Topic: How important is it to generate private keys from Ledger wallets? (Read 216 times)

You do not need to manually generate the private key. Ledger does that for you, it uses a true random number generator (TRNG) embedded in the secure element to generate your private key. TRNGs use unpredictable means to generate numbers, like atmospheric noise for example, while PRNGs or pseudo random number generators use mathematical algorithms, which are completely computer-generated. PRNGs make the generated random numbers predictable, which is the case if you try to generate it manually or use a website like bitaddress.org. Software wallets use random algorithms for PRNGs. You can be sure that the private key generated by your recovery seed once you initialize your Ledger is completely secure and unpredictable. The secure element also stores the private keys for your crypto, so they’re secure and never leave the device.

An ideal hardware wallet is one that uses a secure element, or it would not be a vast improvement over a software wallet. ColdCard and Cobo Vault have open sourced their secure element, while Ledger has not.

The seed is all you need. They should also be stored safely in something stronger than paper I believe. Steel backups like the Billfodl, CryptoTag and Cobo Tablet are good. There are many more....

Anyone is free to double check my math.

A trillion Earths with a trillion people each with a trillion computers each generating a trillion keys each per second. That's (10¹²)⁴. 13.7 billion years since the birth of the universe, multiplied by days, hours, minutes, seconds. 4.3*10⁶⁵ keys generated since the dawn of time.

There are 2²⁵⁶ private keys (in reality slightly less, but for the purposes of this calculation the difference is so small as to be irrelevant).

(4.3*10⁶⁵)/(2²⁵⁶) = 3.7*10^-12 = 0.0000000000037 as a fraction, or (round and multiply by 100) = 0.0000000004%.

Good point, and I should have been more specific when I used the phrasing "you are the only person". Obviously, if you are the only person who knows how to access your private keys or where your seed is backed up, and something happens to you, those coins are lost, potentially forever. If you want your family or friends to inherit your coins, then you need some sort of recovery system - anything from your partner also knowing where the seed is backed up, to an elaborate 3-of-5 split secret or timelocked transaction.

Is this really correct?

This is very impressive, and it really shows how our human mind can't understand what big numbers really and how they work.


It is important to note that if are you holding significant amount you should really do that, hardware wallet.
However, if you have a family it is important to allow a familiar member know how to retrieve them as well, especially if you have kids.
Those coins might be worth a lot more in the future

I'll have this noted. I actually compile all the small pieces of papers where I've written all the important information such as seeds, PINs, passwords, and so forth and store them together in a single place. Having 3 copies of all those, I also have 3 different storage places but they are all compiled together. This is apparently ridiculous. But I just thought that having a single storage place for a single piece of information will demand at least 10 different storage places. I might end up forgetting half of them after some time.

Definitely. If your coins are stored behind a passphrase, then the seed alone is not enough to restore access to your coins. Having the seed but not the passphrase would allow you to try to brute-force your passphrase, but if your passphrase is long enough and random enough (as it should be), then brute-forcing will be ineffective. It's worth noting, however, that you should have your seed and your passphrase backed up separately. The whole point of a passphrase is to keep your coins secure if someone should gain access your seed. There's no point in using a passphrase if you back it up on the same piece of paper as your seed.

Take in mind besides SEED  there is a need in backuping of 25-th word if you choose it for better security of Ledger's private  keys. The set of prv keys relevant to SEED+25-th word differs from that one pertaining to bare SEED.

Never enter your actual seed anywhere, unless you absolutely must to recover your otherwise inaccessible wallet. As soon as you type your seed in to a computer, it should be considered compromised and you should transfer all coins contained within that seed to a new wallet immediately.

Theoretically it is possible (in the same way that all the atoms in a marble statue suddenly vibrating in the correct direction to make the statue move is theoretically possible), but in practice the chance of it happening is so close to zero that it is deemed impossible. See my quote below:

---

I think it might be worth clearing up a misconception which you seem to be holding. "Not your keys, not your bitcoin" refers to all wallets. If means if you are trusting someone else to control your private keys (as is the case in exchange wallets and web wallets), then the bitcoin isn't really yours. Indeed, even if you know your private keys and someone else does too, the bitcoin still isn't really yours, since the other person still has full control over it. The private keys need to be yours and yours alone.

Now, you don't actually need to "know" your private keys in the sense of having them written out in plain text and saved somewhere. You simply need to be the only person who can access them. Just in the same way, you don't actually need to "know" your seed in the sense of having it memorized, as long as you are the only person who knows how to retrieve it from your back ups.

