These Bitcoin Hardware Wallet Private Keys Are NOT Safe!

Ok. So I just discovered that I’m not as smart as I thought I was.

arielrglaze

This video was really straightforward and helpful. Thank you so much!

narwhaltacos

For Ledger you can still roll dice and use bitbox’s lookup table. Your Ledger would automatically calculate the last word - the checksum word.

martinlutherkingjr.

Great video, Rhett!
I have worked with random generators in my own code and know that the identical seed will generate the same number from experience. I could not figure out how 2 Trezors with identical software could generate different random numbers.
No one else has explained this to me as clearly as you.
Thanks.

marty

As always thanks, I don't do any of this stuff, but I still enjoy your content, you deserve to have a bigger platform.

jonthomas

interesting stuff, I never even though about how wallets generated your seed, thanks for the vid

CarAudioInc

I read the Ledger article, and isn't 2^256 random enough? Dopey me, but there's more possible private keys than than there are atoms on earth. Anyway, an interesting look at options. Nice work with the lighting /production improvements, btw. Looking better than ev.

AskDadWhy

So for us lesser mortals, ledgers basic set up where it generates a random seed is not secure and someone could guess the seed?

Afiore

Not all random numbers that come out of a computer are generated by an algorithm. What you spoke about is PRNG (Pseudo Random Number Generator). There is also TRNG (True Random Number Generator) that uses some miniaturized natural phenomenon to generate non-deterministic random numbers and feed them into the computer. For example, a very low-power light beam can be shot into a crystal and the quantum randomness of a low-power light source can cause photons to exit the crystal in unpredictable directions. This can create true random numbers. Ledger claims to have an onboard TRNG, but of course, take Ledger's claims with a cup of salt. I generated my own 256-bit random number. I am an astrophotographer and I took a deep-space image of a galaxy and sampled a row of 256 pixels across the galaxy's core. I passed the data through a simple function on an air-gapped computer to generate a 256-bit binary number that then generated my seed phrases. There's enough quantum randomness in camera pixel readings to create true random numbers. Creating your own random 256-bit binary is the undisputed safest way to generate seed phrases.

sateshmahadeo

Just thinking about Andreas' video about all the sand in all the galaxies haha. Thanks for the video, I've picked up a lot from you recently :)

samthorpe

Thanks, Rhett, this video really helps me to find/do a safe setup for my wallet(s).

StSmallhouse

0:46 There is, just use the heat noise in the electronics. But I don't know which hardware wallets use this method (if any).

JanPBtest

So if you generate entropy by entering dice the cold card does not also incorporate the "external entropy function" used in the standard seed generation?

marty

Am I correct here? No problem with the entropy in the coldcard’s selection of 12 or 24 word seed phrase but IF you add predictable low entropy like ‘1234’ as a dice roll, you open the door to someone guessing the private key?

sylvianederlander

Hi Rhett. I have seen this video a couple of times. It is a fantastic issue and key to safety for the seeds and wallets. Is there any number where it begins to be absurd about the dice rolls? I get that 100 is essential, but how about the maximum? When does it not make any sense anymore because the math in the hardware wallet software can process so many digits? For example, 250 dice. And finally, how will it look like a dice roll-generated seed (at least 100 to 250 dice) with a passphrase added? Does this make sense to you? Thank you so much! Amazing content! 💪

JarolCuellarValle

This video is really phenomenal. In just a few minutes of watching it, I've decided that I will not be making my own seed phrase from dice. Ever. At some point we have to believe that the people behind Trevor and Coldcard and others are better at this than I am. I come from the financial world. This reminds me of those who think they can outperform the stock market, when all the facts and data say the best way is to buy a low cost index fund. At some point you have to make the most logical decision and not think we are the smartest people in the room.

rufuspipemos

so do you advise against doing the regular 12 word entropy no dice? is it really going to be that much of a risk?

FinancialCharles

Just using a passphrase wouldn’t break an entropy attack?

CAIOVSKY

I have two questions??

If my crypto from Bitcoin is transfer to Trezor T model hardware wallet. All my crypto ( digital assets) will only stay safely in Trezor T.
Is that correct?

Let says, All my crypto from Coinbase that I have transferred to Trezor T model wallet can not be transfer back to Coinbase whenever I wanted to buy, trade or sell. Is that correct?


Which hardware wallet is the safest, secure and does not ware out easily which can last for 10 years or more ?

Which hardware wallet is safer, compatible and have the ability to trade, buy and sell even after all crypto from Coinbase has been transferred to hardware wallet?

Please advice ❤
Thank you very much

ahmayya

so are you saying, if I setup a cold card using their default "generate me a seed phrase" I'm basically trusting them to "roll the dice 100 times" whereas, if I didn't want to trust them, I could roll the dice 100 times and generate my own seed phrase that I know is TRULY (or as close as humanly possible) random?

LeedsLUFC