Not all random numbers that come out of a computer are generated by an algorithm. What you spoke about is PRNG (Pseudo Random Number Generator). There is also TRNG (True Random Number Generator) that uses some miniaturized natural phenomenon to generate non-deterministic random numbers and feed them into the computer. For example, a very low-power light beam can be shot into a crystal and the quantum randomness of a low-power light source can cause photons to exit the crystal in unpredictable directions. This can create true random numbers. Ledger claims to have an onboard TRNG, but of course, take Ledger's claims with a cup of salt. I generated my own 256-bit random number. I am an astrophotographer and I took a deep-space image of a galaxy and sampled a row of 256 pixels across the galaxy's core. I passed the data through a simple function on an air-gapped computer to generate a 256-bit binary number that then generated my seed phrases. There's enough quantum randomness in camera pixel readings to create true random numbers. Creating your own random 256-bit binary is the undisputed safest way to generate seed phrases.
So you think someone will try to get his random photo out of his total number of photos that he has and run through his random seed generator to got his seed phrase. That someone should just go play Powerball@@martinlutherkingjr.5582
TRNG's are quite impossible or very expensive to implement in portable devices, those that claim that they have TRNG's are liyng, BUT, something as defective can be implemented into portable hardware, you start using an uninitialized variable in RAM as seed, after that you generate random numbers into a loop feeding the "random" function with the result of the last "random" function XOR it with the another uninitialized variable in RAM and run it in a loop with no delays at infinitum till you finished generating the wallet seed, now that the random function run in a loop yo chose the time to pick from those numbers, the time to pick random numbers can be set using the same procedure, and now you have a TRNG with no human input or you let human to push a button that pick from the random generated numbers.
Great video, Rhett! I have worked with random generators in my own code and know that the identical seed will generate the same number from experience. I could not figure out how 2 Trezors with identical software could generate different random numbers. No one else has explained this to me as clearly as you. Thanks.
Glad to help :) Yeah random functions are pretty interesting. Really the danger comes when you try to roll your own seed, most of these devices out of the box work fine.
Most probably they run the "random" function in a loop in the background and the seed is generated when you push generate, the "random" function is feed with it's last generated random number as a seed. So the true randomness is the time you press generate wallet seed. That has a downside because if you assume that any wallet start with a known seed feed to "random" function, you can generate the chain of generated numbers, and you can move up an down that chain to guess the wallet seed, assuming that you use consecutive generated random numbers. The faster you generated the wallet seed after you powered on the hardware wallet the easier is to guess it.
I have two questions?? If my crypto from Bitcoin is transfer to Trezor T model hardware wallet. All my crypto ( digital assets) will only stay safely in Trezor T. Is that correct? Let says, All my crypto from Coinbase that I have transferred to Trezor T model wallet can not be transfer back to Coinbase whenever I wanted to buy, trade or sell. Is that correct? Which hardware wallet is the safest, secure and does not ware out easily which can last for 10 years or more ? Which hardware wallet is safer, compatible and have the ability to trade, buy and sell even after all crypto from Coinbase has been transferred to hardware wallet? Please advice ❤ Thank you very much
1. Yes, when you transfer your cryptocurrencies (such as Bitcoin) to your Trezor Model T hardware wallet, they are stored securely on the device. However, remember that the actual coins are always on the blockchain, the wallet simply holds the private keys to access them. 2. No, that's not correct. You can transfer your cryptocurrencies back to Coinbase or any other exchange whenever you want. The Trezor wallet simply stores your digital assets - it doesn't lock them in. You are free to send your crypto back to Coinbase (or any other exchange) for trading, buying, or selling. 3. The security of a hardware wallet largely depends on its design and the practices of the user. Both Trezor and Ledger are popular choices and have proven to be secure. However, they can only be as secure as the user allows them to be. This means that you should never share your recovery seed, always verify transaction details before confirming, and keep the device physically secure. Regarding durability and lifespan, it's difficult to say as these devices haven't been around for more than a decade yet, but they are designed to be durable. Remember, always keep your recovery seed in a safe place, as it's the only way to recover your funds if the device is lost, stolen, or damaged.
Yeah it’s pretty interesting. I wasn’t really clued into the topic until I stumbled on that Twitter thread. Good to know I think, but most people will hopefully never need to know haha. Will be good if this saves one or two people from a low entropy seed
I read the Ledger article, and isn't 2^256 random enough? Dopey me, but there's more possible private keys than than there are atoms on earth. Anyway, an interesting look at options. Nice work with the lighting /production improvements, btw. Looking better than ev.
Thanks 🙏 got a new camera, might switch to it permanently (still might use the old camera and lightning for back to monitor videos - needs an upgrade for sure) I think ledger’s process is probably fine (and I’m still using ledger) unless we start to see mass ledger hacks - maybe I wasn’t clear enough about that a bunch of people have asked.
That’s an interesting method. I haven’t heard of any that do, but it sounds like it would probably work. I guess it still comes down to is the algorithm that takes that noise and turns it into a number truly random or just pseudo random
@@RhettReisman The bitbox lookup table has you roll 5 4-sided dice and flip a coin for each word. So a 24 word seed would have 115 dice rolls (4 sided dice) + 23 coin flips.
Ledger’s process for generating seeds is in the description. You can’t add entropy to a ledger, so unless ledgers start getting mass hacked I think everyone will be fine - I use a ledger in my multisig. Entropy becomes a problem when you try to roll your own seed and don’t make the number random enough.
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
@@RhettReisman great information, thanks. I am not coder howewer, so I cant tell from the code if trezor (or Ledger) is dependent on external source of randomness. If I use air gapped PC to initialize my hw wallet, wont there be a problem with missing such external sources due to lack of internet connection ?
