Hey everyone,
Sorry if this has been asked before. I know we need a CSPRNG for seed generation, but I'm curious if some wallets (whether they’re desktop, mobile, or hardware) can produce more random outcomes than others. I get the feeling that a computer could pull in more entropy compared to a basic hardware device. What do you all think? And what's your approach for creating a secure HD wallet?
Cheers
Although computers may have access to more sources of entropy, they have a security disadvantage because they are more prone to attacks. In contrast, hardware wallets are specifically designed for security and can be more reliable for generating secure private keys.
I don't think there's a difference between different devices to generate random seed.
If you want to generate a high-quality seed phrase, hardware wallets usually generate them because it generate 24 seed phrases with a passphrase, which is considered safest to generate a seed phrase, but you can also do that on different devices, like a desktop or mobile phone, using the Iancoleman tool and use the "Show entropy details" and put whatever you like to increase the entropy. The details should give you an idea about "time to crack" and don't forget to change the Mnemonic Length to 24 words.
Here's the site: https://iancoleman.io/bip39/
Then download the entire page or download it from the source and run it to a device that doesn't have any internet connection (never connect it to the internet) to avoid online attacks.
No, there are probably no differences across wallets/os/devices.
Most devices uses urandom to seed entropy and generate seeds and will thus provide seeds with similar level of security and/or entropy in theory. If implemented well, you should not need to worry about the source of randomness. Certain hardware wallets may use TRNG sources to seed their entropy. This is a good to have but is by far redundant; you are also not encouraged to use Javascript based wallet generator. Certain JS based wallets will seed from insecure sources.
CSPRNG from OS and RNG from hardware wallet generally is secure enough. At very least, i know /dev/urandom use lots entropy source. But if you prefer use random source that you can verify, your choice is limited to
1. Use coin, dice or similar object to generate entropy by yourself and then enter it to wallet software you use.
2. Inspect source code of the wallet to check whether it actually use OS CSPRNG properly.
I would never recommend anyone to use iancoleman for generating a seed phrase.
OP is looking for a secure CSPRNG and a tool which generates the entropy through javascript can't be a good option.
For the most part, the hardware wallets and the reputable computer software wallets generate secure seed phrases using CSPRNG.
I 'd go for electrum all day, every day.
Just make sure to decide if you want a cold storage device (i.e a fully airgaped laptop), or a software wallet.
My other option would be to buy a reputable hardware device. I consider Coldcard, Passport and Trezor among the reputable ones. I 'd not choose Ledger for privacy reasons. Nothing bad with their security though. check the posts below.
You can generate a Bitcoin wallet and then test the randomness of generated wallet but to be honest, I don't know how to do it. If you are very good at math and statistics, you'll probably know it or will be able to do a better research than me (I'm good but not very good).
Have a look at this: https://stackoverflow.com/a/32041435
Nothing bad with Ledger's security? Ledger has been claiming since the first day that your seed phrase will never leave the Secure Element chip but recently, as it turned out, this claim was wrong because they implemented Ledger Recover service. Logically, Ledger Recover service should be impossible to exist if seeds never leave the Secure Element.
On theory Device can have better entropy than the hardware which has limited resource however the TRNGs are specifically designed for cryptographic purposes which ensures the randomness of seed generation but if you're paranoid about their security then simply use Electrum to generate your seeds on a complete offline device and then flash it once you generated so your seed will not be exposed to internet meanwhile you can have the satisfaction of better entropy seed using CSPRNG.
You cannot do so, because you cannot take a single generated address and test it for how random it is. In fact, any entropy measure cannot definitively tell you how random or unrandom any entropy source is; a perfectly predicable source could pass and be seen as a statistical random source.
CSPRNG is more than sufficient. True TRNG is probably redundant for most and doesn't improve the security as much. TRNG in general are not specifically designed but are known random processes.
The best source of entropy is that one which is based on truly random physical processes. One of them is avalanche breakdown which is appears in Reverse biased Zener diodes, read this to learn why it is random.
Regarding wallets. Products manufactured by Foundation i.e. Passport, Passport batch 2 and presumably their new Passport 2 use Zener diode to generate randomness in the course of SEED creation. I have Passport 2 and thunk that it is one of the best wallet currently available on market.
Thus, if unpredictable random results is your priority at choosing the wallet for your stash then I would advocate Foundation's products.
Thanks for your answers. Yes, i'm aware that it is recommended to generate the seed phrase offline.
My feeling is that hardware wallets are convenient and safe to use but i'm not comfortable to let them
generate the seed, according this:
Source: https://coinbureau.com/review/bc-vault-review
https://medium.com/@brandonarvanaghi/analyzing-trezor-firmware-mnemonic-seed-generation-for-bitcoin-and-ethereum-4b03fbaad24d
If true, it is imo scary...
Personally i use an electrum wallet, but generated the seed with the Python module "secrets" installed and use
a live USB in Airplane mode. Indeed, electrum does not generate BIP39 seeds natively.
https://security.stackexchange.com/questions/242492/is-pythons-secrets-module-using-the-same-code-as-the-random-module
Am i paranoid? Might one day create a vulnerable wallet with a low value on it using a Mersenne Twister number generator and see if i someone is able to steal me....Could be fun...
Cheers
My understanding of the library that is being provided by Trezor on their GitHub is for reference and not for production. The actual Trezor that is shipped doesn't have such vulnerabilities. I'm not sure what's going on with the "pre-loading" of private keys. I'm not aware of any instance, do you have an actual source that is supposed to be neutral?
What does this prove? Electrum does not generate BIP39 seeds, to be accurate. Whatever seeds that are being generated is using the entropy at run time
Paranoid. You should be more wary about wallets that isn't widely audited or used.
FWIW, Electrum use os.urandom to generate seed and other sensitive data. AFAIK both os.urandom and secrets module use same CSPRNG, so i don't think what you did improve security.
You are paranoid. Also, if you want to have a hardware Bitcoin wallet, I suggest you to have a look at ColdCard and The Passport Foundation. In terms of safety and security, these wallets are on another level.
This is a very good article from ColdCard for paranoid users: https://coldcard.com/docs/paranoid/
Click on CTRL + F and paste this: Generating seed words with 256 bits of entropy by dice rolls.
He should worry more about how to store his recovery seed phrases safely. I think people care too much about things that are already fixed and aren't really an issue.
Suggesting specific brands is good because it will help OP choose a good device.
Just to add a general opinion, I 'd definitely go for a hardware device that:
1. includes a secure element.
2. is reputable and well established in the space.
3. is not too expensive. I don't think we should pay absurd amounts of money for the device.
Your wallet suggestions definitely cover the first 2, but they look expensive to me. I 'd rather focus on doing multisig with 2 reputable but cheaper wallets (but I don't know if there are any).
Disclaimer: I own both a cheap device and an expensive device, but I keep using electrum on my air gapped laptop