Steve, thanks for the video friend. Super important information, and good on you for trying to notify the owners of the insecure wallets! Much respect.
Yea it's truly insane to see the inflationary stuff playing out there at crazy speed, at least with BTC there is a more accessible option for the masses to avoid the worst of it...
Trezor mixes entropy from both the onboard MCU and the PC that you are connected, both source of entropy would need to be very flawed on both systems for it to be an issue. Trezor also has has deterministic builds, so it's perfectly safe and reasonable to conclude that it's working as intended and that entropy (and therefore seeds) from Trezor are fine.
@@CryptoGuide what about ledger? They are closed source, so is there no way to ensure the entropy of the seed is enough? They do cite AES-31 certification but I don't think that rules out bugs? Also do they mix entropy from another source like trezor? Would adding a long enough passphrase to the seed protect against such risks? Many thanks, much information is needed to be shared around seed generation entropy.
I heard the cold card may or may not add device entropy to the dice rolls? Can you confirm/deny this? Cold Card's tutorial seems to imply it's a deterministic process of selecting seed words based solely on the entropy from your dice rolls, so no device entropy could have been added if it can be repeated again on another device.
That isn't really the approach with Coldcard, it's basically a device by advanced users, for advanced users. (And is therefore often not really suitable for newbies to use)
If I didn't have any and was starting out I would probably get a Jade. It gives you the most bang for buck by a mile and also supports the full range of advanced features. (While still being safe and simple if used normally) Being able to use it with a mobile over Bluetooth is also really nice.
Depends on what I want to store and what device I want to use to access it. The best value retail option would be either the blockstream Jade or Trezor Safe 3. (Though only the former will work with an iPhone)
99 rolls for a 24 word seed is even better, but 50 rolls gives you 128 bits of entropy (for a 12 word seed) which is sufficiently high to prevent it from being brute forced. (So 50 is the minimum, not the max :) )
@@CryptoGuide Okay thanks. Is there a best way to roll the dice? Perhaps shaking up 5 casino dice in a shoebox and then sliding them to one side and input their numbers going from left to right?
Yea basically multiple dice are better than one and mixing them up and reading them on a row is how you want to do it. The thing with using 99 rolls is that even if your dice have a bad bias, you will still have sufficient entropy to be way over 128 bits. (They would need to be almost as bad as a coin flip for it to be a problem with 99 rolls)
Shouldn't be an issue. Part of the advantage with multiple dice is that differences/bias between them is mostly cancelled out as the order in which they are read each time will change.
Awesome content. I had a few questions, but you answered them as the video went along. P.S. Thanks for checking Krux! You introduced me to that project in another video & I've become a huge fan.
So true 7:24 "letting the RNG in you wallet generate your seed is actually the most secure thing for most users". How many coins have been lost due to the RNG in the hardware wallet vs. those lost to brain wallets, not so random dice rolls, etc. I would guess zero vs. hundreds. Keep It Simple! Don't try to outsmart the wallet. I agree 100% with the words at 8:42
For sure, it's one of those instances where attempting to offset the theoretical risk of RNG issues will mostly increase the overall risk due to the possibility of messing it up somehow...
@@Kerrington_John unbalanced dice may skew the results, plus you have to enter them into a computer to calculate the checksum and that may expose your private key.
Trezor, Jade and Bitbox are all great options. Bitbox02 is probably the easiest to use and Jade is the one you want if you need to use it with an iPhone.
Depends what you want to achieve, it can be a great way to add a layer of protection to your physical backups. That said, it does add complexity to your backups and should be written down somewhere as well.
My dad recently lost his bitcoin likely due to low entropy- he just didn’t know. 6 rolls was all he used. Bitcoin was gone in 8 minutes. Happened January 14 2024.
Could you please make a practical instructional video about this, showing the best options discussed in this video. So the best options for setting up a Coldcard. What you explain is very difficult to follow for the less technical people here (including me). Thanks!
For coldca rd, it seems a simple message that says, “insufficient dice rolls”, after you proceed from your dice rolls, would be a very easy safety mechanism.
I used my coldcard and generated a wallet using two dice rolls. Transferred some btc to it and it immediately got transferred out. I guess this is exactly what happened?
Hello and thanks for the informative video, If one has a low entropy wallet but with a passphrase, would the addition of the passphrase protect the funds?
It would add as much entropy as you added into the passphrase, but would mean the seed isn't identified as being in-use by automated tools that look for such things.
Having unfortunately lost some bitcoin because of low entropy, another suggestion I have for the coldcard interface would be, on the screen, where it says 1 to 6, change to one to 99. Simple fix.