Hi Rhett. I have seen this video a couple of times. It is a fantastic issue and key to safety for the seeds and wallets. Is there any number where it begins to be absurd about the dice rolls? I get that 100 is essential, but how about the maximum? When does it not make any sense anymore because the math in the hardware wallet software can process so many digits? For example, 250 dice. And finally, how will it look like a dice roll-generated seed (at least 100 to 250 dice) with a passphrase added? Does this make sense to you? Thank you so much! Amazing content! 💪
PD: Finding the holy grail of security may not be so important now. Still, it will surely be vital in 10 years with quantum computers, the exponential generation and use of seeds, and the - hopefully - rising price of bitcoin. Best!
Happy to help! Yeah this is an interesting topic. Anything over 100 is wasted entropy (ie. Rolling 2000 dice is the same as rolling 100) You could optionally add a passphrase on top of your seed for more security (but it’s a trade off as you’re adding more complexity).
So if we just let the CC generate is that safe enough? What about using the ledger seed phrase in a CC and a CC phrase in a ledger... is there differences in the products that would make that useful? Or is multisIg the only way to be completely safe?
Yes - that's what you should do. Lots of people get a coldcard thinking they should be rolling dice etc and that's how they get burned. To be completely safe from this risk you could add a passphrase or use multisig
So if you generate entropy by entering dice the cold card does not also incorporate the "external entropy function" used in the standard seed generation?
@@RhettReisman Similar to your 1-1000 example, there's a finite (although huge) number of btc addresses. Is anything more than 100 dice roles unnecessary, given you've already provided sufficient entropy to cover all 2^256 addresses?
Am I correct here? No problem with the entropy in the coldcard’s selection of 12 or 24 word seed phrase but IF you add predictable low entropy like ‘1234’ as a dice roll, you open the door to someone guessing the private key?
For 100 dice rolls you have 6**100 which is 6.5x10**77 which is very secure, however maximun entrophy is achive with a few more dice rolls since if using a 24 word seed you have 2048**24 which is 2.9x10**79 posible seeds. Idealy you want the entrofy higher than the number of possible seeds, that means the number of dice rolls should be 103 or higher for optimal security using 24 word seeds, however 100 dice rolls is so close to max security it is fine.
There’s only 2**256 bits of entropy in a Bitcoin private key which is less than 6**100. 24 word seed phrases don’t have any more entropy than a 12 word seed phrase. Good reminder that the BIP 39 mnemonic words are not private keys, they a representation of a private key.
@@RhettReisman are you sure? Since if using a 24 word seed my understanding is that if 2 seeds are different so are the private keys, since for each word there are 2048 possibilities that would make a total of posible combinations of 2048**24 to exceed this number 6**x. x has to be greater than 103. 2048 is 2**11 11*24 is 264, I get 2**264, not sure how you got 2**256
@sergiosergio12345678 Private keys use sha256 (256 bits of entropy) en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm Andreas Antonopolous has a good video explanation that I’m having a hard time finding rn but I’ve linked it in a previous comment somewhere 🧐 The mnemonic phrases are not the private key, they are an abstraction of the private key. There are more 24 word mnemonics than there are private keys (some of the entropy is lost in conversion). 12 is enough to generate the full entropy which is why a lot of wallets suggest 12 words.
@@RhettReisman You are correct something new I learned today thanks for the link, but that means there are less private keys than possible 24 word seeds, however when using 12 word seeds the number of possible seeds is lower than the total number of private keys, which makes 24 word seeds more secure, however 12 word seeds for all practical purposes are extremely secure. That is interesting because it means 2 different seeds could have same private key even though the probability of that happening is extremely small.
@sergiosergio12345678 That makes sense - I found the video with Andreas. ua-cam.com/users/liveU0T49duRt74?feature=share @ 14:00 He’s saying that even though what we just said makes sense it’s actually only 128 bits of entropy that get used (not 256 that I originally suggested) which means that 12 words is sufficient and 24 is same security as 12. 2048^12 > 2^128
What equipment should I use to generate my own mnemonic phrase What is the equipment in the 5:39 video Can it solve my need to generate mnemonic phrases by myself?
If I’m getting the timestamp/context right I think it was the idea that you can seed the random function in coldcard using a jpeg picture file (screenshot of your desktop etc) and that has embedded entropy / randomness because your desktop looks different than any other desktop
12 words and 24 words actually have the same amount of entropy. If you're using a hardware wallet and you use their random generation function, you should be fine. If you're using a hardware wallet and elect to roll you own seed, you NEED to roll 100 dice. Any less loses security. I plan to live stream in the future to show how fast a low entropy seed will get hacked (sub 10 dice I imagine will get hacked very fast)
Hello. Do you happen to know which hardware wallet let us view private keys of each coin? I know, it is seen as "vulnerability" but I want to have full control over my keys. Do you know which brand can do it?
so are you saying, if I setup a cold card using their default "generate me a seed phrase" I'm basically trusting them to "roll the dice 100 times" whereas, if I didn't want to trust them, I could roll the dice 100 times and generate my own seed phrase that I know is TRULY (or as close as humanly possible) random?
Multiple Sigs are more complex to properly set up vs just rolling dice into a cold card and having a good pass phrase. Multi Sog sound more suited for a company or business.
How man. QQ - who/what do you prefer as your multi - sig vendor? I saw ur old videos but curious if you’re doing case / un or if you’re just managing yourself at this point…
In the process of moving out of Casa platinum to Casa gold + managed myself. I like the idea of collaborative custody, but I’m a little hesitant about 2 of 3 setups My setup is very likely to change in the next year or so. With Casa coming out with new offerings, I’m sure Unchained will as well.
Usually I use an uninitialized 256bit address in RAM ( uninitialized ram start at an undefined state ) and XOR it with the output of the last randomized number generated by random function, the random function I will run it non stop independent of the picking procedure, the picking procedure can be called at random times generated by the above procedure as well or by pressing pick the necessary times. The number generation running non stop will allow you to compose the wallet seed depending of the picking time, and because the random function is called at an enormous times per second, every ms will mater. By letting you chose your seed is the stupidest idea I ever heard, the above described procedure is the safest ever be. Procedures that you described for me seems that has been intentionally chosen for the wallets to be broken in to.
