Frequently Asked Questions

SoloKeys supports this feature on SoloKeys hacker editions (v1) using firmware you can download from https://github.com/conorpp/solo-dicekeys/releases/tag/5.0.0. SoloKeys shipped with DiceKeys come with this firmware pre-installed. For questions about this firmware, you can reach SoloKeys at hello@solokeys.com.

To scan your DiceKey into the DiceKeys app for MacOS or Android, load in your DiceKey, choose the "SoloKey" option on the bottom tab (look for the picture of a SoloKey), insert your SoloKey, and follow the instructions from there.

If you only have a Windows PC, we have provided a command-line tool for seeding your SoloKey. We'll soon update our web-based app to provide the seed from your DiceKey for you to copy to the command line. After that, we'll start working on a full windows app.

We are unable to offer the seeding via iPhones, iPads, or the web-based app.

We cannot offer seeding on iPhones or iPads as Apple prohibits iOS apps from accessing any USB device directly. We cannot offer seeding via the web app, as browsers are current blocking communications with security keys specifically.

We disclosed this limitation in an update to backers while orders could still be cancelled, but are sorry that we e were not aware of these limitations during the campaign. The limitations on USB devices on iOS are not clearly documented by Apple. The Chrome team only documented that they block communications with security keys after we filed a bug with them.

No, but any company that makes FIDO2/WebAuthN security keys can adopt our our open standard for seeding security keys. For now, you will need choose from those SoloKeys with firmware that is DiceKeys compatible with this standard, such as the ones shipped as part of our Crowd Supply campaign with the SoloKeys team, or the v1 hacker editions upgraded with firmware from https://github.com/conorpp/solo-dicekeys/releases/tag/5.0.0.

Contact them at hello@solokeys.com or reach out to them on Twitter @SoloKeysSec.

You can read your DiceKey without the app. Before performing cryptographic operations seeded by your DiceKey, the app turns it into a 75-character string, with three characters representing each exposed face (die or sticker). The three characters are the capital letter and digit that appear on the face, followed by the orientation encoded as a lowercase letter ‘r’ (top facing top, or upright), ‘r’ (facing right, or rotated 90 degrees clockwise), ‘b’ (facing bottom, or rotated 180 degrees), or ‘b’ (facing left, or rotated 270 degrees clockwise).

However, you won't be able to generate secrets entirely by hand. To generate password, keys, and other secrets, the DiceKeys App uses an open-source cryptographic library to turn that 75-character string into secrets that don't reveal the DiceKey. That library is portable, open-source, and can be used independently of the app. You cannot generate secrets from your DiceKey by hand because there are no known functions for doing so that are both reliably computable by humans and considered secure by cryptographers.

Before performing cryptographic operations, the app rotates your DiceKey so that the top left face is the one with the letter earliest in the alphabet. For more information, see the specification.

Now that we have the Mac, iOS, and Android apps working, we're working on the Windows version that can write SoloKeys.

The app uses recipes to turn your DiceKey into passwords, seeds, keys, and other secrets. It combines the recipe with your DiceKey using what is known as a one-way function. The one-way prevents someone who you share a generated secret with from learning the DiceKey you used to generate that secret. Even the tiniest change to your DiceKey or recipe will completely change the secret, so you will need both to re-generate more secrets in the future.

Because recipes are useless without your DiceKey, your recipe doesn't need to be kept secret. You can save it in the app and not worry that someone can access it, so long as they don't have your DiceKey. Unlike your DiceKey, your recipe will not be stored anywhere permanent and will be lost if you lose the device with the app in which your recipe is saved. That's why we try to encourage you to use very simple recipes that are easy to reproduce.

For example, if you need a password for your password manager or a major email provider, we probably already have a built-in recipe for you. If not, you can create a recipe just by pasting the URL or domain name of the site or app you need secrets for. You can add a sequence number if you need more than one recipe for the same application, but we recommend you only use numbers you can count on your fingers so that you can try them all if you forget which one you needed.

Your app is just a tool for using your DiceKey. You can get a new device, download the app, load in your DiceKey from its physical form, and be no worse off.

The only data you will lose are any recipes you have saved (see the above question about recipes). In most cases, re-generating a recipe should be as simple as picking from the list of built-in recipes or copying the URL or domain name of the site you need a password or secret for into the recipe builder.

Some systems require passwords that have uppercase, lowercase, digits, and symbols, even though this won't improve security for the passwords we generate.
To meet these requirements, we start all passwords with a number of words that will follow, separate words with a dash, and use uppercase for the first character of the first word. We considered a variety of ways to achieve the goal and this one was the most popular with our beta users.
We use a dictionary of 512 words that are sufficiently different from each other that, if you mistake a mistake writing them down, you should be able to identify the mistake by looking at the list of valid words.

