A player rolls four 20-sided dice, takes the lowest value, ignores the rest. What is the probability of this value at least 7?

I’m designing a tabletop game, and I need to figure out how to calculate a few probabilities:

  1. Roll 3 20-sided dice, take the highest value. What is the probability of it being 7 or higher? 15 or higher?
    1. Roll 4 20-sided dice, take the highest value. What is the probability of it being 7 or higher? 15 or higher?
    1. Roll 3 20-sided dice, take the lowest value. What is the probability of it being 7 or higher? 15 or higher?
    1. Roll 4 20-sided dice, take the lowest value. What is the probability of it being 7 or higher? 15 or higher?

How can I do this? Could you explain to me how this works, or even better – give me a simple formula?

Does a rest remove ALL chase-induced exhaustion or just ONE level?

Most exhaustion can be removed by a long rest, food, and drink (PHB 251)

Finishing a long rest reduces a creature’s exhaustion level by 1, provided that creature has also ingested some food and drink.

Exhaustion caused by dashing while in a chase, however, is removed by a short OR long rest, with nothing else required. (DMG 252)

A creature can remove the levels of exhaustion it gained during the chase by finishing a short or long rest.

I understand that a short rest alone can remove chase exhaustion.

What I don’t understand is whether one rest removes multiple levels of exhaustion or just one. That is, is the second quote above more explicitly written as:

  1. A creature can remove ALL the LEVELS of exhaustion it gained during the chase by finishing a SINGLE short or long rest.


  1. A creature can remove ONE of the LEVELS of exhaustion it gained during the chase for EACH short or long rest that it finishes.

Vampires and “must rest by day”

Both vampires and vampire spawn have the trait "chained to the grave" which includes the phase "Every vampire remains bound to its coffin, crypt, or grave site, where it must rest by day."

Vampire spawn also have the flaw, "Stake to the Heart. The vampire is destroyed if a piercing weapon made of wood is driven into its heart while it is incapacitated in its resting place." True vampires are merely paralyzed by such an attack, and no mention is made of them being incapacitated while resting.

  1. What does "must rest" by day mean? Are vampires and vampire spawn not allowed to be out of their grave sites in the day? Could they choose to be up and about (subject to the rules of damage in sunlight) with the only penalty being that they are forgoing rest, or are they rules-required to be in their grave sites?

  2. Does the state of "rest" that vampire spawn are in also incapacitate them, in the same way that an unconscious PC is incapacitated? Can they break their rest and wake up if damaged during the day? Or must characters find some way independent of it being day to incapacitate them? That is, is the incapacitation a result of the forced rest in the day, or an independent requirement in order to destroy them?

Does being “paralyzed” grant the effects of a rest

One of our players got paralyzed for 10 hours by a special dart (homebrew). We were in combat when he went down and were in combat when the effect wore off although they were 2 separate encounters. When he woke up in the middle of the fight we didn’t know whether the paralyzation counted as a long rest so we were unsure whether he had full hp or was still injured from before?

Can I use my own implementation of a widely used, supposedly secure cryptographic algorithm for securing data at rest?

I know you shouldn’t roll your own crypto and generally its not a good idea to implement (and then deploy) any extensively tested and recommended algorithms by yourself either.

I have already seen this question, and as far as I understand, the main problem with implementing things yourself is that you will probably remain vulnerable to a host of side-channel attacks.

But suppose I have already implemented AES (just for fun and as a learning experience). What if I now use that implementation for simply encrypting files locally (and then perhaps back them up on the cloud or on removable media)? Since nobody other than me would be using the implementation, most of the side channel attacks would not apply. For instance, since no attacker can request an encryption/decryption (the way it works with a server), no timing attack can be carried out. Would this scenario be sufficiently secure?

In other words would using my own implementation of AES provide security for data at rest or will using it still be a stupid idea?

Do monsters with a spellcasting trait get spell slots back after a long rest?