Brillant. So … in resume : I can not count on the actual système of cold card (same kind of system like Ledger) for my seed phrase hence I need those dice??
If you choose the option to roll dice you need to roll 100 dice - if you roll a small number, your seed will be compromised. You can trust most out of the box options (the default coldcard option should provide enough entropy) and ledger should provide enough entropy (their methodology is in the description)
I know this video is a year old. But I'm hoping you might be able to evaluate an idea. What if you go to some interesting location such as a forrest and took a photo. You now have a digital file. Then you pick an easy to remember number. Using that file, you apply the SHA-256 hash algorithm to that file. Then you hash each hash for your favorite number of times. That gives you 256 bits of entropy. To reproduce it, you need that exact file and knowledge of the number. Use different photos or different numbers to generate keys for a multi-sig setup. This assumes you can enter your key directly into the cold wallet you have chosen.
Yeah you could do this. The biggest issue would be making sure that no one else could ever access the photo (make sure that you're taking the photo on a device that has never been connected to the internet etc) At that point it would be cheaper and faster to just buy some hardware wallets and forget about it.
This video is really phenomenal. In just a few minutes of watching it, I've decided that I will not be making my own seed phrase from dice. Ever. At some point we have to believe that the people behind Trevor and Coldcard and others are better at this than I am. I come from the financial world. This reminds me of those who think they can outperform the stock market, when all the facts and data say the best way is to buy a low cost index fund. At some point you have to make the most logical decision and not think we are the smartest people in the room.
Happy to help. Yeah this is a pretty crazy concept. Dice can be really dangerous. Exactly - we're rarely the smartest people in the room especially on every topic.
This is deep, but like so many of your videos looks super informative. I basically get it but will have to watch this one again to fully understand it.
I've just watched it again and it did make more sense this time round. I was at 50% understanding, now I'm 90% there. You explain things very well, especially for a tricky concept. I just need to relate it fully to how the coldcard performs each method - seed input and no seed input. I'm sure I'll get it fully when I have time for a 3rd watch. Please do make the video as you suggest showing how a poorly generated code could be swiped.
Help me understand something. So the seed words provide for all the private keys you will use but can 2 different seed word combinations overlap and potentially generate the same private key?
Sorry UA-cam didn’t give me notification of your last comment. His might help you understand how seed phrases work: privacypros.io/wallets/mnemonic-phrase
It's called pseudo random numbers, 'cos the so called random numbers is pulled from a super long of numbers, and the seed points to the starting point.
Good clarification thanks for asking The entropy is used to generate the bitcoin seed phrase. If I have a function that generates a random number given a seed (not the bitcoin seed but a fixed value to give the random function direction) it will always generate the same number given the same seed Random(5) = 12345 5 is the entropy (also called a “seed” in random functions which might be where the confusion is) that generates the bitcoin seed 12345 The problem is that 5 is a really easy number to guess, so if you have an easy to guess entropy you can recreate the bitcoin seed phrase. You would want something like this instead Random(3648362864387394749338399….[until you reach enough entropy]) = ??? Some very random bitcoin seed phrase Hope that made sense
Okay, so basically, it's like taking a 12 word phrase and mixing it up so many time that you get lucky and come up with a random word phrase that ends up beings someone's wallet.
As to why I have multiple hardware wallets instead of 1. I knew such a risk exists thus I spread out my crypto investments on multiple storages both hardware and crypto platforms .
my friend's CC got hacked because of this. He did not roll enough dices. I think later on, CC has updated firmware and automatically roll dices for you.
Multisig is the way of the future. But also, adding a passphrase to the seed will add another order of magnitude security onto the 1 in 1E77 possible seed phrases.
Yes! You should allow the hardware wallet to generate the seed phrase and it will use enough entropy. The issue comes up when you take matters into your own hands - you need to make sure you're rolling enough dice.
@@RhettReismanthis is what I did and it May be overkill. I asked the cold wallet to issue 12 bip39 words. Wrote those down and then erased them. I used those 12 words as a Passphrase to a new wallet with 24 seed words. Overkill but it is what it is. Soon i will add multi sig using different hardware manufacturers. But I need to figure out how I will be storing these pass phrases and seeds since I don’t want them in the same house.
Rhett, very interesting video. For us poor people, can I introduce a multi-step authentification using an authentication app, email with a code + the ledger?
I'm sure you could do that but it seems overly complicated. You should either stick with a single ledger, optionally add a passphrase to solve the entropy problem, upgrade to a multisig, or just use the ETFs if self custody is too complicated.
Ummm... Passphrases... If I understand them fully they're hack proof - being that there's no way for anyone that gets your seed phrase to know that you've created one - or more. Even if they do know they have to get them from you; from your memory - by some painful means no doubt. If this is correct then, well, create some sub-wallets with hard to guess passphrases. Just don't forget them yourself or you're screwed.
Another topic : can you tell us again what kind of bode you have ? Looking at Raspberry or Start9(but too $ for me now ). Cheers mate Question : why not an old lap top ?
Yes, you can have true random number generation! Ex., a computer taking digital photos of a lava lamp every minute. Convert what the camera sees to a number and there you go, true random generation.
how are people getting their hands on these wallets in the first place? I dont know anyone that even knows what they are and if they did, they arent some turbo nerd that could even begin to figure out how to crack it...Who the f is doing this?
Lots of people use hardware wallets. To your point a lot of people don't understand them and unfortunately think they will be safer rolling dice (and then don't roll enough dice). This is one of the biggest vulnerabilities for people who end up getting hardware wallets. Lots of people have lost their money this way
How does this dice role example work if you use ledger? Does ledger go this route? Edit - I see you answered this around 11:03 and posted links. Duh! Thanks!
