Ich war etwas paranoid und wollte meine eigene Saatgutphrase erstellen
Home › Foren › Ledger Wallet › Ich war etwas paranoid und wollte meine eigene Saatgutphrase erstellen
- Dieses Thema hat 6 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 8 Monaten, 4 Wochen von loupiote2.
-
AutorBeiträge
-
-
9. August 2023 um 11:01 Uhr #2776428root_s2yse8vtAdministrator::
Ich habe mir überlegt, meine eigene Seed-Phrase zu generieren, um sie in meinem Ledger oder anderen HW-Wallets mit Würfel/Spielkarten zu verwenden. Es gibt Online-Tutorials, um dies sicher zu tun, aber wie ist dies im Vergleich zu nur mit einem RNG auf eine völlig offline Tabellenkalkulation Software wie libreOffice auf einem TailsOS Boot-Gerät? Ist es nicht genauso zufällig, wenn man z.B. =RANDBETWEEN(0,1) für jedes Bit verwendet?
-
9. August 2023 um 11:01 Uhr #2776429
-
9. August 2023 um 11:01 Uhr #2776430tookdrumsGast::
not secure at all as it depends on the number of bits setting up the initial seed of the RNG then you just need to bruteforce those to get the same seed and then you RNG will spit out the exact same list of bits.
This a BIG problem in crypto… Wallet developper think that they can do better but they can’t. Some pretty big wallets have been pawned because of a bad RNG like trust wallet extenstion:
https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/ -
9. August 2023 um 11:01 Uhr #2776432brianddkGast::
There is no randomness in digital design, only approximations of randomness. They call digital random number generators psuedo-random (PRNG). For a TRUE random number generator (TRNG) you need something based on quantum effects. Most of the time this isn’t a problem since you can mix many PRNGs and emulate a TRNG, but some don’t trust it, hence the internet howtos.
So using dice is just a better RNG if you don’t trust the PRNG, but since you have to use a PC to convert the RNG entropy into a BIP39 seed, you loose all your security.
An “air-gapped” PC is nowhere near as secure as a hardware wallet.
-
9. August 2023 um 11:01 Uhr #2776433cheeb_ledgerGast::
As u/loupiote2 mentioned, generating your own 24 word recovery phrase can be a bit of a tricky process if you’re not careful and so you absolutely want to be positive of your decisions while doing so (as a poorly generated entropy can lead to an easy to compromise 24 word recovery phrase).
In this case, I would advise using a hardware wallet (such as a Ledger) to create your entropy, using industry-leading [TRNG](https://support.ledger.com/hc/en-us/articles/360010073520-Quality-of-randomness?docs=true) within the hardware – to generate your 24 word recovery phrase.
If for any reason you perhaps miss a step in the process of creating your own 24 word recovery phrase by hand, or don’t generate qualitatively sufficient entropy – your 24 word recovery phrase won’t be considered safe – and your funds will be at risk as well.
-
9. August 2023 um 11:01 Uhr #2776434neverfucksGast::
the internet relies pretty heavily on frameworks’ (like node JS for instance) crypto libraries having secure rngs:
% node
Welcome to Node.js v14.18.0. Type “.help” for more information.
> require(‘crypto’).randomBytes(64).toString(‘hex’)i’d caution you, though, the odds of making a more secure wallet by coming up with your own methodology to construct a seed phrase are very low and the chances of making a less secure one are high.
-
9. August 2023 um 11:01 Uhr #2776435loupiote2Gast::
In general it is not a good idea to generate your own seed phrase for multiple reasons:
– your seed phrase entropy (randomness) will likely by of inferior quality than the one generated by the ledger hardware true random number generator.
– you could leak your seed when you generate the 24th word which includes an 8 bit checksum, if you are not very careful or do not know the proper OPSEC
-
-
AutorBeiträge
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.