and their rounded corners.
If you’re rolling dice for security, you should at least consider buying translucent, high-precision casino dice.
Not only do they look cool, they are nigh-perfectly balanced, and you can see for yourself that there were no air pockets or other manufacturing problems. Only precision dice are truly random.
- How many words do I need?
- These days: Best to go with at least six. Maybe seven. Arnold Reinhold has the long answer.
- If I buy this book, won’t the government know exactly how I’m making my passwords?
- Probably? But the beauty of the dice word list system is that it doesn’t matter. Even if an attacker knows the exact list you used, and even if they know for sure you used (for example) a five-word passphrase, made up of all lowercase letters separated by spaces and no other punctuation, they are still looking at 26 quintillion possible passphrases.
- I don’t like Amazon. Can I order directly?
- You sure can. Just email me at my ProtonMail address and tell me your address and preferred payment method and we’ll get something worked out. It will take a little longer to get your book, but hey, you probably knew that already.
- Is it legal for you to be selling the EFF’s wordlist?
- Yes! The EFF makes their wordlist available under the CC-BY 3.0 license which allows for commercial redistribution. They confirmed this to me via email before I published this book. Donating 50% of profits from book sales is something I’m doing on my own — it’s not that they requested it, it’s that they totally deserve it.
See also my blog posts about how I made this book and why I made this book.