@@lukebal You definitely want to steer clear from Trezor after they recently partnered up with a surveillance chain firm. LEDGER is also no good, they just recently announced they can decrypt your private keys from your device. They say you have to opt-in but the fact is they are now capable of doing this and since their code is NOT open-source there's really no way to trust what they're doing. This was basically their Bud Light moment. ColdCard is definitely the way to go.. P.S follow Mathew from Bitcoin University
Real Chads roll their own dice in a blacked out room and do all their hashes by hand because they're great at math and never make mistakes. Jk don't do this
FFS. This guy is mathematically challenged is not even funny! No, you don’t have to get a stupid container filled with miniature dice! Yes, if you literally just make up numbers on the fly, you will be fine. This guy is taking paranoia to a brand new level.
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
Isn't rolling the dice 100 times the same as the number going into the parenthesis on the code though? For instance, let's say I rolled 10,5,3,5,6,72,1,6,89,2,5,1,4,5,6 etc. etc. Wouldn't that just be: random.seed(105356721689251456) and the number generated would still be the same every time?
Yes, but because you’ve rolled 100 dice there are 6^100 combinations of what that number in the parenthesis can be (which is not brute forceable by any computer) it’s ~ 6x10^77 So you get safety by generating a seed to the random function that is impossible to recreate.
Ok. So I just discovered that I’m not as smart as I thought I was.
U r smart king 👑
I was always blessed that way!!!!😂
that already makes you smarter than you were.
This video was really straightforward and helpful. Thank you so much!
Glad to help :)
Thanks to Sam Bankman-Fried for making a guest appearance at 0:45.
lmfao Sam the stock footage god
Not all random numbers that come out of a computer are generated by an algorithm. What you spoke about is PRNG (Pseudo Random Number Generator). There is also TRNG (True Random Number Generator) that uses some miniaturized natural phenomenon to generate non-deterministic random numbers and feed them into the computer. For example, a very low-power light beam can be shot into a crystal and the quantum randomness of a low-power light source can cause photons to exit the crystal in unpredictable directions. This can create true random numbers. Ledger claims to have an onboard TRNG, but of course, take Ledger's claims with a cup of salt. I generated my own 256-bit random number. I am an astrophotographer and I took a deep-space image of a galaxy and sampled a row of 256 pixels across the galaxy's core. I passed the data through a simple function on an air-gapped computer to generate a 256-bit binary number that then generated my seed phrases. There's enough quantum randomness in camera pixel readings to create true random numbers. Creating your own random 256-bit binary is the undisputed safest way to generate seed phrases.
This is great info, thanks for sharing! That sounds like a very solid way to generate truly random numbers.
Hope you destroyed that camera after that and the memory card it wrote the image to. And hope it doesn’t have wireless connectivity.
Thats the most beautiful thing i ever read
So you think someone will try to get his random photo out of his total number of photos that he has and run through his random seed generator to got his seed phrase. That someone should just go play Powerball@@martinlutherkingjr.5582
TRNG's are quite impossible or very expensive to implement in portable devices, those that claim that they have TRNG's are liyng, BUT, something as defective can be implemented into portable hardware, you start using an uninitialized variable in RAM as seed, after that you generate random numbers into a loop feeding the "random" function with the result of the last "random" function XOR it with the another uninitialized variable in RAM and run it in a loop with no delays at infinitum till you finished generating the wallet seed, now that the random function run in a loop yo chose the time to pick from those numbers, the time to pick random numbers can be set using the same procedure, and now you have a TRNG with no human input or you let human to push a button that pick from the random generated numbers.
Great video, Rhett!
I have worked with random generators in my own code and know that the identical seed will generate the same number from experience. I could not figure out how 2 Trezors with identical software could generate different random numbers.
No one else has explained this to me as clearly as you.
Thanks.
Glad to help :)
Yeah random functions are pretty interesting. Really the danger comes when you try to roll your own seed, most of these devices out of the box work fine.
@@RhettReisman And what dangers are they, just the one you listed in this video regarding not rolling the dice enough time, right?
Yeah really just not rolling enough and ending up with a low entropy seed
Most probably they run the "random" function in a loop in the background and the seed is generated when you push generate, the "random" function is feed with it's last generated random number as a seed. So the true randomness is the time you press generate wallet seed.
That has a downside because if you assume that any wallet start with a known seed feed to "random" function, you can generate the chain of generated numbers, and you can move up an down that chain to guess the wallet seed, assuming that you use consecutive generated random numbers.
The faster you generated the wallet seed after you powered on the hardware wallet the easier is to guess it.
As always thanks, I don't do any of this stuff, but I still enjoy your content, you deserve to have a bigger platform.
Thanks man 🙏 I appreciate all the support, keeps me going haha
I have two questions??
If my crypto from Bitcoin is transfer to Trezor T model hardware wallet. All my crypto ( digital assets) will only stay safely in Trezor T.
Is that correct?
Let says, All my crypto from Coinbase that I have transferred to Trezor T model wallet can not be transfer back to Coinbase whenever I wanted to buy, trade or sell. Is that correct?
Which hardware wallet is the safest, secure and does not ware out easily which can last for 10 years or more ?
Which hardware wallet is safer, compatible and have the ability to trade, buy and sell even after all crypto from Coinbase has been transferred to hardware wallet?
Please advice ❤
Thank you very much
1. Yes, when you transfer your cryptocurrencies (such as Bitcoin) to your Trezor Model T hardware wallet, they are stored securely on the device. However, remember that the actual coins are always on the blockchain, the wallet simply holds the private keys to access them.
2. No, that's not correct. You can transfer your cryptocurrencies back to Coinbase or any other exchange whenever you want. The Trezor wallet simply stores your digital assets - it doesn't lock them in. You are free to send your crypto back to Coinbase (or any other exchange) for trading, buying, or selling.
3. The security of a hardware wallet largely depends on its design and the practices of the user. Both Trezor and Ledger are popular choices and have proven to be secure. However, they can only be as secure as the user allows them to be. This means that you should never share your recovery seed, always verify transaction details before confirming, and keep the device physically secure. Regarding durability and lifespan, it's difficult to say as these devices haven't been around for more than a decade yet, but they are designed to be durable.
Remember, always keep your recovery seed in a safe place, as it's the only way to recover your funds if the device is lost, stolen, or damaged.
