How to significantly decrease the randomness of your newly generated seed phrase

[witcher_sense]

You could also pick all 12/24 words and have the software just change the last one to the appropriate word with the correct checksum. Either way you are still manually picking your entropy so it is terrible decision, even if you are picking from a random subset (in the case of rolling 100 dice).

Some wallets (Bluewallet is one of them if I am not mistaken) allow you to combine the methods with which entropy is generated. For example, you can use coins, dice of a different number of sides, and software random number generator to create a single seed. You can combine these methods, use them in different orders, etc. But I consider this method less safe when compared with hardware wallets.

[DaveF]

7 piece of 120 sided dice? At this point, i would just use the money to buy a hardware wallet and keep the change.

True, but they are re-usable forever. No hardware updates, etc.
Also, this seems to be turning into a bit of a thought experiment. Which is good. Someone, ColdCard, Who I like, came up with a dumb marketing idea. Lets work on a better one, that does not have to be marketed.

By the time you get up to a 120 sided die, you are on 6.9 bits of entropy per roll, meaning you only need 19 rolls to generate 128 bits of entropy. At that point, it's going to be far easier to just roll 19 times than mess around with colors and orders.

But messing around with dice is fun. Unless you are in a casino playing Craps, then messing with the dice will get you thrown out :-)
Yes, the larger number of sides does let you roll less. But I figure if you are going to do it with dice then go all the way and use as much entropy as possible.

-Dave

[suchmoon]

7 piece of 120 sided dice? At this point, i would just use the money to buy a hardware wallet and keep the change.

True, but they are re-usable forever. No hardware updates, etc.

Wouldn't we be bumping into the limits of cheap plastic molding tolerances with such a dice?

Rolling a bunch of six-sided dice and just counting them left-to-right top-to-bottom seems better than any complication TBH. Don't need to buy a 100 either, just grab what you can find in the board games laying around, or if you're one of the cool kids who doesn't play board games... well, toss a bucket of coins on a tile floor.

[Dabs]

The biggest reason to stick to "normal" 6 sided dice is that plenty of companies make them in "casino grade" transparent colors with sharp edges. This minimizes any bias and prevents cheating. The casino rules also prevent cheating. You have to roll the dice across the table and it has to bounce back to be counted.

In practice, just bounce your own dice without looking at it for a few seconds and you'll be fine.

For most normal people, rolling 100 times or rolling 100 dice one time is good enough provided you have all other physical security in place.

For the issue of rolling 100 dice all at once, you can probably get a large enough box to put them in, then shake a little until they are semi-lined up at the bottom. They will be in some sort of order which you can then use, left to right, top to bottom.

You could also just get your 100 dice, throw them across the room, and use a stick to collect them, they'll be in a semi-random order.

It would be fun to roll 100 different colored dice, then take a picture of it, export the RAW file, and hash that.

This, in addition to any other entropy your hardware already generates from the OS, mouse movement, etc.

[DaveF]

Someone pointed out to me a few decks of cards will also work quite well.
Pull out all the J - Q - K and shuffle well.
Pick the top "X" cards from "Y" decks and then shuffle well and do it again.

There are a lot of ways to do it if you want to avoid the electronic ones.

-Dave

[o_e_l_e_o]

Ian Coleman's site (https://iancoleman.io/bip39/) will let you use all the cards from a full deck. Just click on "Show entropy details" an then click on "Card" on the right hand side, and enter the number and suit of each card you draw. It works by assigning some cards 5 bits of entropy (32 possible combinations), some cards 4 bits of entropy (16 possible combinations) and some cards 2 bits of entropy (4 possible combinations), for a total of 52 possible combinations. If you simply shuffle a full deck of cards and then draw all the cards, you will therefore reach 232 bits of entropy, so it leaves you a bit short for 24 words, but is enough for 12, 15, 18, or 21 words, but doing so is not entirely random since you are forcing the use of each card exactly once.

Better as you say to shuffle the deck after a set small number of cards and start again.

[Dabs]

Raffle stubs, Cards in a deck, Dice, Coin toss ... Dice is the one that makes the most sense, and if you really want or need a little "overkill" then just roll a few more times. Roll 101 times > more than 256 bits worth then feed it through a 256 bit hash function. I would not completely dismiss electronic ones (the hash function is not practical to be hand computed.)

6 sided Casino Grade dice would be your "gold" standard (bitcoin standard?) since casinos handle millions of dollars and obviously they do not want to be cheated. You can have your own lottery ball machine at home but it would not be practical.