In short, no. A dictionary attack is one in which an attacker tests a dictionary of possible passwords to see if any is correct, sometimes adding variations to these words.

If your password is a single dictionary word from a dictionary of 512 passwords, it would indeed be vulnerable to an attack requiring at most 512 guesses (256 on average). Such a password has 2⁹ possible values, and so is said to have 9 bits of strength.

The number of passwords that result from combining two such words is 512×512, or 262,144 (18 bits).

With three words, 512×512×512, or 134,217,728 (27 bits). This growth is exponential in the number of words: 512ⁿ or 2^9×n!

So, our fifteen word passwords can create 2^9×15, or 2¹³⁵ possible combinations. That 135-bit strength is stronger than many cryptographic keys!

By comparison, a random 15-character passwords with 26 possible uppercase characters, 26 possible lowercase characters, 10 digits to choose from, and special characters (let's say 4 common ones, for an even 64 total characters to choose from) would have 90 bits of strength. It would also be much harder to read than a password made of words.

We're trying to get native apps polished first, since most users will be prefer the security of a app they can download from an app store and that doesn't run in a web browser.

The letter and digit on each die are also encoded a second time into the binary code in the underline, and a third time into the overline. The DiceKeys app checks the letter and digit once against the encoding in the underline and again using the overline.

For now, you can scan your DiceKey into the DiceKeys app and use the app to generate the 'master' password for your password manager. You can copy and paste it into your password manager. We also offer an API that allows password manager apps to request your master password from the DiceKeys app, or even request a cryptographic key that will make your master password entirely unnecessary.

The die in the top left corner when you scan your DiceKey once may be in a different corner the next time you scan it. No problem! The DiceKeys app orients your DiceKey before generating passwords and keys so that it doesn't matter which corner is the top left. (This is why the security strength is 196 bits, not 198 bits.)

Our software is available under the MIT license. It allows us to license the software without licensing the DiceKeys software without the patents needed to produce DiceKeys hardware.

Not easily, and you might break it if you try. In our design, we prioritized making it hard for the dice to accidentally come out of arrangement over making it easy to re-arrange them.

The latches that hold the box closed are on the two opposing sides perpendicular to the hinges. Try using a very small flat-head screwdriver. Gently wedge it between the top and bottom parts in one of those sides, halfway between the two corners. Gently lift the top as you pry it away from the bottom.

Yes. We have filed a patent (application 20210067354, pending) for the exclusive purpose of protecting the right to produce DiceKeys hardware (including Stickeys). When you purchase a DiceKey, you pay an up-front cost with no hidden subscriptions or up-sells. While other businesses are built around turning customers into recurring revenue streams, we've invested in designing a product that's meant to last your lifetime. The hardware is 100% yours and the software is open source to ensure your rights to use it never expire.
We are taking an authentication product to market at a time when the five largest US companies by market capitalization all play the role of identity providers, and even the "smaller" companies focused solely on authentication products are raising tens to hundreds of millions of dollars (each!) from venture capitalists. Patenting prevents free-loaders from draining the revenue stream that will continue to fund the open-source software DiceKeys rely upon. Patenting gives us a fighting chance to see a return on our significant investment of time and money. Patenting also empowers us to require that licensees meet standards for product quality, labor, and environmental impact -- preventing a race to the bottom in which the winning strategy is to abandon all such concerns.

Imagine a game of musical chairs with 26 uppercase letters but only 25 dice for them to sit on. Now imagine one of those letters has a vestigial tail, which makes it harder to sit. That tail of a Q extends below the font's baseline. To accommodate the Q, every die would need to use a smaller font, making all letters and digits harder to read.

Stickeys are a way to backup DiceKeys. Each kit comes with 150 stickers (one for each die face). You backup your DiceKey by building a 5x5 grid of stickers that matches your DiceKey.

We are planning to in the future. We will likely use two-sided metal chips (similar to Stickeys) to achieve a relatively flat form factor.

We have produced lids that don't lock. We're still finding a way to distribute them since Crowd Supply was unable to offer them.

We don't recommend creating replacement parts with a 3D printer. In our prototyping, filament-based printers lacked sufficient precision. SLA printers were precise enough to create reasonable replicas that can hold dice, but the latches to hold the pieces together were not reliably flexible enough during assembly or strong enough after. We can share latch-less reference designs for experimentation or personal use by those who recognize these limitations and concerns. We have relied upon the expertise of our injection-mold manufacturer to customize the latches to their materials and manufacturing process, and their customizations are not ours to share.

You could, but that could be risky your printer is not properly secured or the network you use to connect to it is vulnerable. Stickeys allow you to replicate your DiceKey without relying on a printer to be secure.