@@RhettReisman this is very helpful information. Much appreciated for your response.
This is the channel i just i needed to find. Thank you! You are getting into details im really interested in
interesting stuff, I never even though about how wallets generated your seed, thanks for the vid
Yeah it’s pretty interesting. I wasn’t really clued into the topic until I stumbled on that Twitter thread. Good to know I think, but most people will hopefully never need to know haha. Will be good if this saves one or two people from a low entropy seed
Is stax safe? if you have a 25th word, then that should make it more secure from sweeper attacks? Thanks.
True;-)
Yeah stax is safe. If you have a 25th word you should always be protected from the risks in this video
When using the diceroll method, wouldn't it make better sense to use 10-sided dice (0-9 vs 1-6) ?
You could use less dice if it was 10 sided just make sure you're getting enough entropy
That was a level up for sure. Thanks bro.
Lfg 🧠🧠🧠
Great video! Thanks!
Happy to help :)
Timing the delays between key presses in microseconds is even more random than the dices. It would provide a better entropy for the PRNG function.
I read the Ledger article, and isn't 2^256 random enough? Dopey me, but there's more possible private keys than than there are atoms on earth. Anyway, an interesting look at options. Nice work with the lighting /production improvements, btw. Looking better than ev.
Thanks 🙏 got a new camera, might switch to it permanently (still might use the old camera and lightning for back to monitor videos - needs an upgrade for sure)
I think ledger’s process is probably fine (and I’m still using ledger) unless we start to see mass ledger hacks - maybe I wasn’t clear enough about that a bunch of people have asked.
0:46 There is, just use the heat noise in the electronics. But I don't know which hardware wallets use this method (if any).
That’s an interesting method. I haven’t heard of any that do, but it sounds like it would probably work.
I guess it still comes down to is the algorithm that takes that noise and turns it into a number truly random or just pseudo random
This is super informative, thanks for sharing!
Glad to help :)
For Ledger you can still roll dice and use bitbox’s lookup table. Your Ledger would automatically calculate the last word - the checksum word.
Yeah you just need to make sure you’re rolling enough dice. Less than 100 is a recipe for disaster
@@RhettReisman The bitbox lookup table has you roll 5 4-sided dice and flip a coin for each word. So a 24 word seed would have 115 dice rolls (4 sided dice) + 23 coin flips.
So for us lesser mortals, ledgers basic set up where it generates a random seed is not secure and someone could guess the seed?
Ledger’s process for generating seeds is in the description.
You can’t add entropy to a ledger, so unless ledgers start getting mass hacked I think everyone will be fine - I use a ledger in my multisig.
Entropy becomes a problem when you try to roll your own seed and don’t make the number random enough.
@@RhettReisman what about Trezor?
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy
Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
@@RhettReisman great information, thanks. I am not coder howewer, so I cant tell from the code if trezor (or Ledger) is dependent on external source of randomness. If I use air gapped PC to initialize my hw wallet, wont there be a problem with missing such external sources due to lack of internet connection ?
Thanks, Rhett, this video really helps me to find/do a safe setup for my wallet(s).
Happy to help :)
Hi Rhett. I have seen this video a couple of times. It is a fantastic issue and key to safety for the seeds and wallets. Is there any number where it begins to be absurd about the dice rolls? I get that 100 is essential, but how about the maximum? When does it not make any sense anymore because the math in the hardware wallet software can process so many digits? For example, 250 dice. And finally, how will it look like a dice roll-generated seed (at least 100 to 250 dice) with a passphrase added? Does this make sense to you? Thank you so much! Amazing content! 💪
PD: Finding the holy grail of security may not be so important now. Still, it will surely be vital in 10 years with quantum computers, the exponential generation and use of seeds, and the - hopefully - rising price of bitcoin. Best!
Happy to help! Yeah this is an interesting topic.
Anything over 100 is wasted entropy (ie. Rolling 2000 dice is the same as rolling 100)
You could optionally add a passphrase on top of your seed for more security (but it’s a trade off as you’re adding more complexity).
@@RhettReisman Understood! Thank you so much! 🙏🏻
So if we just let the CC generate is that safe enough? What about using the ledger seed phrase in a CC and a CC phrase in a ledger... is there differences in the products that would make that useful? Or is multisIg the only way to be completely safe?
Yes - that's what you should do. Lots of people get a coldcard thinking they should be rolling dice etc and that's how they get burned.
To be completely safe from this risk you could add a passphrase or use multisig
So if you generate entropy by entering dice the cold card does not also incorporate the "external entropy function" used in the standard seed generation?
That’s right. And if you only roll 5 dice, for example, your seed phrase will be very easy to recreate.
Informative vid, thanks
Glad to help :)
Just thinking about Andreas' video about all the sand in all the galaxies haha. Thanks for the video, I've picked up a lot from you recently :)
Exactly, Andreas is the goat
Glad to help!
@@RhettReisman Similar to your 1-1000 example, there's a finite (although huge) number of btc addresses. Is anything more than 100 dice roles unnecessary, given you've already provided sufficient entropy to cover all 2^256 addresses?
Yeah 100 dice (n) is the crossover point where 6^n > 2^256. If you had a 16 sided die or something you could get away with 64 dice (etc)
Am I correct here? No problem with the entropy in the coldcard’s selection of 12 or 24 word seed phrase but IF you add predictable low entropy like ‘1234’ as a dice roll, you open the door to someone guessing the private key?
Exactly 💯
For 100 dice rolls you have 6**100 which is 6.5x10**77 which is very secure, however maximun entrophy is achive with a few more dice rolls since if using a 24 word seed you have 2048**24 which is 2.9x10**79 posible seeds. Idealy you want the entrofy higher than the number of possible seeds, that means the number of dice rolls should be 103 or higher for optimal security using 24 word seeds, however 100 dice rolls is so close to max security it is fine.
There’s only 2**256 bits of entropy in a Bitcoin private key which is less than 6**100.
24 word seed phrases don’t have any more entropy than a 12 word seed phrase.