Yea it's mostly sorted in the newer firmware on the Mk4 which enforces the minimum of 50 rolls, though this is only on the default workflow. (It's still possible via the temporary seed method)
There is nothing wrong with letting you hardware wallet generate the seed words, but if you are feeling paranoid then you could use 100 dice rolls. (Or just add a passphrase instead to also protect your backups)
Perhaps I should have mentioned it a few more times but basically the hardware or software key generation generally the best choice for the vast majority of folks, it's very difficult to mess up. ;)
@CryptoGuide Yeah I understand what you mean it's the easiest & safest way for the average basic user not to mess up or over complicated things to much and lose funds due to technical capabilities. Thank you soo much you add value to the bitcoin community
Good afternoon Great video and great experiment! To quickly search through BTC, ETH and LTC, you probably had to download their blockchains to your computer? Approximately how much disk space did this take?
If you are using 99 rolls then there is a huge buffer of extra entropy above the minimum 128 bits, so as long as you are rolling an actual dice (even a crap one) it will be fine.
No, but the main issue is that for the firmware up until Feb 2023, it was easy to think that you were in the "adding rolls" workflow when you were in the deterministic one. The "additional rolls" workflow is triggered by letting the device generate 24 words and then pressing a button at the step where you review the initial words. (Which then prompts you to add dice rolls)
If you mean BC Vault, it's totally closed source, so there isn't anything to review beyond taking the vendors word for it that it's doing what they say it's doing.
if you are generating seeds from 2-3 different devices, and each time a new seed is generate you choose the 1st word or the positional word of the new seed generated each time that you need at that moment to complete the defnitive seed until getting the 12 words (11 + checksum), are we getting more entropy or less entropy?
The same, as each first word is representing the first few bits of entropy from whatever device you are getting it from. (And you are basically throwing away the rest each time) The matter of sourcing those bits from different sources is still a factor, but isn't related to the actual amount of entropy.
With the firmware from earlier this year, you just rolled once, pressed that you were done and you were good to go. You can achieve the same thing today, with the current firmware, via the "Temporary Seed" workflow.
@@CryptoGuide Haha well, to be fair, I use a password manager. Only my master password is generated with 50 dice rolls. All my other passwords are randomly generated by the password manager and are 50+ random characters long.
So its probably best to just think of a completely random number from 1000 to 100000 and then ask somebody random (a person you met on the streets and will likely never see again in your life) to tell you a number from 10 to 100. Then you take your number to the power of theirs and type in every other digit of their number until you cannot fit any more digits. Add a passphrase ontop of that. This should be safe, right? You might also want to use MultiSig and have your coins scattered accross multiple MultiSig Wallets, which are completely independant from each other and secured by hardware wallets from different brands.
@@CryptoGuide I also assume that this is probably the best choice. If I really started to hodl lots of Bitcoin, I should hodl my coins in multiple completely seperate wallets anyway to reduce damage in case one does somehow get compromised. The extra paranoid people could also compile the software themselves and flash it onto the device before setting it up to be extra extra extra safe.
@@CryptoGuide This method however literally decentralizes your risk of loosing everything. And as long as you carefully plan, what you are doing, keeping track of all your assets. Utilizing this method makes your assets as safe as horcuxes made Voldemort unkillable. Just make sure to not give anyone a proximity sensor for your hardware wallets and access to your memories around the clock. Then you should be as safe as Voldemort initially intended to be - at least financially.
But why is your thumbnail implying this is the fault of the CC4? A “dodgy dice wallet” beside a CC4 image. This is a user issue… you need to do lots of dice rolls. Not the fault of the hardware.
Basically the firmware didn't enforce a minimum number of dice rolls for the deterministic dice process, which was made worse by the fact that this process was moved to so as to be far easier to find. It has been partially fixed, but the unsafe seed generation is still possible in older firmware (so Mk3) and also in the Mk3 if initiated via the temporary seed workflow.
@@CryptoGuide I understand. So it was a secondary security problem. You could always have created safe wallets by dice roll on the mk3/4, but only by rolling enough dices by yourself. So beginners and people without enough knowledge would be in danger. That's a grave mistake done by coldcart to be honest. Shouldn't have happened. Hope the rest of their software & hardware is ok.
What a brilliant video! Suppose I had chosen 12 nice BIP39 words by myself and used them together with a PassPhase as a BIP85 parent seed - how secure is the entropy of the generated child seeds? Thank you!
