Pages:
Author

Topic: How to significantly decrease the randomness of your newly generated seed phrase (Read 543 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Raffle stubs, Cards in a deck, Dice, Coin toss ... Dice is the one that makes the most sense, and if you really want or need a little "overkill" then just roll a few more times. Roll 101 times > more than 256 bits worth then feed it through a 256 bit hash function. I would not completely dismiss electronic ones (the hash function is not practical to be hand computed.)

6 sided Casino Grade dice would be your "gold" standard (bitcoin standard?) since casinos handle millions of dollars and obviously they do not want to be cheated. You can have your own lottery ball machine at home but it would not be practical.
legendary
Activity: 2268
Merit: 18748
Ian Coleman's site (https://iancoleman.io/bip39/) will let you use all the cards from a full deck. Just click on "Show entropy details" an then click on "Card" on the right hand side, and enter the number and suit of each card you draw. It works by assigning some cards 5 bits of entropy (32 possible combinations), some cards 4 bits of entropy (16 possible combinations) and some cards 2 bits of entropy (4 possible combinations), for a total of 52 possible combinations. If you simply shuffle a full deck of cards and then draw all the cards, you will therefore reach 232 bits of entropy, so it leaves you a bit short for 24 words, but is enough for 12, 15, 18, or 21 words, but doing so is not entirely random since you are forcing the use of each card exactly once.

Better as you say to shuffle the deck after a set small number of cards and start again.

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Someone pointed out to me a few decks of cards will also work quite well.
Pull out all the J - Q - K and shuffle well.
Pick the top "X" cards from "Y" decks and then shuffle well and do it again.

There are a lot of ways to do it if you want to avoid the electronic ones.

-Dave

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
The biggest reason to stick to "normal" 6 sided dice is that plenty of companies make them in "casino grade" transparent colors with sharp edges. This minimizes any bias and prevents cheating. The casino rules also prevent cheating. You have to roll the dice across the table and it has to bounce back to be counted.

In practice, just bounce your own dice without looking at it for a few seconds and you'll be fine.

For most normal people, rolling 100 times or rolling 100 dice one time is good enough provided you have all other physical security in place.

For the issue of rolling 100 dice all at once, you can probably get a large enough box to put them in, then shake a little until they are semi-lined up at the bottom. They will be in some sort of order which you can then use, left to right, top to bottom.

You could also just get your 100 dice, throw them across the room, and use a stick to collect them, they'll be in a semi-random order.

It would be fun to roll 100 different colored dice, then take a picture of it, export the RAW file, and hash that.

This, in addition to any other entropy your hardware already generates from the OS, mouse movement, etc.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
7 piece of 120 sided dice? At this point, i would just use the money to buy a hardware wallet and keep the change.

True, but they are re-usable forever. No hardware updates, etc.

Wouldn't we be bumping into the limits of cheap plastic molding tolerances with such a dice?

Rolling a bunch of six-sided dice and just counting them left-to-right top-to-bottom seems better than any complication TBH. Don't need to buy a 100 either, just grab what you can find in the board games laying around, or if you're one of the cool kids who doesn't play board games... well, toss a bucket of coins on a tile floor.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
7 piece of 120 sided dice? At this point, i would just use the money to buy a hardware wallet and keep the change.

True, but they are re-usable forever. No hardware updates, etc.
Also, this seems to be turning into a bit of a thought experiment. Which is good. Someone, ColdCard, Who I like, came up with a dumb marketing idea. Lets work on a better one, that does not have to be marketed.


By the time you get up to a 120 sided die, you are on 6.9 bits of entropy per roll, meaning you only need 19 rolls to generate 128 bits of entropy. At that point, it's going to be far easier to just roll 19 times than mess around with colors and orders.

But messing around with dice is fun. Unless you are in a casino playing Craps, then messing with the dice will get you thrown out :-)
Yes, the larger number of sides does let you roll less. But I figure if you are going to do it with dice then go all the way and use as much entropy as possible.

