
‘DiceKeys’ creates a master password for life with one roll - headalgorithm
https://www.wired.com/story/dicekeys-cryptography/
======
tripletao
What's the benefit of this? You have to trust the website to faithfully scan
the dice and not send their state anywhere else. If you trust the website,
then you could just wiggle the mouse for entropy to seed a cryptographically-
secure PRNG, generate a password in the usual way, and write the password down
(or memorize it, or print it, or print it as a QR code if the scanning is
important, etc.). That seems equally secure, and more convenient than carrying
a set of dice with me everywhere I go.

And of course a YubiKey or equivalent is the real answer. I'm trusting the
developer there too, but I get a nice compact package that fits on my keyring,
and a secret that never goes outside that package.

~~~
markstos
I like the physical nature of it. Cryptography is so abstract. I like idea of
master password generating code device being a physical object.

~~~
cactus2093
The physical route is a good idea, but if you're going to do it there's no
reason to introduce a weak link in the chain of having an app scan the dice.
You can just get a set of 5 dice and do the lookups yourself using a word list
like this [0].

[0] [https://www.eff.org/deeplinks/2016/07/new-wordlists-
random-p...](https://www.eff.org/deeplinks/2016/07/new-wordlists-random-
passphrases)

~~~
dicekeys
The author of that post is on the DiceKeys advisory board.

At some point, you're going to feed the entropy source into software. Having
the app be part of your trusted computing base reduces the chance of a data-
entry error that could leave users forever without their data.

~~~
cactus2093
Feeding the entropy source into software might take many different forms
depending what is the password to (e.g. login/full disk encryption key on your
computer, password manager master password, password to a specific online
service, etc). For most uses you'll have to enter it as text, and have to
enter it multiple times, potentially on different devices that you are
accessing the service on.

For almost any real-world use case, memorizing the password and typing it in
on a keyboard is pretty much a necessity. There are many kinds of inputs that
don't allow another software like DiceKeys to enter the secret, so I'd still
definitely rather stick with the simpler, human-readable option.

------
motohagiography
It's a really clever idea with technical merit. More practical than the old
lava lamp CRNG. It's an entropy source, and I think there are an infinite
number of possible variations on what I'm calling "entropy rituals," which may
or may not generate a sufficiently large field that mitigates brute force
attacks.

In its favour, good, exogenous entropy mitigates part of post-hoc decryption
attacks and wrecks the economics of passive bulk interception and
surveillance. It means that threat actor needs to a) use direct attacks on
user endpoints, b) sabotage algorithm implementations to truncate keys or c)
bias the entropy source with loaded dice (because everybody knows...) or
longshot d) use a TAO-like operation to add dice with duplicate facets from
other cubes to dice kits in transit to reduce the total field size, which
would be easily discoverable, but chalked up to a "printing error."

------
oasisbob
So at first glance, this is vaguely like Diceware, you just don't stop
"playing"?

[http://world.std.com/~reinhold/dicewarefaq.html](http://world.std.com/~reinhold/dicewarefaq.html)

------
GekkePrutser
It's not the only option if you don't like a master password.

I use passwordless (GPG keys on an Yubikey) with a PIN code. The PIN can even
be replaced by biometric soon. This is the way forward IMO. No more passwords
at all, even master ones. If you turn on the tap-to-sign function on the
yubikey you can also protect yourself from malware 'milking' your entire
password database while the key is inserted. Of course I create the secrets
on-key as is best practice.

Of course losing the token is an issue, but I have multiple and each password
is encrypted against each of them.

I like this idea though. But I don't like that anyone who has a picture of the
dice can generate the passwords. And I don't like leaving my password managers
logged in all the time. It wouldn't work for my desired level of security,
though I can imagine users who do leave their PW managers logged in, would be
happy with it.

~~~
taneq
> No more passwords at all, even master ones.

Then... how do you prove you're you? And not merely someone who has your
physical body in their possession?

Edit: Obligatory "biometrics are usernames, not passwords."

~~~
masukomi
passwords don't prove you're you either. They just prove you're someone or
something that knows the appropriate password.

~~~
taneq
Yeah but if you're reasonably good with security, they at least prove you were
conscious and present when someone logged in.

~~~
tatersolid
No they don’t. See “rubber hose cryptography”, shoulder-surfing, hidden
cameras, keystroke loggers, phishing.