What do you mean "chosen 12 nice BIP39 words", do you mean with dice or just chosing words that seem good to you? (If it's the latter then this isn't secure at all)
@@CryptoGuide Ooops - I actually meant self-selected words + PassPhrase = ParentSeed This ParentSeed + Index = ChildSeed Such a ChildSeed is not safe at all? : ( And such a CS + PassPhrase then probably not much more? 😳
@@CryptoGuide This is unpleasant to hear, but of course I am very grateful! I was aware that even selected words are not really safe. But I assumed that these human traces would be "obliterated" if they were combined with a PassPhrase and an index to derive a new (child)seed, which then also got a PassPhrase. The reason for this "recipe" is a brainwallet that is supposed to be bulletproof - but apparently this is cryptographic nonsense. Thank you for your many efforts to teach people and lead them into the new era as harmlessly as possible! 🙏🙏
Great data. Just one question is there any chance than your hardware wallet provider (like Trezor who is open source) would know your generated seed phrase? and/or passphrase? Thank you
There are two ways that this can happen with any wallet. 1) The wallet uses flawed entropy generation, meaning that there may only be a few billion possible seeds that it can produce. 2) The wallet leaks wallet information to another PC/App. Basically if you have a device that is both open source and uses deterministic builds, coupled with open-source companion apps, then the hope is that folk would notice something like 1 or 2 happening and raise the alarm :)
@@CryptoGuide Thank you for the quick response. Do you know if Trezor is fully Open source and uses deterministic builds and the trezor suite app is also open source? To make it clear is Trezor one of the safest in that respect?
@@CryptoGuide thank you for your reply. Im already using a hard wallet but also thinking of getting another cold wallet for BTC only and another one for alt coins only. What would you recommend for those?
@@CryptoGuideBut rolling 100 dices isn't that difficult. Just use a shoe carton, mix 5 dices 20 time and that's it. How isn't that for nearly everyone better/safer than letting cold card generating a seed?
Let’s say I want a 24 word seed phrase and I roll one di 99 time. Is there anything I can do while rolling the die that would make the wallet less secure? Also can the die be a normal six sided die?
Basically if you use a single die then it's bias could be an issue. That said, if you do the full 99+ rolls for a 24 word seed, even if the entropy out of a single dice isn't perfect, it will still be well above what is required for a secure seed. (This would only be a major problem if you were only doing 50 rolls for a 12 word seed, going for the full 24 gives you a significant buffer) For it to be a problem with 99+ rolls, the dice would need to be so bad as to be looking almost like a coin toss in terms of the outcomes that it is giving you.
@@CryptoGuide thank you. How many dice should you use and can they be six sided dice? And would a seedphrase created by throwing a die (or two dice perhaps?) 99 times be as or more secure than a wallet created using a Ledger device?
2+ dice is fine and D6 dice are also fine. (And the dice don't all have to be the same) Just look at my video on making a zero trust wallet with dice and I talk about it more there.@@pubdefendr
@@CryptoGuide I watched the video you mentioned. Thank you! Do you think that creating a seed phrase on seedsigner using a picture is more secure than by using dice?
@@CryptoGuideInstead of using a word from BIP -39 list, why not using a passphrase with numbers words and sumbols to make it much harder for someone to find?
A BIP39 passphrase doesn't need to be a single word or even words from the BIP39 word list. It can in include numbers, symbols, etc. Just be sure to include it in your backups somehow as well.
Yes a passphrase does add a significant layer of protection, especially if you never made any transactions on the raw seed as there is simply no way for someone to know that that seed is even in use. Multisig does add even more security, but also adds significant complexity in terms of what you need to keep for the backups.
@@CryptoGuideCould you further explain how to keep a "clean" raw seed? Isn't even sending 0,1 BTC to it making it "dirty"? And if someone finds your seed, couldn't he see anything on it stored, doesn't matter if you were using it for transfer or not?
It isn't really a case of dirty or clean, but simply that if a given seed has never made any transactions without a passphrase, it's impossible to know it if has ever been used. (Either with a passphrase, with multisig, etc)
@@CryptoGuide But what does that change? It's only a problem if someone finds your seed ? And the probability is near 0 or am I wrong? How else will someone know your seed ??
I have ordered a Trezor 3, so will post when it arrives. Generally speaking it looks to have all the features of the T at a fraction of the price... (Though without the fancy colour touchscreen)
@@CryptoGuide plus the secure element. However I’d like to know how you’d enter the passphrase without the touch screen. Do you have to use the computer keyboard and risk key logging detection?
@@formetoknow540 oh I c. So that means that Trezor T and 3 have the same level of security to remote attacks but Trezor 3 is higher in security to physical attacks. I don’t know how I feel about entering a long passphrase with just two buttons. That must be quite difficult Thank you!
Yea you can see in both their announcements and their Github that passphrase entry can be on-device, so it will likely be a fairly painful exercise to enter with two buttons, though no worse than something like a Ledger.
Great video. Just a bit of unsolicited advice. You might consider trying to speak slower. At times, you speak quite quickly and it is difficult to understand.
More people need to be watching this. This guy's videos give excellent security advice.
Thanks :)
Steve, thanks for the video friend. Super important information, and good on you for trying to notify the owners of the insecure wallets! Much respect.
