Staying in my lane and would never even attempt dice rolls. People always want to make things complicated. When in doubt, keep it simple. Damn.

IMO the wallet is more at fault than the users.

No software should produce a seed without enough dice rolls/entropy.

Don't roll your crypto. Don't roll your own dice.

True. This should be like a pinned message in every hardware and software wallet

For generating a standard seed, agree that the onboard RNG is most likely good enough. Even better if the wallet allows the user to inject some of their own entropy, so that user input is strictly additive. But dice rolls do have their place for more... exotic ... setups e.g. #400044

You think that's a hot take?

A person that stupid shouldn't have bitcoin. If they have children, maybe they can ask their children to hold their bitcoin. They should probably just have 20% bitcoin ETF and 80% SPY. No different than how you wouldn't say Joe Biden is mentally unfit to self custody.

Not being a moron does not make someone an expert. ColdCard makes it very clear you want 100 rolls. How are you not going to pay attention to details with your life savings???

If you can't roll a dice, I'm honestly terrified to know you are out there driving on the same streets as me. Please don't crash into me, ffs.

also, after setting up a wallet, only send to it an amount you are willing to lose, then wait several days, if possible, to see if it gets swept.

Knowing that you need to use more than 10 dice rolls for high entropy, food does not make you an expert.. the actual fuck…

Oh come on now! How naive can one be?!

What do you think about this guide if followed correctly? https://bitbox.swiss/blog/roll-the-dice-generate-your-own-seed/

How?

Disagree - You don't have to be an expert to do what instruction said...

If you are confident enough to try dice rolls, you should be confident enough to use multiple signatures

retard take

IS THIS TRUE?

"True random number generator and non-deterministic algorithms create private keys- Devices such as Trezor, Ledger, ELLIPAL and most wallets come pre-loaded with private keys, meaning a level of trust is involved."

Maybe this would be the best solution to avoid potential issues with the TRNG elements or can the user also do something wrong with this?

Dude what rock have you been hiding under? Randstorm was disembargoed almost three months ago. BitPay had to scramble to get all the people who used Bitcore to regenerate their seeds:

The awful thing about keygen entropy bugs is that you can't unit test for true randomness. This leaves people vulnerable to entropy bugs ten years later which is exactly what happened with bitcoinjs.

I think you're doing people a huge disservice with this kind of fearmongering. Put your time to better uses, like spelling out a clear, precise, easy-to-follow-and-hard-to-fuck-up set of instructions for generating a seed using dice. The gold standard is this: roll the dice, convert to seedphrase by hand (using pencil and paper and word tables), import the seedphrase into two airgapped wallets based on completely different software, make sure each can spend the other's UTXOs.

ok so let me challenge you,,, i'll throw a dice just 10 times like you say and i bet you'll not be able to guess the seed, are you up for the challenge? i'll throw a dice for 10 times, and use the outcome string to generate a sha512 hash which i will use as a bip39 seed... are you up for it?

It would be useful to have more info. What guide was the user following? What HWW were they using?

I am surprised you cite this as a common issue. Everything I've come across online concerning the dice method has made it abundantly clear that you need a certain number of rolls to achieve a desirable level of entropy.

more nuanced and maybe actionable advice is probably something like:

that's how I'd rewrite the title/post if I wasn't trying to pitch a hardware wallet.

one advantage of rolling dice is you do it in front of your eyes. you see and experience the entropy yourself. so you can sleep a bit sounder knowing you're not wholly trusting software that you don't exactly know 100% inside out

the answer is borderwallets

Open-source generators… you mean like the “BX seed” command in LiBitcoin?

“The Milk Sad Vulnerability and What It Means for Bitcoin Bitcoin MagazineAug 28, 2023 In the newest episode of Bitcoin Magazine’s "Bitcoin, Explained,” hosts Aaron van Wirdum and Sjors Provoost discuss the ramifications of a newly discovered exploit dubbed “Milk Sad,” affecting Bitcoin users attempting to run the alternative Bitcoin implementation Libbitcoin when connecting to the network.

Revealed earlier this month, the issue of an insecure Bitcoin command called "BX Seed" in the Libitcoin library has made it vulnerable to attacks, potentially allowing adversaries to guess private keys and access Bitcoin funds.

As profiled, the insecure command produces only 32-bit random seeds, significantly reducing the number of possible seeds and making it relatively easy to guess a target user’s private keys. …“

You don’t know what you don’t know, and most people hardly know anything at all. Trusting a hardware wallet is still trusting a third party. Most people can’t read computer code, so how can they verify that the code isn’t malicious, and produces seeds from an adequately random number generator?

I know that a good seed mnemonic is comprised of 23 seed words produced in a truly random way, +1 word calculated from a bit more entropy and the prior 23 words.

Keep It Simple Stupid — print, and then cut out, all 2048 possible seed words onto tiny slips of paper, put all the papers in a bucket, make sure they’re all well separated and not stuck together. Shake the bucket, reach in without looking and pick one slip of paper. Write it down, return the paper to the bucket, and repeat 22 more times. Use SeedSigner and a coin to get the 24th word.

Simple and effective.

Okay I will be the noob here. So they rolled 10 dice and derived a seed (256 bits) number from that.

What you're saying is that this wasnt enough randomness. Someone looked at the chain, saw the deposit to the address generated from that seed, and brute forced it?

Here's my question: the public btc address that was generated from that seed was generated from sek256 elliptic curve math, so how on earth did the attacker know it was a low entropy seed??

I can take 44 character number with very low entropy e.g. 1234321234...etc and it will generate an address like bc1etc. There's no way for me to know that address was a low entropy address....

So why was this guys 10/roll seed an issue??

Just a question

Dice rolls...? What's this? Casino? 😬

Hello

I'm not an expert, but I somehow managed to roll a set of dice enough times to get 256 bits of entropy. I also added a passphrase.

Dice rolling is an excellent method to mitigate risks of RNGs because you're obviously generating verifiable entropy in front of your own eyes.

Here is a straightforward guide, maybe not for Grandma, but easy enough for non-experts like me:

I assume the process should work on devices that copied the Coldcard's firmware, so Passport wallet may be able to do this process too.