------
doctoboggan
I like the idea of this, however I do not like that you are expected to keep
the master key in your drawer somewhere. It’s like writing your master
password on a sticky note and putting it in a drawer.

I know there is always a risk of forgetting your master password but keeping
it only in your brain gives you the most protection. I suspect law enforcement
would have an easier time compelling you to give up your DiceKey object than
forcing you to repeat your brain key. However I am not a lawyer and would be
interested to hear more from those who know more about this kind of situation.

~~~
ocdtrekkie
> It’s like writing your master password on a sticky note and putting it in a
> drawer.

People should do this, and people should stop telling other people it's bad
security to do this. And then people should stop using password managers.

The idea that the sticky note is bad is hilariously old school, and the result
has been everyone putting their passwords in cloud-stored apps instead, which
is 10,000% worse than a sticky note.

Remember: If it's on the Internet, your potential attacker is "every human on
earth". If it's on a sticky note, your potential attacker is "everyone who can
get access to the physical place you keep it". The former will always be an
increasing number of billions of Internet users. The latter can be reduced to
one or two if you store your sticky note somewhere very secure, like a safe or
security deposit box.

Also, for added security... just lie on your sticky note. It doesn't have to
be a high entropy lie to befuddle people.

~~~
ViViDboarder
Encryption is a thing. If we can’t trust encrypted data then security the
password is worthless anyway as everything is owned.

This is why password managers are generally considered secure. They store only
client side encrypted blobs and do not store or know your master password.

Like you, I have no concerns with storing your master password on paper in a
locked drawer or something, but it’s unrealistic to securely store post its
for every password you need as well as have them readily accessible.

~~~
ocdtrekkie
Readily accessible to you is readily accessible to hackers. People should re-
evaluate how many things they must have access to everywhere they go.

For example, my 2FA tokens are backed up in physical storage. This means if
I'm traveling and I lose my phone, I don't have access to them until I get
back. But that's a lot safer than leaving them somewhere others can access
them too.

~~~
ViViDboarder
Hackers don’t have quantum computers to crack my password vault.

------
dwpdwpdwpdwpdwp
This is pretty cool. But you do need to trust their website and app, and your
scanning device.

Also, the website says you get about 192 bits of entropy. It's been a while
since I did any combinatorics. It seems you should have 25! * ((6 * 4) ^ 25)
possible dice rolls. 25! combinations of dice placement times (6 face up
possibilities * 4 rotational possibilities) for 25 dice.

Python gives:

import math math.factorial(25) * (6 * 4)^25

496508538648719564809316402287439226010265627463254016000000

2^196

100433627766186892221372630771322662657637687111424552206336

~~~
mmastrac
They divide by four as there's a "canonical" direction to read the dice. See
"Security Strength" at [https://dicekeys.com/](https://dicekeys.com/)

~~~
dicekeys
Correct. We believe a two-bit reduction in strength is a small price to pay to
ensure you get the same key even if you scan the box at a different
orientation (e.g. up-side down).

We could have designed the software to try to recognize the top of the box,
but the box for the steel version may look very different (or not be what
you'd think of as a box at all.)

------
causality0
I just use 1337-speak versions of lyrics from bands I like that vaguely remind
me of the subject matter for whatever I'm using the password for. I can't
forget a password because I don't actually have to remember them, just be able
to derive them using my personal ruleset. Excepting where data breaches or
security policy forced a change, I haven't had to reset a password in over a
decade.

~~~
doctoboggan
Rules like that lower the entropy orders of magnitude compared to the truly
random processes described in this article. Probably still enough entropy to
give you good protection, but maybe not enough from a motivated nation state
or multination corp.

~~~
phre4k
Surely a box with some plastique cubes in it will protect you from these
nation states.

It's not like they're buying a $5 wrench or anything.

~~~
doctoboggan
Sometimes there is value is cracking someone’s password without them knowing.

------
zxcvbn4038
This is cute and might work around the house, but I wouldn’t entrust anything
serious to it. As soon as your traveling and don’t have it, or your kids
rearrange it, or someone else gets a picture of it, then it the novelty is
definitely gone.

You could just as easily use a deck of playing cards or to construct a
password and it would have exactly the same issues.

Yubikeys win the day again and again, I just more sites support them. The
financial sites that would benefit most are still stuck on easily spoofed SMS
authentication - if they even have that.

------
valera_rozuvan
The site [1] of the app is quite simple. Actually it's refreshing to see such
minimalism :)

\----------

[1] [https://dicekeys.app/](https://dicekeys.app/)

~~~
valera_rozuvan
For the adventurous, see the page source!

~~~
ChrisSD
And take a look at the 4.8MB javascript file.