Thanks, it was certainly a bit of a conundrum :/
A tip is not enough for this extremely valuable knowledge! 🙀😅
Thanks heaps for the tip, glad you found it helpful :)
Thanks for covering this. This is important information.
Glad it was helpful!
What a legend!! Hats off to you man, thanks for this video!!
Thanks, glad it helped
Greetings from Argentina!!! always good to stay on top of these things. Always appreciate every video This man does.
All the best to you .
Hola!
Thanks and stay safe down there :)
Argentina 🇦🇷 dam the inflation is crazy in that country I hear hope u store your value life energy in bitcoin and spend Argentinian pesos
Yea it's truly insane to see the inflationary stuff playing out there at crazy speed, at least with BTC there is a more accessible option for the masses to avoid the worst of it...
@CryptoGuide The only solution to inflation is ₿itcoin thank god people have a option to opt out in countries like that
.
I got goosebumps hearing this has happened. I'm a pretty seasoned software engineer but I'm also human.
Yea bad/inconsistent UX can make it such that even an otherwise advanced user can end up making a mistake like this.
Given that the Trezor One is open source, is it safe to conclude that their RNG doesn't contain any (malicious or accidental) bugs?
Trezor mixes entropy from both the onboard MCU and the PC that you are connected, both source of entropy would need to be very flawed on both systems for it to be an issue. Trezor also has has deterministic builds, so it's perfectly safe and reasonable to conclude that it's working as intended and that entropy (and therefore seeds) from Trezor are fine.
@@CryptoGuide Thank you!
@@CryptoGuide what about ledger? They are closed source, so is there no way to ensure the entropy of the seed is enough? They do cite AES-31 certification but I don't think that rules out bugs? Also do they mix entropy from another source like trezor? Would adding a long enough passphrase to the seed protect against such risks? Many thanks, much information is needed to be shared around seed generation entropy.
Ledger use a certified TRNG, but yea a passphrase also mitigates against potential entropy issues in the seed.
Thanks for the great informative video. Is there any way to self check the security of a hardware wallet, to ensure it is safe enough? thanks.
If you are buying one from the official store and it doesn't look like it has been tampered with then it's probably fine. :)
I heard the cold card may or may not add device entropy to the dice rolls? Can you confirm/deny this? Cold Card's tutorial seems to imply it's a deterministic process of selecting seed words based solely on the entropy from your dice rolls, so no device entropy could have been added if it can be repeated again on another device.
Basically there are two seperate workflows, one that is deterministic and one that isn't.
i did 214 dice rolls, still have my BTC!
Good job :)
What amount of dice rolls is enough?
50 at a minimum
@@CryptoGuide And this generated enough entropy?
Basically yea
Damn 0.4 is no joke, I’d be gutted
Yea it's pretty crazy, the guy had no idea what bad happened, but was pretty good about the whole thing.
Almost half a bitcoin
.
Just remove that damn dice from that thing
That isn't really the approach with Coldcard, it's basically a device by advanced users, for advanced users. (And is therefore often not really suitable for newbies to use)
If you have to choose one hardware wallet only. Which one will it be?
If I didn't have any and was starting out I would probably get a Jade. It gives you the most bang for buck by a mile and also supports the full range of advanced features. (While still being safe and simple if used normally)
Being able to use it with a mobile over Bluetooth is also really nice.
Than you
Depends on what I want to store and what device I want to use to access it.
The best value retail option would be either the blockstream Jade or Trezor Safe 3. (Though only the former will work with an iPhone)
Is 50 dice rolls really that safe? Would it be safer to rolls 99 times for the 24 words?
99 rolls for a 24 word seed is even better, but 50 rolls gives you 128 bits of entropy (for a 12 word seed) which is sufficiently high to prevent it from being brute forced. (So 50 is the minimum, not the max :) )
@@CryptoGuide Okay thanks. Is there a best way to roll the dice? Perhaps shaking up 5 casino dice in a shoebox and then sliding them to one side and input their numbers going from left to right?
Yea basically multiple dice are better than one and mixing them up and reading them on a row is how you want to do it.
The thing with using 99 rolls is that even if your dice have a bad bias, you will still have sufficient entropy to be way over 128 bits. (They would need to be almost as bad as a coin flip for it to be a problem with 99 rolls)
@@CryptoGuide okay so would doing it with 3 dice and reading them in a row be fine as well? I just realized I only have 3 casino dice
Shouldn't be an issue. Part of the advantage with multiple dice is that differences/bias between them is mostly cancelled out as the order in which they are read each time will change.
Awesome content. I had a few questions, but you answered them as the video went along. P.S. Thanks for checking Krux! You introduced me to that project in another video & I've become a huge fan.