When you first use a hardware wallet like your Ledger, it first generates a seed. It then uses that seed to generate all your private keys. The private keys are held within the device. As long as you are the only one who can access your device and your seed, then the private keys are yours. You don't need to "know" them, you don't need to have them saved in a file anywhere, you don't even need to be able to extract them from your hardware wallet (although you can if you wanted).

So to answer your initial question: If your hardware wallet generated a new wallet for you, you backed up the seed, and you are the only person with access to it, then the private keys (and therefore the bitcoin) are yours and yours alone.

Yes it is possible. If you are feeling lucky you can try.
I warn you: it is easier to be hit by a lightning 10 times in the same day. Or winning 10 times in a lottery.

In theory someone can try and guess your 24 words seed, put them in the correct order and generate a new wallet with those words stealing your funds.
But that is very, very, very... unlikely to ever happen. Besides your seed words you can create a 25th word as an additional security feature. A password. In case someone stole your seed they would also need that password to gain access to your assets.

I wouldn't worry about that though. I am not good with math but the possibility to arrange 24 random words in the correct order isn't a concern.   

All this time I was thinking that the only way to use the BIP39 private key generator software of Coleman is by downloading and installing it. Never thought there is a website for this. Thanks! Will try it for curiosity's sake.


Is it therefore a possibility that one can steal from it? By randomly arranging the 24-word mnemonic, you will arrive at a particular wallet address with its corresponding private key, and if that address has a deposit, you can easily import that address because you already know the private key, and make the withdrawal. Or am I wrong somewhere?

Yes, the Seed (your 24 words) can generate all the private keys you need. All the private keys from your ledger wallet are derived from that 24 words.

For educational purposes only, go to the website iancoleman.io/bip39

Insert any seed, this one will do it "word word word word word word word word word word word word" (never insert your seed, ofc, as you can lose your funds when you write them in a computer)

Scroll down and you will see many Public Address and their respective private keys. This is what your seed generated from ledger can do.

It still does... it's just that wallets that use "seed words" derive all their private keys from those seed words... so as long as you (and ONLY you) have the "seed words"... you still control the private keys

It does but the Seed is the Alpha and Omega.

The saying 'not your keys, not your coins' applies to things like crypto exchanges and web wallets where you don't have access to your private keys but also not to a seed. When you set up your Ledger wallet you were shown your Seed words but when you register an account with an exchange you don't get that. They own your coins. You ask them for permission to use your coins. They can give you access to them but they can also request additional information, KYC, proof of origin or simply scam you and steal them. 

So in case the exchange stops working you have no way to recover your money. That is why it is so important to know the private keys and even more important to have the correct seed.

Your answers are enough for me to be enlightened and finally feel at ease with my seed alone. This question has been bugging me for some time. Thanks to both of you! 


Yeah, I got mine from the official site of Ledger.


Got it! I was thinking that the golden rule "If you don't own the private keys to your coins, you don't own them." applies to all wallets.


I'm sorry. I got the OP wrong. It should be private key to my address and not to my wallet.

With hardware wallets like Ledger you don't have access to your private keys and they never leave the safe environment of your device.
You have your seed words. Even if you connect your Ledger to Electrum you still can't see your private keys. You don't need them if you are using a Ledger HW. Just make sure your seed is kept away from prying eyes and never store or enter it anywhere online.

One private key unlocks access to one address. You can have X number of addresses. The seed unlocks access to every single address generated in your Ledger Live.

 

As long as you bought your ledger from an official source, the seed is all you need.

The seed should already be pretty random and you will definitely be able to restore your coins as long as you write down the right seed as the seed nmemonic is just a large number moved into words and there are so many copies of the algorithms for the derivation paths it'd take every computer to be destroyed and every printout of the code for the mnemonics to be irrecoverable (which would've wiped out bitcoin too).

The 24-word recovery phrase is said to be the full backup of your wallet. In other words, even if your device is stolen, destroyed, or lost, for as long as you have that 24-word phrase with you, you still have the full control of your wallet. This is also true even if your computer or laptop where your Ledger Live is installed dies. You can easily choose a compatible third-party wallet and export your account.

However, it is also always said that if you don't own the private keys of your wallet, you actually don't own your coins.

So, a question coming from someone who is not really an advanced user, do we really have to go through choosing and downloading the right software where we can manually generate our private keys? Or is it already enough that we have several copies of our recovery phrase stored in different safe places?