is hardware RNG different from software random number generator?
398 sats \ 4 comments \ @joda 2 Apr crypto
zaps forwarded to @OpenSats (100%)
This is from Ledger
"you can restore a 12-word recovery phrase into any Ledger device. However, we do not recommend importing a 12-word secret phrase that was generated by a software wallet such as Metamask, Phantom, Keplr, Electrum, etc. Recovery phrases created by software wallets are digitally generated and are therefore less secure. On the other hand, if your 12-word recovery phrase was originally created by another hardware wallet like a Trezor One, it is safe to import it into your Ledger device and continue using the same accounts."
I could see the argument that generating on a general purpose computer introduces attack vectors, but they are saying the randomness isn't as good. True?
write
preview
related posts
126 sats \ 3 replies \ @frostdragon 2 Apr
Yeah that doesn't make much sense. It's misleading because it's technically "digitally generated" either way... A cryptographically secure pseudo random number generator should be using something truly unpredictable as a seed. Something in the environment, like random mouse movement or background noise or temperature or light. So, I guess how I can see how they might be attempting to differentiate a non secure PRNG vs a secure one by calling the former "digital". But it's all still happening in the box. In theory there's nothing about a hardware wallet that can do this better than a computer.
It sounds like they might just be referring to the general insecurity of internet connected devices, or perhaps the overall lack of integrity with software wallets - see the milksad vuln (they weren't using a CSPRNG).
reply
21 sats \ 1 reply \ @joda OP 2 Apr
Oh wow that was RECENT. I started reading and thought it was from like ten years ago.
reply
0 sats \ 0 replies \ @frostdragon 2 Apr
Yeah it seems like this should have been 10 years ago. Insane the things people continue to get wrong.
reply
26 sats \ 0 replies \ @nullama 2 Apr
Well, there are hardware quantum random generators in mobile phones for a few years already.
This is from 2021: Samsung’s Galaxy Quantum 2 has quantum cryptography built in / Featuring the world’s smallest quantum random number generator
reply