Yup, best is to generate as much of the key as possible by hand with dice, calculate the checksum with some assistance, then verify that two separate devices/wallet software generate the same set of addresses. (To rule out to some extent a device/software being compromised).

There's some talk lately on methods to calculate the checksum by hand too but I haven't delved into that.