dicendo: dice passwords

dicendo is an offline password generator that derives high-entropy passwords from physical randomness, such as dice rolls or shuffled playing cards, instead of software random number generators.

The application is designed for users who prefer transparent and verifiable randomness over opaque system RNG implementations.

dicendo runs entirely offline and performs a deterministic transformation from user-entered physical input to the final password.

No hidden entropy sources are used.

🎲 Design Philosophy

Most password generators rely on operating system RNGs whose internal state and entropy sources are not visible to the user.

dicendo takes a different approach.

Entropy is supplied explicitly through physical dice rolls or card shuffling, then deterministically converted into password material.

This provides:
• transparent entropy source
• reproducible password generation
• independence from platform RNG implementations
• fully offline operation

The transformation algorithm is publicly documented and verifiable.

✨ Entropy Model

A single roll of a six-sided die provides about log₂(6) ≈ 2.58 bits of entropy.

Strong passwords typically require 80–100 bits of entropy, which corresponds to roughly 30–40 dice rolls when using face values only.

dicendo can combine multiple independent dice inputs:
• dice faces (1–6)
• dice orientation (N / E / S / W)
• the order of numbered dice (a permutation)

It can also generate passwords from the order of a shuffled deck of playing cards.

Combining dice faces, directions, and order allows significantly more entropy to be extracted from fewer dice.

Example configurations:
• 36 dice, faces only: about 90 bits of entropy, about a 14-character password
• 12 dice, faces + directions + order: about 84 bits of entropy, about a 13-character password
• shuffled 52-card deck: far more entropy than needed for a normal password

🔐 Key Features

• fully offline password generator
• no internet permission required
• deterministic and verifiable algorithm
• high-entropy password generation from dice or cards
• selectable output alphabets
• context-aware keyboards to reduce input errors
• configurable active card deck
• optional encrypted password history
• optional splitting of very long saved passwords
• encryption backed by Android Keystore (AES-GCM)

All password data remains on the device.

🛡️ Security Model

dicendo does not transmit data and does not depend on external services.

Passwords are not stored by default.

If password history is enabled, entries are encrypted using:
• AES-GCM encryption
• Android EncryptedFile storage
• keys managed by Android Keystore

👤 Intended Users

dicendo is designed for users who:
• prefer physical randomness over software RNG
• require high-entropy passwords
• work in security, research, or regulated environments
• need a fully offline password generator
• want a transparent and auditable password-generation process

⚠️ Operational Security

Password strength ultimately depends on the entropy of the physical input and the number of independent outcomes used.

dicendo provides a deterministic transformation from entropy to password. The quality of the entropy source remains under the user’s control.