Thanks, glad it made sense and glad you found Krux, it's a great project :)
Another great video. Thanks.
Thanks
Seriously this guys videos have totally helped me with self custody
Glad they have helped :)
@@CryptoGuidelol u took there crypto and gave it back hopefully if I ever get hacked he like u
Unfortunately most of the time it is simply taken and never returned :/
So true 7:24 "letting the RNG in you wallet generate your seed is actually the most secure thing for most users".
How many coins have been lost due to the RNG in the hardware wallet vs. those lost to brain wallets, not so random dice rolls, etc. I would guess zero vs. hundreds. Keep It Simple! Don't try to outsmart the wallet. I agree 100% with the words at 8:42
For sure, it's one of those instances where attempting to offset the theoretical risk of RNG issues will mostly increase the overall risk due to the possibility of messing it up somehow...
Stay safe :)
But how can you mess up "mixing" 5 dices, 20 time in a shoe carton??
What can go wrong???
Most folk don't do it that way.
@@Kerrington_John unbalanced dice may skew the results, plus you have to enter them into a computer to calculate the checksum and that may expose your private key.
which wallets are more safe to use? trezor and jade bitbox good iyo?
Trezor, Jade and Bitbox are all great options. Bitbox02 is probably the easiest to use and Jade is the one you want if you need to use it with an iPhone.
@@CryptoGuide do you think passphrase is necessary?
Depends what you want to achieve, it can be a great way to add a layer of protection to your physical backups. That said, it does add complexity to your backups and should be written down somewhere as well.
My dad recently lost his bitcoin likely due to low entropy- he just didn’t know. 6 rolls was all he used. Bitcoin was gone in 8 minutes. Happened January 14 2024.
Sorry to hear it, it was a really easy mistake to make with Coldcard for a while there
Could you please make a practical instructional video about this, showing the best options discussed in this video. So the best options for setting up a Coldcard. What you explain is very difficult to follow for the less technical people here (including me). Thanks!
Thr best option is just to let the Coldcard generate the seed for you, using it's onboard TRNG.
Great work.
Thank you! Cheers!
How does the BIP85 standard work in concerning the entropy level - does a bad parent seed pass on its low entropy to its child seeds?
Child seeds have the same entropy as the parent.
Good work my friend 👏🏼
Thanks :)
For coldca rd, it seems a simple message that says, “insufficient dice rolls”, after you proceed from your dice rolls, would be a very easy safety mechanism.
It actually did have a warning and newer versions of MK4 firmware don't allow you to proceed (Though Mk3 still does)
@@CryptoGuide good to hear. Too bad for me. I must have had the old firmware.
I'm sorry for your loss
@@bpheardhow often did you roll? Do you still remember it?
@@Kerrington_John unfortunately, only 6 times.
Coldcard hardware wallet is a scam. I rather get Ledger and Trezor.
I don't think it is, but Ledger and Trezor and excellent choices.
Why? I think its the best one, but if you have reason to believe its not please let us know.
Some folk lost funds with them through issues like the one demonstrated in this video here.
I used my coldcard and generated a wallet using two dice rolls. Transferred some btc to it and it immediately got transferred out. I guess this is exactly what happened?
Almost certainly, what version of firmware were you running?
Hello and thanks for the informative video, If one has a low entropy wallet but with a passphrase, would the addition of the passphrase protect the funds?
It would add as much entropy as you added into the passphrase, but would mean the seed isn't identified as being in-use by automated tools that look for such things.
Having unfortunately lost some bitcoin because of low entropy, another suggestion I have for the coldcard interface would be, on the screen, where it says 1 to 6, change to one to 99. Simple fix.
Yea it's mostly sorted in the newer firmware on the Mk4 which enforces the minimum of 50 rolls, though this is only on the default workflow. (It's still possible via the temporary seed method)
Very useful information! thanks
Glad it helped
I let my hardware wallet generate the private key. Think I should use dice rolls (100) and add a pasphrase ?
There is nothing wrong with letting you hardware wallet generate the seed words, but if you are feeling paranoid then you could use 100 dice rolls. (Or just add a passphrase instead to also protect your backups)
@CryptoGuide after watching this video I'm paranoid lol. thanks for educating us plebs on how to keep our btc safe and secure
Perhaps I should have mentioned it a few more times but basically the hardware or software key generation generally the best choice for the vast majority of folks, it's very difficult to mess up. ;)
@CryptoGuide Yeah I understand what you mean it's the easiest & safest way for the average basic user not to mess up or over complicated things to much and lose funds due to technical capabilities. Thank you soo much you add value to the bitcoin community
Glad it helped :)
I did like 215 or so rolls on my wallet because of how scared and paranoid I was.
