in

Crosscheck of private seed generation plan

I’m currently planning to finally move all my cryptos from my exchange over to a hardware wallet.
But before doing so, I want to minimize all possible attack vectors on private key / seed generation. That’s why I’m looking for input, if my current plan is state of the art or if there are any major flaws I’m not seeing.

I’ve read that quite a few people recommend generating your own seed (and not trust the RNG in the hardware wallet) to protect yourself from a possible flaw in the RNG of the device.

I was therefore planning on generating the entropy (and the corresponding seed) myself. One (in my eyes pretty well written and sound) how-to, that I might follow would be [https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it-yourself/](https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it-yourself/)

I was thinking about exchanging the coins trough a six-sided dice (or multiple, cycling trough them for each throw), treating numbers 1-3 as 0 and 4-6 as 1. Using this binary entropy, I would like to generate the 23 seed words “by hand” using the template from the website.

What I’m most unsure about is the generation of the 24th word/checksum. I know about the statement “never type your seed phrase into any other electronic device other than your hardware wallet”. Therefore I’m a little bit unsure how to accomplish the checksum generation. Currently my plan would be to take an old laptop (used to be my daily driver, so not specifically bought for the bitcoin seed generation), unplug any (internal and external) hard drive, boot a Linux Live DVD with deactivated wifi and generate the checksum using an offline copy of [Seedpicker](https://seedpicker.net/calculator/last-word.html) or [Ian Coleman’s tool](https://iancoleman.io/bip39/) (copied over via a USB thumb drive). Afterwards wipe the thumb drive or even destroy it physically.

I would now like to know, if my plans are following the correct procedure of if I’m actually missing a critical point.

Specifically two questions are not yet fully clear to me:

1.) Is there a better (i.e. faster) or more practical way of generating the entropy instead of using 1 coin/dice at a time. Is my way of entropy generation actually a good way?

2.) Is it safe to type the entropy/generate the seed on the air-gapped laptop in the specified way? As I said, the laptop is not brand new, so I was wondering if it would be possible that there might be a rootkit lingering somewhere in the hardware of the system (other than the hard drive) or if the use of the Live DVD should mitigate this.

Thanks in advance!

What do you think?

10 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

5 Comments

  1. > treating numbers 1-3 as 0 and 4-6 as 1

    Clumsy and slow. Might as well toss a coin

    > What I’m most unsure about is the generation of the 24th word/checksum

    The 24th word is not a checksum
    The software mechanism starts with 256 bits of entropy. The word list is 2048 words. 2048 is 2^11 Therefore each word is 11 bits, and 24 words requires `24 * 11 = 264` bits. The checksum is 8 bits, created by hashing the 256 bits. The 24th word is 3 bits of random and 8 bits of checksum

    Read the specification
    https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

    So if you’re committed to 256 coin tosses or dice throws, type the ‘0’ and ‘1’ characters into a computer, run an app to convert the string of ‘0’ and ‘1’ characters to binary, SHA256 hash the 256 bits of binary, use the first 8 bits of the hash for the last 8 bits for the 24th word

    > Is there a better (i.e. faster) or more practical way of generating the entropy

    Sure, you do the dice throws, let your computer do all the computer work. Download the BIP39 tool from GitHub and run it off-line
    This tool: https://iancoleman.io/bip39/
    from this GitHub: https://github.com/iancoleman/bip39/releases/latest/

    Use the checkbox labeled “Show entropy details”. The app supports dice throws entered as [1-6]. You’ll need 156 dice throws for more than 256 bits of entropy

    The app does the SHA256 hash calculation for the checksum, does all the word lookups and displays your 24 words

  2. Trezor and Ledger have both been about for many years, and sold many millions of devices, and likely store many billions of dollars worth of of crypto between them — I’m pretty sure if there was a hardware flaw it would have been discovered by now.

    However if you really want to generate your own you should read up on several reputable established methods (I like “diceware”) and research the risks of each (cheap (gaming) dice are often not perfectly fair, good “casino” are better) , and follow each and every step for the system you choose precisely.

    Deviating from the plan is when errors or lapses happen.

    1. Multiple dice can be used at once, as you’ll know when you research properly.

    2. Hardware rootkits do exist so may be a potential threat, but depending on the method you choose, all you’d want it for is generating SHA256 hash to help with brute-forcing the checksum word. Everyhting else can happen on paper, and the hardware device itself. If you can’t trust you hardware and e.g. your email / passoword manager / 2fa is compromised you likely have bigger problems to worry about.

    One of the reasons to “do your own research, due diligence, and risk assessment” is so that you can make an informed decision to *act appropriately*.

    Since you’re asking on a beginners sub, you’re probably better off just using a decent hardware wallet as recommended — at least until you’ve had time to fully grok the process and trade-offs — you can always move your crypto-assets to addresses secured by your own process at a later date.

  3. I did exactly what you described. I generated my seed with [dices and a coin](https://github.com/taelfrinn/Bip39-diceware) and [brute-forced](https://github.com/avsync/bip39chk) the 24th word on a [Tails](https://tails.boum.org/index.de.html) installation on a USB Stick in a complete offline environment and wiped everything afterwards.

    EDIT: Funfact: My wife saw me doing this and bought me a whole new set of dices because she thought I’d “play with my Bitcoin” more often (she’s clueless about Bitcoin).

  4. To answer the challenge a different way, if you don’t trust the RNG due to simple mistakes or whatever you can use a ColdCard where you can mix their entropy with dice rolls.

  5. WassaWassaWassup! Scam Alert! Scammers are particularly active on this sub. They operate via private messages and private chat. If you receive private messages, be extremely careful. Use the **report** link to report any suspicious private message to Reddit.

    *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/BitcoinBeginners) if you have any questions or concerns.*

MERCY deflationary released || low marketcap ||

An IRS Insider’s Look At Crypto Taxes