-Dave



legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
You could also pick all 12/24 words and have the software just change the last one to the appropriate word with the correct checksum. Either way you are still manually picking your entropy so it is terrible decision, even if you are picking from a random subset (in the case of rolling 100 dice).
Some wallets (Bluewallet is one of them if I am not mistaken) allow you to combine the methods with which entropy is generated. For example, you can use coins, dice of a different number of sides, and software random number generator to create a single seed. You can combine these methods, use them in different orders, etc. But I consider this method less safe when compared with hardware wallets.
legendary
Activity: 2268
Merit: 18748
By the time you get up to a 120 sided die, you are on 6.9 bits of entropy per roll, meaning you only need 19 rolls to generate 128 bits of entropy. At that point, it's going to be far easier to just roll 19 times than mess around with colors and orders.

True, but you could chose first 11/23 words, then the software will fill few last bits randomly, then generate the checksum and convert it (few last bits & checksum) to words.
You could also pick all 12/24 words and have the software just change the last one to the appropriate word with the correct checksum. Either way you are still manually picking your entropy so it is terrible decision, even if you are picking from a random subset (in the case of rolling 100 dice).
legendary
Activity: 1918
Merit: 1728
It's fun to read how this business attempt from Coldcard is turning into an epic fail! A pack of 100 dices to ease the process of creating entropy but no solution for determining the randomness of the dice sequence, this has to go down as one of the most absurd business ideas. Wait until I start selling a pack of 256 one-cent coins for $5.12 each. Easy money!



It's really no different to giving a user say 2048 words and saying "pick 12/24 of these" Roll Eyes Roll Eyes

Well, technically it's different. Picking 12/24 words from 2048 won't work because last word includes checksum so wallets will show it as invalid seed.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Hmmmm.
They do make dice up to some really stupid large number of sides and in more then the 5 colors listed.
So a set of 7 dice. Six of 120 sided dice in various colors (or clear if that's your thing):


And a 7th die that has a different color on each side.
You set the 6 of them in any order you like.
You then roll the 7th and that is the color you start from.

Repeat each time so even if one of the others does have a bias towards a number or set of numbers it will not always be in the same location in the line up unless the 6 sided die also has a bias.

Now....who has a 3d printer handy?

-Dave
In my opinion, that makes the whole process of tossing unnecessarily complicated and time-wasting. We don't know a possible outcome if we determine the sequence of colors beforehand, so the result can't and won't be biased in any case. But I like the idea of using many-sided dice: it both increases entropy and enjoyment of generating seeds. But why stop there? Spherical dice have an unlimited number of sides and are easy to produce...




Source: https://www.tarquingroup.com/spherical-dice-5-round-dice.html
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Hmmmm.
They do make dice up to some really stupid large number of sides and in more then the 5 colors listed.
So a set of 7 dice. Six of 120 sided dice in various colors (or clear if that's your thing):


And a 7th die that has a different color on each side.
You set the 6 of them in any order you like.
You then roll the 7th and that is the color you start from.

Repeat each time so even if one of the others does have a bias towards a number or set of numbers it will not always be in the same location in the line up unless the 6 sided die also has a bias.

Now....who has a 3d printer handy?

-Dave
HCP
legendary
Activity: 2086
Merit: 4361
Yeah, I'm confused as to how they don't see the issue with just ending up with a large number of dice sitting in front of a person who then has to choose what order they need to be used in...

It's really no different to giving a user say 2048 words and saying "pick 12/24 of these" Roll Eyes Roll Eyes


How about a funnel connected to a transparent tube so all dice ends up in it in a certain order? #ducttapeengineering
I like it... but then I'm a fan of stupidly simple solutions Wink
legendary
Activity: 3654
Merit: 8909
https://bpip.org
How about a funnel connected to a transparent tube so all dice ends up in it in a certain order? #ducttapeengineering
legendary
Activity: 2268
Merit: 18748
Although DaveF, with your picture you have inadvertently stumbled across a potential solution - different colored dice.