Nice :)
Could you expand on the hacked cold card rolling a 5? What does that mean? How did the 24 words get hacked?
The video explains it but basically the Coldcard allowed the users to generate a 24 word seed based off a single dice roll.
How to roll the dices probably?
The key thing in this instance is the number, so you want to make sure that you have at least 50... (And 100 is better)
@@CryptoGuide Thank you very much for the answering of all my questions. You got a new subscriber !
No worries, thanks :)
Lost my bitcoin yesterday like this. I just used two dice rolls.
I'm sorry for your loss...
Good afternoon Great video and great experiment! To quickly search through BTC, ETH and LTC, you probably had to download their blockchains to your computer? Approximately how much disk space did this take?
The Bitcoin blockchain is over 500GB, LTC is over 100GB and eth is terabytes.
Could the method of rolling compromise the entropy even if lets say 99 rolls were made with one dice?
If you are using 99 rolls then there is a huge buffer of extra entropy above the minimum 128 bits, so as long as you are rolling an actual dice (even a crap one) it will be fine.
My English is not that good. What I understood is: roll with your own physical dice and you are safe, right?
No, that's exactly the opposite... The users who lost funds used dice (with too few rolls) and would have been better off using the onboard TRNG.
@@CryptoGuide ahhhh okay thanks 🙏
No worries, stay safe :)
So.....does this also affect users who generate a 24 seed then ADD additional Dice rolls or does that not apply?
No, but the main issue is that for the firmware up until Feb 2023, it was easy to think that you were in the "adding rolls" workflow when you were in the deterministic one.
The "additional rolls" workflow is triggered by letting the device generate 24 words and then pressing a button at the step where you review the initial words. (Which then prompts you to add dice rolls)
How much bitcoin did you find sitting in these wallets? I don’t think you said in the video. Great video!
A few thousand USD worth
is there a way to add a bip39 passphrase to my cold card? I have the 24 word default RNG
There is nothing wrong with the default RNG, but yes you can easily add a passphrase with Coldcard. (Just be sure to include it in your backups too)
Do you have a review on BC Wallet and the way that wallet creates entropy?
If you mean BC Vault, it's totally closed source, so there isn't anything to review beyond taking the vendors word for it that it's doing what they say it's doing.
@@CryptoGuide yes BC Vault, so you don’t recommend this wallets at all then?
It might be fine if you already have one, but I would suggest there are better alternatives :)
if you are generating seeds from 2-3 different devices, and each time a new seed is generate you choose the 1st word or the positional word of the new seed generated each time that you need at that moment to complete the defnitive seed until getting the 12 words (11 + checksum), are we getting more entropy or less entropy?
The same, as each first word is representing the first few bits of entropy from whatever device you are getting it from. (And you are basically throwing away the rest each time)
The matter of sourcing those bits from different sources is still a factor, but isn't related to the actual amount of entropy.
Is any of this actually better than pen and paper?
A pen and paper used for what? (In terms of seed storage, a pen and paper is what you want)
Great video, subscribed...1000 likes 👍
Thanks :)
So do you recommend the coldcard or Trezor safe 3?
They are both very similar. Basically the Safe 3 is going to be a great option if you aren't an advanced user who will be doing stuff like Multisig.
can adding a passphrase with low entropy to an otherwise high entropy seedphrase lower the overall entropy? Or can it only be additive?
Adding a passphrase is only additive. (And can add some benefits like plausible deniability)
@@CryptoGuide thanks for the reply!
No worries
how can you generate a wallet with just 1 roll ?
With the firmware from earlier this year, you just rolled once, pressed that you were done and you were good to go.
You can achieve the same thing today, with the current firmware, via the "Temporary Seed" workflow.
Multisig FTW though
As long as you can manage the extra backups required :)
Well shiii, I use 50 dice rolls just for my passwords alone 😅
Just because you are paranoid doesn't mean that you are wrong ;)
@@CryptoGuide Haha well, to be fair, I use a password manager. Only my master password is generated with 50 dice rolls. All my other passwords are randomly generated by the password manager and are 50+ random characters long.
Nice, simply using a password manager is a great thing that far too few people do...
So its probably best to just think of a completely random number from 1000 to 100000 and then ask somebody random (a person you met on the streets and will likely never see again in your life) to tell you a number from 10 to 100. Then you take your number to the power of theirs and type in every other digit of their number until you cannot fit any more digits. Add a passphrase ontop of that. This should be safe, right?
You might also want to use MultiSig and have your coins scattered accross multiple MultiSig Wallets, which are completely independant from each other and secured by hardware wallets from different brands.
Or just use the onboard TRNG and a passphrase of you don't want to trust it ;)
@@CryptoGuide I also assume that this is probably the best choice. If I really started to hodl lots of Bitcoin, I should hodl my coins in multiple completely seperate wallets anyway to reduce damage in case one does somehow get compromised.