Good reminder that the BIP 39 mnemonic words are not private keys, they a representation of a private key.
@@RhettReisman are you sure? Since if using a 24 word seed my understanding is that if 2 seeds are different so are the private keys, since for each word there are 2048 possibilities that would make a total of posible combinations of 2048**24 to exceed this number 6**x. x has to be greater than 103. 2048 is 2**11 11*24 is 264, I get 2**264, not sure how you got 2**256
@sergiosergio12345678 Private keys use sha256 (256 bits of entropy) en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm
Andreas Antonopolous has a good video explanation that I’m having a hard time finding rn but I’ve linked it in a previous comment somewhere 🧐
The mnemonic phrases are not the private key, they are an abstraction of the private key. There are more 24 word mnemonics than there are private keys (some of the entropy is lost in conversion). 12 is enough to generate the full entropy which is why a lot of wallets suggest 12 words.
@@RhettReisman You are correct something new I learned today thanks for the link, but that means there are less private keys than possible 24 word seeds, however when using 12 word seeds the number of possible seeds is lower than the total number of private keys, which makes 24 word seeds more secure, however 12 word seeds for all practical purposes are extremely secure. That is interesting because it means 2 different seeds could have same private key even though the probability of that happening is extremely small.
@sergiosergio12345678 That makes sense - I found the video with Andreas. ua-cam.com/users/liveU0T49duRt74?feature=share @ 14:00
He’s saying that even though what we just said makes sense it’s actually only 128 bits of entropy that get used (not 256 that I originally suggested) which means that 12 words is sufficient and 24 is same security as 12.
2048^12 > 2^128
What equipment should I use to generate my own mnemonic phrase What is the equipment in the 5:39 video Can it solve my need to generate mnemonic phrases by myself?
Grab 100 dice and a COLDCARD hardware wallet from Coinkite, link in the description
Hi, what do you mean by “the entropy on the SD card?” Can you elaborate? Thanks.
If I’m getting the timestamp/context right I think it was the idea that you can seed the random function in coldcard using a jpeg picture file (screenshot of your desktop etc) and that has embedded entropy / randomness because your desktop looks different than any other desktop
@@RhettReisman I see, thanks. I thought the Coldcard can only generate seed based on their on-board TRNG and manual dice rolls.
so do you advise against doing the regular 12 word entropy no dice? is it really going to be that much of a risk?
12 words and 24 words actually have the same amount of entropy.
If you're using a hardware wallet and you use their random generation function, you should be fine.
If you're using a hardware wallet and elect to roll you own seed, you NEED to roll 100 dice. Any less loses security.
I plan to live stream in the future to show how fast a low entropy seed will get hacked (sub 10 dice I imagine will get hacked very fast)
So coldcard, using their random generator = fine ?
I'm 80iq regard. Want to make sure I'm good
Hello. Do you happen to know which hardware wallet let us view private keys of each coin? I know, it is seen as "vulnerability" but I want to have full control over my keys. Do you know which brand can do it?
You can get a private key from a ledger, trezor coldcard or many other options
@@RhettReisman
I am afraid it is not possible. They don't show real private keys for each crypto. They show only 12/24 word seed.
so are you saying, if I setup a cold card using their default "generate me a seed phrase" I'm basically trusting them to "roll the dice 100 times" whereas, if I didn't want to trust them, I could roll the dice 100 times and generate my own seed phrase that I know is TRULY (or as close as humanly possible) random?
Exactly. And if you roll the dice yourself only 10 times you’re going to lose your Bitcoin.
Wouldn't including the date and time when the random number generator is called guarantee that every single call produces a different number?
Yes, they would be different, but they could be reproduced by anyone, who knows, when you created your seed.
Multiple Sigs are more complex to properly set up vs just rolling dice into a cold card and having a good pass phrase. Multi Sog sound more suited for a company or business.
Definitely a little more complicated. I think they’re also good for individuals with large net worth % exposure to btc also
@@RhettReisman how we can make multisig? can you make a video about it?
How man. QQ - who/what do you prefer as your multi - sig vendor? I saw ur old videos but curious if you’re doing case / un or if you’re just managing yourself at this point…
In the process of moving out of Casa platinum to Casa gold + managed myself. I like the idea of collaborative custody, but I’m a little hesitant about 2 of 3 setups
My setup is very likely to change in the next year or so. With Casa coming out with new offerings, I’m sure Unchained will as well.
Usually I use an uninitialized 256bit address in RAM ( uninitialized ram start at an undefined state ) and XOR it with the output of the last randomized number generated by random function, the random function I will run it non stop independent of the picking procedure, the picking procedure can be called at random times generated by the above procedure as well or by pressing pick the necessary times.
The number generation running non stop will allow you to compose the wallet seed depending of the picking time, and because the random function is called at an enormous times per second, every ms will mater.
By letting you chose your seed is the stupidest idea I ever heard, the above described procedure is the safest ever be.
Procedures that you described for me seems that has been intentionally chosen for the wallets to be broken in to.
Brillant. So … in resume : I can not count on the actual système of cold card (same kind of system like Ledger) for my seed phrase hence I need those dice??
If you choose the option to roll dice you need to roll 100 dice - if you roll a small number, your seed will be compromised.
You can trust most out of the box options (the default coldcard option should provide enough entropy) and ledger should provide enough entropy (their methodology is in the description)
@@RhettReisman love the idea of multisig .
Will listen to your video .
Can you roll dice with trezor?
You can roll dice and put that seed in any hardware wallet
I know this video is a year old. But I'm hoping you might be able to evaluate an idea. What if you go to some interesting location such as a forrest and took a photo. You now have a digital file. Then you pick an easy to remember number. Using that file, you apply the SHA-256 hash algorithm to that file. Then you hash each hash for your favorite number of times. That gives you 256 bits of entropy. To reproduce it, you need that exact file and knowledge of the number. Use different photos or different numbers to generate keys for a multi-sig setup. This assumes you can enter your key directly into the cold wallet you have chosen.