~~~
prophesi
I'm assuming that's due to needing both crypto polyfills and opencv?

~~~
dicekeys
OpenCV, but for crypto we use an open-source crypto library built on top of
lib-sodium.

[https://github.com/dicekeys/seeded-crypto-
js](https://github.com/dicekeys/seeded-crypto-js)

------
russfink
What they need with this is a human computable function that can take a short
nonce and combine it with the arrangement of rolled dice to produce a secret
value. This eliminates the problem of the trusted scanner. It also allows the
same dice arrangement to be used for different services. If you are ever at
risk of compromise, just simply discard the dice.

~~~
dicekeys
And if you can demonstrate that there are functions are computable by a user
community that would benefit from them, it would make a fantastic submission
to the Symposium on Usable Privacy and Security (SOUPS).

But, most people are trusting software at some point. We're making sure our
software is small and relatively simple so that you can audit it. That's one
of the reasons why we don't take dependencies on Google's Tessearact OCR
engine, or on frameworks like React. (The one big dependency we haven't
removed is OpenCV.)

~~~
ViViDboarder
One of my concerns would be durability of the software over time. In 20 years
from now, will the site still be running? Will I need to hunt down old
hardware or dependencies to regenerate my key?

~~~
sliken
The mapping seems pretty straight forward, I don't see why it couldn't be
manually done.

~~~
dicekeys
You can, in fact, do it manually. T4r means letter T, digit 4, facing right.
The directions are 't', 'r', 'b', 'l' (top, right, bottom left), which makes
for a mnemonic you can follow with "right here in river city".)

Before you transcribe, just rotate the box so that the first letter in the
alphabet appears in the top left, than read in English order (left to right,
then top to bottom).

The crypto library: cpp: [https://github.com/dicekeys/seeded-
crypto](https://github.com/dicekeys/seeded-crypto) ts/js:
[https://github.com/dicekeys/seeded-crypto-
js](https://github.com/dicekeys/seeded-crypto-js)

~~~
ViViDboarder
Neat! Thanks for sharing.

------
jnwatson
This isn't a whole lot different than `cat /dev/urandom | base64 | head -c
33`, printing it out, and laminating it.

~~~
doctoboggan
The difference here is that there is virtually no way for there to be a bug,
virus, malware, keylogger, etc that might break the _true_ randomness of the
dice roll where all those are a possibility for the computer generated
version.

~~~
teddyh
I feel that the risk of my /dev/random being broken is _much_ lower than some
random website being intercepted or assimilated.

~~~
doctoboggan
The website is just an easy way to transfer the random numbers to your
computer (which you arguably shouldn’t use if you need something like this.)
The actual randomness generation is the dice roll, which is less likely to be
broken than your /dev/random (which is probably not broken and totally fine to
use)

~~~
teddyh
I’m not comparing my /dev/random to my dice roll. I’m comparing the likelyhood
of my /dev/random being broken to the likelyhood of the website being
intercepted or assimilated when I use it.

------
jmole
WTH - why would they use a shitty plastic box to hold them? Drop the box, dice
fall out, lose access to all your secrets?

~~~
BitwiseFool
No worries my friend, I will sell you some hot glue to keep those dice in
place. I'm working on the Kickstarter for it as we speak!

------
orblivion
> It's "toddler-proof,"

Not a parent, but this is one of the first things I thought of.

------
mastre_
At the very least it's a really cool talking point and way to lead into
crypto, esp. when talking to kids about it. And some cool dice ;)

------
someonehere
I love supporting small security initiatives like this to bring more attention
to these cool concepts. Ordered the two dice sets and four keys.

------
triangleman
So you roll the dice and then leave them in the case and never roll them
again?

~~~
elteto
If you want to be able to recover _that_ key at some point.

------
dsp
[https://dicekeys.com/](https://dicekeys.com/) may be more useful than the
paywalled article.

------
hiccup
I feel like his t-shirt is on backwards in the video. Does that add to the
geek cred?

~~~
dicekeys
It's my daughter's shirt. She didn't approve of any of my shirts. The front
has Bugs Bunny.