The extra paranoid people could also compile the software themselves and flash it onto the device before setting it up to be extra extra extra safe.
I think that most people struggle to maintain one set of backups, so introducing multiple sets just complicates things further.
@@CryptoGuide This method however literally decentralizes your risk of loosing everything. And as long as you carefully plan, what you are doing, keeping track of all your assets. Utilizing this method makes your assets as safe as horcuxes made Voldemort unkillable. Just make sure to not give anyone a proximity sensor for your hardware wallets and access to your memories around the clock. Then you should be as safe as Voldemort initially intended to be - at least financially.
Ideally sure, but don't underestimate the danger that complexity adds to your backups
Thank you soooo much! I just subscribed.
Thanks, glad it helped
But why is your thumbnail implying this is the fault of the CC4? A “dodgy dice wallet” beside a CC4 image. This is a user issue… you need to do lots of dice rolls. Not the fault of the hardware.
Though I do agree that the CC UI/UX is kinda crappy
Because it's mostly related to a firmware flaw that was present in the mk4 and has mostly been an issue for mk4 users thus far.
@@CryptoGuide Cut you explain further what you mean with Firmware flaw?
Basically the firmware didn't enforce a minimum number of dice rolls for the deterministic dice process, which was made worse by the fact that this process was moved to so as to be far easier to find. It has been partially fixed, but the unsafe seed generation is still possible in older firmware (so Mk3) and also in the Mk3 if initiated via the temporary seed workflow.
@@CryptoGuide
I understand. So it was a secondary security problem. You could always have created safe wallets by dice roll on the mk3/4, but only by rolling enough dices by yourself. So beginners and people without enough knowledge would be in danger.
That's a grave mistake done by coldcart to be honest. Shouldn't have happened. Hope the rest of their software & hardware is ok.
What a brilliant video!
Suppose I had chosen 12 nice BIP39 words by myself and used them together with a PassPhase as a BIP85 parent seed - how secure is the entropy of the generated child seeds? Thank you!
What do you mean "chosen 12 nice BIP39 words", do you mean with dice or just chosing words that seem good to you? (If it's the latter then this isn't secure at all)
@@CryptoGuide Ooops - I actually meant self-selected words + PassPhrase = ParentSeed
This ParentSeed + Index = ChildSeed
Such a ChildSeed is not safe at all? : (
And such a CS + PassPhrase then probably not much more? 😳
Self selection of words is a security disaster... Don't do it, humans suck at randomness... There is literally no reason to do this...
@@CryptoGuide This is unpleasant to hear, but of course I am very grateful!
I was aware that even selected words are not really safe.
But I assumed that these human traces would be "obliterated" if they were combined with a PassPhrase and an index to derive a new (child)seed, which then also got a PassPhrase.
The reason for this "recipe" is a brainwallet that is supposed to be bulletproof - but apparently this is cryptographic nonsense.
Thank you for your many efforts to teach people and lead them into the new era as harmlessly as possible! 🙏🙏
Where did you get the idea that brainwallets are bulletproof? (They are one of the worst ways to secure your funds, for multiple reasons)
So coldcard wallet has a max of 24 dice rolls?
No, you need at least 50 for a 12 word seed and 99 for a 24 word seed.
Great data. Just one question is there any chance than your hardware wallet provider (like Trezor who is open source) would know your generated seed phrase? and/or passphrase? Thank you
There are two ways that this can happen with any wallet.
1) The wallet uses flawed entropy generation, meaning that there may only be a few billion possible seeds that it can produce.
2) The wallet leaks wallet information to another PC/App.
Basically if you have a device that is both open source and uses deterministic builds, coupled with open-source companion apps, then the hope is that folk would notice something like 1 or 2 happening and raise the alarm :)
@@CryptoGuide Thank you for the quick response. Do you know if Trezor is fully Open source and uses deterministic builds and the trezor suite app is also open source? To make it clear is Trezor one of the safest in that respect?
Trezor is both open source hardware and software with deterministic builds. :)
How do you feel about cold cards?
They are a great device for advanced users, but not really suitable for beginners.
Great stuff bro.
Thanks, glad it helped
So which is the most secure cold wallet would you recommend? Thank you.
Depends on what you are looking to store and what device you intend to use to interact with the hardware wallet.
@@CryptoGuidefor Bitcoin? Is jade entropy good enough? If used with green on phone?
Jade is a great device and there is nothing wrong with having it generate the seed for you. (This is the best approach for the vast majority of users)
@@CryptoGuide thank you for your reply. Im already using a hard wallet but also thinking of getting another cold wallet for BTC only and another one for alt coins only. What would you recommend for those?