Yeah you could do this. The biggest issue would be making sure that no one else could ever access the photo (make sure that you're taking the photo on a device that has never been connected to the internet etc)
At that point it would be cheaper and faster to just buy some hardware wallets and forget about it.
This video is really phenomenal. In just a few minutes of watching it, I've decided that I will not be making my own seed phrase from dice. Ever. At some point we have to believe that the people behind Trevor and Coldcard and others are better at this than I am. I come from the financial world. This reminds me of those who think they can outperform the stock market, when all the facts and data say the best way is to buy a low cost index fund. At some point you have to make the most logical decision and not think we are the smartest people in the room.
Happy to help. Yeah this is a pretty crazy concept. Dice can be really dangerous. Exactly - we're rarely the smartest people in the room especially on every topic.
This is deep, but like so many of your videos looks super informative. I basically get it but will have to watch this one again to fully understand it.
Let me know if it still doesn't make sense - this one is definitely a doozy
I've just watched it again and it did make more sense this time round. I was at 50% understanding, now I'm 90% there. You explain things very well, especially for a tricky concept. I just need to relate it fully to how the coldcard performs each method - seed input and no seed input. I'm sure I'll get it fully when I have time for a 3rd watch.
Please do make the video as you suggest showing how a poorly generated code could be swiped.
Why do we not allow the randomness to be inputted by the user like the file sharing apps once did. You move the mouse and that's your randomness
That would be a good solution if it forced you to include enough bits of entropy.
@@RhettReisman definitely a wake up call. I created an online wallet but now it looks like I'm getting one of these guys first
Hardware wallet is definitely the move 🔥
Help me understand something. So the seed words provide for all the private keys you will use but can 2 different seed word combinations overlap and potentially generate the same private key?
Sorry UA-cam didn’t give me notification of your last comment. His might help you understand how seed phrases work: privacypros.io/wallets/mnemonic-phrase
Fun fact. There’s people who “hash” the 12 and 24 seed phrases on GPUs just like mining asic resistant coins.
Interesting - i haven't heard about this
It's called pseudo random numbers, 'cos the so called random numbers is pulled from a super long of numbers, and the seed points to the starting point.
That's so random
You seem to use "seed" and "entropy" interchangeably. What is exactly their relationship? Thank you for your video.
Good clarification thanks for asking
The entropy is used to generate the bitcoin seed phrase. If I have a function that generates a random number given a seed (not the bitcoin seed but a fixed value to give the random function direction) it will always generate the same number given the same seed
Random(5) = 12345
5 is the entropy (also called a “seed” in random functions which might be where the confusion is) that generates the bitcoin seed 12345
The problem is that 5 is a really easy number to guess, so if you have an easy to guess entropy you can recreate the bitcoin seed phrase.
You would want something like this instead
Random(3648362864387394749338399….[until you reach enough entropy]) = ??? Some very random bitcoin seed phrase
Hope that made sense
@@RhettReisman So in the context of a random function, "seed"="entropy". Got it. Thank you so much. I appreciate it
A cold-card will actually allow you to go beyond 100 dice rolls. I took mine to 111 rolls and then stopped.
Interesting, 100 should be enough. 111 is creating entropy that won’t be used
Isn’t ledger and Trevor both open source? So we can see how they generate?
Ledger is not open source
Not true. You can generate truly random numbers, for example from naturally occuring noise.
Okay, so basically, it's like taking a 12 word phrase and mixing it up so many time that you get lucky and come up with a random word phrase that ends up beings someone's wallet.
Just using a passphrase wouldn’t break an entropy attack?
That’s a good way to protect but isn’t foolproof.
Depends on strength of password and how much entropy is used
As to why I have multiple hardware wallets instead of 1. I knew such a risk exists thus I spread out my crypto investments on multiple storages both hardware and crypto platforms .
Exactly 🔥🔥
my friend's CC got hacked because of this. He did not roll enough dices. I think later on, CC has updated firmware and automatically roll dices for you.
If you let them generate the seed it should have enough entropy. Good reason to use a multisig though.
Are there any Bitcoin miner and SHIB inu miner on apps?
Please recommend the popular miner and how to mine crypto?
Thank you very much
I don’t recommend mining for most people. More info on mining here: ua-cam.com/play/PL-p_L_HbK7jUhxmgAETTMnowG2Bi0GkI1.html
wait...i can create my own seed phrase?...for my Ledger?
Not on a ledger, see the description for how ledger seed phrases are generated
@@RhettReisman understood thanks for the response!
No problem :) anytime!
So is Trevor safe or no?
Multisig is the way of the future. But also, adding a passphrase to the seed will add another order of magnitude security onto the 1 in 1E77 possible seed phrases.
Passphrase is definitely a good option 🔥
If I let coldc choose my 24 word seed, is that ok?
Yes! You should allow the hardware wallet to generate the seed phrase and it will use enough entropy.
The issue comes up when you take matters into your own hands - you need to make sure you're rolling enough dice.
@@RhettReismanthis is what I did and it May be overkill. I asked the cold wallet to issue 12 bip39 words. Wrote those down and then erased them. I used those 12 words as a Passphrase to a new wallet with 24 seed words.
Overkill but it is what it is. Soon i will add multi sig using different hardware manufacturers. But I need to figure out how I will be storing these pass phrases and seeds since I don’t want them in the same house.
Rhett, very interesting video. For us poor people, can I introduce a multi-step authentification using an authentication app, email with a code + the ledger?
I'm sure you could do that but it seems overly complicated. You should either stick with a single ledger, optionally add a passphrase to solve the entropy problem, upgrade to a multisig, or just use the ETFs if self custody is too complicated.
@@RhettReisman Got it, thanks for the reply. Very helpful
The Ian Coleman BIP39 utility is a very useful tool, but like all tools, it needs to be used appropriately.
Yeah totally - gotta be careful out there doing your own cryptography
Ummm... Passphrases... If I understand them fully they're hack proof - being that there's no way for anyone that gets your seed phrase to know that you've created one - or more. Even if they do know they have to get them from you; from your memory - by some painful means no doubt.
