Generate a Seed Phrase Using Dice: A Secure Offline Method

In the world of cryptocurrency, securing your private keys starts with one critical component: the seed phrase. Most wallets generate this phrase automatically using software-based random number generators—but what if that process isn't as random as you think? Enter a powerful, low-tech alternative: generating a BIP39 seed phrase using dice.

This method offers an air-gapped, offline approach to entropy creation, eliminating reliance on potentially compromised devices or flawed algorithms. By rolling physical dice, you introduce true randomness into the process—something even advanced computers struggle to achieve.

Let’s explore how you can use simple dice to create a cryptographically secure seed phrase, why this method surpasses digital RNGs, and what steps ensure your process remains safe from start to finish.

Why Use Dice for Seed Phrase Generation?

When generating a seed phrase, the foundation is entropy—a measure of randomness. The stronger and more unpredictable the entropy, the more secure your seed phrase.

Digital wallets typically rely on pseudo-random number generators (PRNGs), which are deterministic algorithms seeded by system inputs like mouse movements or timestamps. While convenient, these systems have vulnerabilities:

• They depend on the integrity of the device and its software.
• Historical flaws in PRNG implementations (e.g., the 2008 Debian OpenSSL bug) have led to real-world breaches.
• Malware or surveillance could compromise the generation process.

Using dice bypasses all digital risks entirely. Rolling dice introduces true physical randomness, influenced by countless uncontrollable variables: hand motion, surface friction, air resistance, and more. This makes prediction nearly impossible—even for powerful adversaries.

👉 Discover how offline entropy generation strengthens crypto security

How Random Is Rolling Dice?

Imagine tossing a pair of six-sided dice. Can anyone consistently predict the outcome? No—because each roll involves too many chaotic physical factors to control precisely.

Even with identical force and angle, microscopic differences ensure varied results. That’s why casinos trust dice games: they’re statistically fair over time. The same principle applies here—your rolls produce high-quality entropy.

For cryptographic purposes, we need enough entropy to match the 128-bit security level required by BIP39 (with an additional 4-bit checksum). A well-designed dice method easily meets this standard.

What Kind of Dice Do You Need?

To efficiently map dice rolls to the BIP39 word list (which contains 2048 words), this guide uses a specific combination:

• Two 20-sided dice (D20): One acts as an indicator die, the other provides part of the word index.
• Two 10-sided dice (D10): Together, they form a D100 roll (00–99), representing the last two digits of the word index.

This setup allows direct mapping from dice results to BIP39 word indices (1–2048), minimizing calculation errors.

Pro Tip: Test your dice for balance. A simple saltwater float test can reveal manufacturing defects. Drop the die in salty water and spin it—if it consistently surfaces with the same number up, it's biased.

Preparing Your Environment

Before rolling, prepare a secure workspace:

✅ Essentials:

• Pencil and paper: Use pencil so you can erase or destroy notes cleanly.
• BIP39 word list: Download from a trusted source like the Bitcoin GitHub repository.
• Offline computer: Required only for checksum verification. Use an air-gapped machine or a live OS like Tails.

🔐 Security Practices:

• Work in a private, camera-free space.
• Ensure no one can observe your rolls or notes.
• After completion, destroy all written records by shredding or burning.

👉 Learn how hardware wallets protect your seed phrase during setup

Step-by-Step: Generating Your Seed Phrase

Step 1: Establish Reading Rules

Decide how you’ll read each roll—e.g., left to right—and stick to it. Consistency prevents human bias.

Step 2: Understand the Dice Rules

• Indicator Die (D20): If it shows 1, ignore the second D20 and treat the first two digits of the word index as "00".
• Main D20: If the indicator isn’t 1, this die gives the first two digits (e.g., 8 → "08").
• D100 Roll: Always provides the last two digits (e.g., 79).

Combine them into a four-digit number between 0001 and 2048—the corresponding word index on the BIP39 list.

Example Rolls:

Repeat this 12 times to get your initial word indices.

Calculating the Checksum: The Last Word

The 12th word isn’t fully random—it includes a 4-bit checksum derived from the first 11 words’ entropy.

You have two secure ways to find it:

Option 1: Guess the Last Word (Recommended)

• Identify which 16-word block in the BIP39 list contains your tentative 12th word.
• Try each of those 16 words as the last word using a hardware wallet in recovery mode.
• Only one will validate successfully.

This keeps your seed phrase completely offline.

Option 2: Use an Offline Script

Run a trusted script in a browser console on an air-gapped device:

function checksum12words(data) {
  if (data.length != 12) return console.log("ERROR: Need 12 words numbers as input")
  let binstr = (s,l =8) => s.toString(2).padStart(l,'0')
  let tohex = (bytes) => bytes.map( x => x.toString(16).padStart(2,0) ).join('')
  let bytes = data.map( x => binstr(x - 1, 11)).join('').match(/.{1,8}/g).map( x => parseInt(x, 2))
  if (bytes.length != 17) return console.log("ERROR: Something is wrong, check your input")
  bytes.pop()
  console.log("Entropy is :",tohex(bytes))
  window.crypto.subtle.digest("SHA-256", new Uint8Array(bytes).buffer).then( x => {
    let hash = new Uint8Array(x)
    let cs = binstr(hash[0]).match(/.{1,4}/g)[0]
    let bits = [binstr(bytes[15]),cs].join('')
    console.log("Your 12th word index is: " + (1+parseInt(bits.substr(1),2)))
  })
  return "OK"
}

Input your 12 tentative numbers:

data = [101, 502, 962, 1400, 1607, 1817, 1090, 1827, 820, 1334, 156, 1073]
checksum12words(data)

The output gives you the correct final word index—e.g., 1078.

After use, clear console history and restart the machine.

Frequently Asked Questions

Q: Is rolling dice really more secure than software RNGs?

A: Yes—because dice provide true randomness without dependency on potentially flawed or compromised code. Software RNGs are pseudo-random and can be predictable if seeded poorly.

Q: Can I use regular six-sided dice?

A: Technically yes—but you’d need many more rolls to reach sufficient entropy. The D20 + D10 method is optimized for speed and accuracy with BIP39.

Q: What happens if I make a mistake during rolling?

A: Simply start over. Accuracy is crucial. Each roll directly impacts your wallet’s security.

Q: Do I need to keep the paper with my seed phrase?

A: No—only after securely backing it up using a trusted method like metal storage. All temporary papers must be destroyed immediately.

Q: How do I verify my seed phrase works?

A: Use a hardware wallet’s “restore” function or an offline tool like Ian Coleman’s BIP39 generator (run locally). Never enter it online.

Q: Can someone guess my seed phrase if they know I used dice?

A: No—knowing the method doesn’t reduce security. With proper technique, there are still over 2^128 possible combinations.

Final Steps: Secure Backup & Cleanup

Once you have your verified 12-word seed phrase:

• Write it permanently on a fireproof, waterproof medium (e.g., metal backup).
• Store copies in geographically separate locations.
• Destroy all temporary papers—including drafts and discarded attempts.
• Wipe any digital traces (browser caches, temporary files).

Your seed phrase is now secure—and entirely under your control.

👉 Explore secure crypto storage solutions that support manual seed import

Core Keywords

seed phrase, BIP39, dice entropy, offline wallet, cryptographic security, random number generation, air-gapped, checksum

By following this guide, you’ve taken one of the most proactive steps possible toward owning your crypto securely. No third-party trust. No digital exposure. Just math, physics, and peace of mind.