Jade is great for Bitcoin, what you use for alts will depends on what you want to store and will mostly come down. To comparability
What if you just allow the Cold Card MK4 to generate your 24 word seed without using dice roll? Are there security concerns with those being cracked?
No, letting the device generate the seed is the best option for the vast majority of people
@@CryptoGuide thanks
No worries :)
@@CryptoGuideBut rolling 100 dices isn't that difficult. Just use a shoe carton, mix 5 dices 20 time and that's it. How isn't that for nearly everyone better/safer than letting cold card generating a seed?
Because too many folk don't take the time to do it properly, will just pick numbers themselves without dice, etc.
Thanks!
No problem and thanks for the tip :)
Let’s say I want a 24 word seed phrase and I roll one di 99 time. Is there anything I can do while rolling the die that would make the wallet less secure? Also can the die be a normal six sided die?
Basically if you use a single die then it's bias could be an issue. That said, if you do the full 99+ rolls for a 24 word seed, even if the entropy out of a single dice isn't perfect, it will still be well above what is required for a secure seed. (This would only be a major problem if you were only doing 50 rolls for a 12 word seed, going for the full 24 gives you a significant buffer)
For it to be a problem with 99+ rolls, the dice would need to be so bad as to be looking almost like a coin toss in terms of the outcomes that it is giving you.
@@CryptoGuide thank you. How many dice should you use and can they be six sided dice? And would a seedphrase created by throwing a die (or two dice perhaps?) 99 times be as or more secure than a wallet created using a Ledger device?
2+ dice is fine and D6 dice are also fine. (And the dice don't all have to be the same) Just look at my video on making a zero trust wallet with dice and I talk about it more there.@@pubdefendr
@@CryptoGuide I watched the video you mentioned. Thank you! Do you think that creating a seed phrase on seedsigner using a picture is more secure than by using dice?
The camera mode is about better convenience and speed, not better security. (Especially if compared against 99 dice rolls)
Great video!!
Thanks
what do you mean by a ''BIP-39 passphrase''. do you mean a single word from BIP39 word list or any word or phrase with symbols and numbers added in?
No, I mean a BIP39 passphrase see coldcard.com/docs/passphrase/ or www.ledger.com/academy/passphrase-an-advanced-security-feature
@@CryptoGuide Sorry for asking but What is the difference if I use a random passphrase that I can only think? This isn't safer?
What does "I can only think" mean?
@@CryptoGuideInstead of using a word from BIP -39 list, why not using a passphrase with numbers words and sumbols to make it much harder for someone to find?
A BIP39 passphrase doesn't need to be a single word or even words from the BIP39 word list. It can in include numbers, symbols, etc. Just be sure to include it in your backups somehow as well.
Would a pasphrase randomly generated prevent this (ahh u answered that question in the video thanks)also multi sig is a better option for security
Yes a passphrase does add a significant layer of protection, especially if you never made any transactions on the raw seed as there is simply no way for someone to know that that seed is even in use.
Multisig does add even more security, but also adds significant complexity in terms of what you need to keep for the backups.
@@CryptoGuideCould you further explain how to keep a "clean" raw seed? Isn't even sending 0,1 BTC to it making it "dirty"?
And if someone finds your seed, couldn't he see anything on it stored, doesn't matter if you were using it for transfer or not?
It isn't really a case of dirty or clean, but simply that if a given seed has never made any transactions without a passphrase, it's impossible to know it if has ever been used. (Either with a passphrase, with multisig, etc)
@@CryptoGuide But what does that change?
It's only a problem if someone finds your seed ? And the probability is near 0 or am I wrong?
How else will someone know your seed ??
That's right, it's only relevant if someone finds your seed.
Could you compare Trezor T vs Trezor 3?
I have ordered a Trezor 3, so will post when it arrives. Generally speaking it looks to have all the features of the T at a fraction of the price... (Though without the fancy colour touchscreen)
@@CryptoGuide plus the secure element. However I’d like to know how you’d enter the passphrase without the touch screen. Do you have to use the computer keyboard and risk key logging detection?
@jonathanlivingston7358 it's via the screen using the two click buttons like on the trezor one
@@formetoknow540 oh I c. So that means that Trezor T and 3 have the same level of security to remote attacks but Trezor 3 is higher in security to physical attacks. I don’t know how I feel about entering a long passphrase with just two buttons. That must be quite difficult
Thank you!
Yea you can see in both their announcements and their Github that passphrase entry can be on-device, so it will likely be a fairly painful exercise to enter with two buttons, though no worse than something like a Ledger.
Great video. Just a bit of unsolicited advice. You might consider trying to speak slower. At times, you speak quite quickly and it is difficult to understand.
Thanks for the tip, I'll work on it :)
you can adjust the youtube video speed dude.
That's my standard advice ;)