Some monsters, like a lich, have the Spellcasting trait. This trait allows such monsters to cast spells using spell slots, much as spellcaster player characters do.

However, taking the lich as an example, the trait does not mention how spell slots are regained (I’m ignoring their Lair Actions for the purposes of this question). Looking at the general rules on monsters’ Spellcasting trait in the Special Traits section:


A monster with the Spellcasting class feature has a spellcaster level and spell slots, which it uses to cast its spells of 1st level and higher. The spellcaster level is also used for any cantrips included in the feature.

The monster has a list of spells known or prepared from a specific class. The list might also include spells from a feature in that class, such as the Divine Domain feature of the cleric or the Druid Circle feature of the druid. The monster is considered a member of that class when attuning to or using a magic item that requires membership in the class or access to its spell list.

A monster can cast a spell from its list at a higher level if it has the spell slot to do so. For example, a drow mage with the 3rd-level lightning bolt spell can cast it as a 5th-level spell by using one of its 5th-level spell slots.

You can change the spells that a monster knows or has prepared, replacing any spell on its spell list with a spell of the same level and from the same class list. If you do so, you might cause the monster to be a greater or lesser threat than suggested by its challenge rating.

There is no mention of spells slots coming back on a long rest. Elsewhere in the general rules, this is explicitly mentioned for other traits (such as X/Day traits):

For example, "1/Day" means a special ability can be used once and that the monster must finish a long rest to use it again.

It’s reasonable to assume that monsters with the Spellcasting trait do probably get their spell slots back on a long rest because that’s how it works for PCs, but on the other hand, monsters and PCs don’t necessarily use the same rules. So, does anything explicitly state that monsters with the Spellcasting trait get their spell slots back on a long rest?

Do sorcery points made from converted spell slots vanish after a long rest?

Sorcerers are able to turn sorcery points into spell slots, but the same conversion rate applies to turn spell slots into sorcery points. If, by the end of the day, you have unused spell slots and you wanted to risk the overnight ambush, could you turn them into sorcery points to be used the next day? Or would they disappear anyway? Sorcery points are replenished after a long rest, but that only infers to ones that have been expended, and ones created by spell slots are theoretically one-use, so do they disappear daily or can they stack?

Keeping the world alive whilst PCs take a rest mid-adventure?

My players and I just started up Lost Mines of Phandelver and upon discovering the Cragmaw Hideout at the start of the adventure, they decided to double back to where they left the oxen at the initial ambush site and attempt to take a long rest after a close encounter with the Goblins taking watch outside, which is where our first session ended.

To clarify, they killed the watchers before fleeing with their downed comrade (who took two arrows in the chest during a surprise round) but left the bodies. Obviously the goblins will take note of the corpses left at their front door, so my two ideas are:

  1. The goblins are now more prepared for an intruder in their hideout so setup extra traps in and around the dungeon to catch the killers.

  2. Goblin scouts are sent out to find the players, eventually stumbling upon their camp near the ambush site whilst they rest. I plan on this disrupting any potential for a long rest.

Does anyone have experience doing these kind of adjustments to an existing adventure? If so how did you make sure that the players were made aware that taking a rest at a critical moment (even though it was necessary to heal a downed team mate) has had consequences making their initial task more difficult.

I’d also like to know which of my two ideas seems more fair to the players to get my message of resting in a hostile location across to them. I want to punish them but not too harshly due to them being only level 1.

Should we encrypt all REST API calls from a mobile device?

I have a mobile application and the backend is hosted on a cloud provider. I would like to ask for feedback on encrypting all REST API calls that will be used to communicate with the server, if we should or we shouldn’t do it.

Adding details:

for example instead of having a proper rest object

{    "name" : "username",    "info" : "profile" } 

make it similar to this:

{    "encryptedData" : "Mq6rTVdPP1YMlE9AxhnryIRX+JA9MfIXv" } 

and after decryption it becomes the model and the flow carries on, of course the response is also expected to be encrypted in a similar fashion.