If you pick the order you are going to write down the result of the dice based on the color before you roll, then that removes the issue of bias in choosing the order. Using your picture and going clockwise, we choose the order blue, black, green, red, white. We roll the five 20-sided dice, for 4.32 entropy per dice, for a total of ~21.6 bits of entropy. Repeat 6 times for 128 bits, or 12 times for 256 bits, writing down the numbers in the same color order each time.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Does it have to be a regular 6 sided die?
Nope.
Can't we increase randomness by using a 10 or 20 or whatever sided die?

I'm sure the answer is out there, but I am truly having a brain freeze at the moment.
Depends on how many times you roll the dice. Having a larger number of possible outcomes for each dice will increase the entropy, think log2 (x), let x be the number of sides. The problem here lies with the bias when choosing specific dices for the sequence of entropy though.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Possible stupid question incoming:
Does it have to be a regular 6 sided die?
Can't we increase randomness by using a 10 or 20 or whatever sided die?

I'm sure the answer is out there, but I am truly having a brain freeze at the moment.

-Dave

legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
I guess that's your answer. Their stand is that they hope the customer doesn't specifically choose the sequence of the dice.  I don't think it's a great idea to not at least put a warning but if that's their stand then so be it. Tried to convince them otherwise through quite a few (lengthy) emails but I guess they have their own rationale as well. Hope it works well for them and the customers buying it (I personally think the coldcard is okay but nothing else).

Don't get why they won't recognise it as a potential (however small) issue that they have given how the design is geared towards those who are paranoid. But hey, who am I to criticize them on this? Cheesy
Thank you for your help! I am still not convinced and wouldn't recommend buying that particular product albeit I do like ColdCard hardware wallet because it looks neat. Despite the fact I ain't a tech-savvy person, I believe that any sequence, no matter how random it may be, would be specific since it would be human who would choose it. It is weird that the Coldcard team prefers not to talk about it and is silently selling a useless set of dices for 20 bucks instead. I am a bit disappointed.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Had a brief email exchange with them and this is their response:
Quote
Hi ranochigo,

Hopefully the customers who buy dice specifically, will understand that putting them back into order after rolling would be bad idea. We ship them loose in a plastic bag, so they will arrive with lots of entropy ready to go. Let's hope our customers don't undermine that!

I guess that's your answer. Their stand is that they hope the customer doesn't specifically choose the sequence of the dice.  I don't think it's a great idea to not at least put a warning but if that's their stand then so be it. Tried to convince them otherwise through quite a few (lengthy) emails but I guess they have their own rationale as well. Hope it works well for them and the customers buying it (I personally think the coldcard is okay but nothing else).

Don't get why they won't recognise it as a potential (however small) issue that they have given how the design is geared towards those who are paranoid. But hey, who am I to criticize them on this? Cheesy
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Their response is at least ridiculous and misleading. It seems that the ColdCard marketing team has forgotten to ask the development team for advice before posting a tweet. Basically yes, their wallet is mostly designed for paranoid, experienced users who should know how things work in general and how to properly generate a seed phrase in particular. That all makes me think why they fail to answer, put it another way, are giving a misleading answer when paranoid and experienced users ask them the right questions.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
The sequence doesn't matter, you must be paranoid if you ask this!

They counted their dices the way they saw fit and got a random number: 1111111111111222222222222222222333333333333333333333344444444444444444444444444 44555555555555555555555555......6666666666666666

They inserted that number and generated a seed phrase.

Their response is quite underwhelming to say the least. Isn't their hardware wallet designed for the paranoid with the inclusion of all the epoxy transparent chips and stuff? This issue isn't about paranoia at all and is a legitimate concern. Oh wells, I hope they actually misunderstood your point.
Pages:
Jump to: