Ich war etwas paranoid und wollte meine eigene Saatgutphrase erstellen

[root_s2yse8vt]

Up

0

Down

::

Ich habe mir überlegt, meine eigene Seed-Phrase zu generieren, um sie in meinem Ledger oder anderen HW-Wallets mit Würfel/Spielkarten zu verwenden. Es gibt Online-Tutorials, um dies sicher zu tun, aber wie ist dies im Vergleich zu nur mit einem RNG auf eine völlig offline Tabellenkalkulation Software wie libreOffice auf einem TailsOS Boot-Gerät? Ist es nicht genauso zufällig, wenn man z.B. =RANDBETWEEN(0,1) für jedes Bit verwendet?

[basic_user321]

Up

0

Down

::

It’s not that hard to just roll some actual physical dice.

I’m not an expert, but I have read enough to have a distrust of software RNG, even on offline devices.

[tookdrums]

Up

0

Down

::

not secure at all as it depends on the number of bits setting up the initial seed of the RNG then you just need to bruteforce those to get the same seed and then you RNG will spit out the exact same list of bits.

This a BIG problem in crypto… Wallet developper think that they can do better but they can’t. Some pretty big wallets have been pawned because of a bad RNG like trust wallet extenstion:
https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/

[brianddk]

Up

0

Down

::

There is no randomness in digital design, only approximations of randomness. They call digital random number generators psuedo-random (PRNG). For a TRUE random number generator (TRNG) you need something based on quantum effects. Most of the time this isn’t a problem since you can mix many PRNGs and emulate a TRNG, but some don’t trust it, hence the internet howtos.

So using dice is just a better RNG if you don’t trust the PRNG, but since you have to use a PC to convert the RNG entropy into a BIP39 seed, you loose all your security.

An “air-gapped” PC is nowhere near as secure as a hardware wallet.

[cheeb_ledger]

Up

0

Down

::

As u/loupiote2 mentioned, generating your own 24 word recovery phrase can be a bit of a tricky process if you’re not careful and so you absolutely want to be positive of your decisions while doing so (as a poorly generated entropy can lead to an easy to compromise 24 word recovery phrase).

In this case, I would advise using a hardware wallet (such as a Ledger) to create your entropy, using industry-leading [TRNG](https://support.ledger.com/hc/en-us/articles/360010073520-Quality-of-randomness?docs=true) within the hardware – to generate your 24 word recovery phrase.

If for any reason you perhaps miss a step in the process of creating your own 24 word recovery phrase by hand, or don’t generate qualitatively sufficient entropy – your 24 word recovery phrase won’t be considered safe – and your funds will be at risk as well.

[neverfucks]

Up

0

Down

::

the internet relies pretty heavily on frameworks’ (like node JS for instance) crypto libraries having secure rngs:

% node
Welcome to Node.js v14.18.0. Type “.help” for more information.
> require(‘crypto’).randomBytes(64).toString(‘hex’)

i’d caution you, though, the odds of making a more secure wallet by coming up with your own methodology to construct a seed phrase are very low and the chances of making a less secure one are high.

[loupiote2]

Up

0

Down

::

In general it is not a good idea to generate your own seed phrase for multiple reasons:

– your seed phrase entropy (randomness) will likely by of inferior quality than the one generated by the ledger hardware true random number generator.

– you could leak your seed when you generate the 24th word which includes an 8 bit checksum, if you are not very careful or do not know the proper OPSEC

[Autor]

Beiträge