If this is correct then, well, create some sub-wallets with hard to guess passphrases. Just don't forget them yourself or you're screwed.
Another topic : can you tell us again what kind of bode you have ? Looking at Raspberry or Start9(but too $ for me now ). Cheers mate
Question : why not an old lap top ?
Yeah those start9 ones are really expensive :/
i just use a raspberry pi with umbrel video here: ua-cam.com/video/2X5cSJyuN0I/v-deo.html
@@RhettReisman excellent and thank you !
Yes, you can have true random number generation! Ex., a computer taking digital photos of a lava lamp every minute. Convert what the camera sees to a number and there you go, true random generation.
Just make sure the computer is never connected to the internet
Damn!! Finally understood multisig!!!!
WOOOT 🧠🧠🧠
ultimate security is rolling 500 dice and multisg with 5 coldcard wallets
Fr fr
6 ^100 ≈2.37×10^77 odds that someone will roll the exact same number as you.
(using 6 sided dice) approximately 1 in 2.37 x 10^77 chances.
Safety in numbers 😎
When I punched the thumbs up on the video, I noticed that I was 'like' # 777. Feeling, 'not very random' here.
Exactly. Some dummy in the comments who didn’t listen to the video will probably use 777 as his seed phrase and lose all his money
the twitter thread is gone now 😢
I am sick to my stomach fam 😭
I added a link to another article but it will never be the same
Should we be concerned with Trezor Wallets?
Only if you’ve rolled your own seed (and used less than 100 dice)
My account was rekeyed, and now?
What do you mean?
Lol how tf will we get mass adoption when you need to be a tech genius just to keep your bitshits safe??
There is no mathematical difference of me making up 100 numbers off the top of my head and rolling a dice 100 times. This guy is pure insanity.
Tell me you failed high school math without telling me you failed high school math
Humans are very bad in creating true randomness. A fact that can and has been measured.
Please do a livestream where you fund such an address easy to hack.
I think that will be cool I’ll do it when I have some time :)
Sweeped?
Draining the funds in the wallet
@@RhettReisman Swept.
"Talk to me like a normal person"
*Whips out vscode*
😂🤣😂
Do we have a discord …?
I don't really use discord :(
I'll make a poll and see if people think that would be helpful
@@RhettReisman session
Dufus, there was never a man on the moon.
Hardware Wallet are not safe.
Also the same guy: Buy hardware wallet.
Welcome to the internet
It makes perfect sense.
We are all just dice at the end of the day
As Spock would say, "fascinating."
As Abraham Lincoln would say: "Hunnid"
Lmao
how are people getting their hands on these wallets in the first place? I dont know anyone that even knows what they are and if they did, they arent some turbo nerd that could even begin to figure out how to crack it...Who the f is doing this?
Lots of people use hardware wallets. To your point a lot of people don't understand them and unfortunately think they will be safer rolling dice (and then don't roll enough dice).
This is one of the biggest vulnerabilities for people who end up getting hardware wallets. Lots of people have lost their money this way
But Bitcoin "feeds on chaos" , like Michael Saylor would say.
I don't like speaking in metaphors
Man never went to the moon.
Talk about it king
entropy is disorder
Go off king
COLDCARD or Ledger?
How does this dice role example work if you use ledger? Does ledger go this route? Edit - I see you answered this around 11:03 and posted links. Duh! Thanks!
Trezor
Coldcard alll the way
@@lukebal careful trezor if you watch bitcoin university beware of their coinjoin company they partnered with
@@lukebal You definitely want to steer clear from Trezor after they recently partnered up with a surveillance chain firm. LEDGER is also no good, they just recently announced they can decrypt your private keys from your device. They say you have to opt-in but the fact is they are now capable of doing this and since their code is NOT open-source there's really no way to trust what they're doing. This was basically their Bud Light moment. ColdCard is definitely the way to go.. P.S follow Mathew from Bitcoin University
New fear unlocked …
For real for real
Not that easy buddy chill out.
if you bought a hardware wallet
please, never use crypto again
good luck
Don’t use the hardware wallet to generate your private key. Problem solved.
Real Chads roll their own dice in a blacked out room and do all their hashes by hand because they're great at math and never make mistakes.
Jk don't do this
Ballet for the win
I CAN MAKE UP MY OWN WORDS AND SPELL THE WRONG ON PURPOSE. THATS A LITTLE MORE SECURE.
Lmao
Haha this guy is scaring you in this video so that he can influence you to buy his products. How friggin lame
There is a monster under your bed. The only way to save yourself is to use my affiliate link to buy all this paper: amzn.to/4gqkI77
rip mass adoption
Fr
Lmao 42069 😂
I am become memelord destroyer of seriousness
👍
🫡
FFS. This guy is mathematically challenged is not even funny! No, you don’t have to get a stupid container filled with miniature dice! Yes, if you literally just make up numbers on the fly, you will be fine. This guy is taking paranoia to a brand new level.
You don't have to, you could just roll one dice 100 times but it's more error prone.
That yankee soap opera didnt put men above low Earth orbit
😂🤣😂
What about Trezor One ? 😢
Im i safe
Im too dumb for this new technology stuff
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy
Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
@@RhettReisman So I'll be fine with the seed phrase generated by Trezor One ?
I would be very confident in a seed phrase generated by a trezor
@@RhettReisman 🥰🥰🥰
Thank you Sir
Glad to help :)
Isn't rolling the dice 100 times the same as the number going into the parenthesis on the code though?
For instance, let's say I rolled 10,5,3,5,6,72,1,6,89,2,5,1,4,5,6 etc. etc.
Wouldn't that just be: random.seed(105356721689251456) and the number generated would still be the same every time?
Yes, but because you’ve rolled 100 dice there are 6^100 combinations of what that number in the parenthesis can be (which is not brute forceable by any computer) it’s ~ 6x10^77
So you get safety by generating a seed to the random function that is impossible to recreate.
42069. Best # ever. A+ content
Goated meme lord back at it again