Reminder: if you didnāt roll your own seed phrase offline, youāre trusting a third-party random number generator with your life savings. #Bitcoin
Discussion
Just roll over 99 plebs
Minor nit though: those rolls are being turned into a seed by a process you canāt verify.
You can audit the code, yes, but fundamentally itās un-verifiable because you canāt interrogate the specific circuit and firmware performing the roll-to-seed procedure.
Think it was you I read suggesting inputting to two different devices to see if output same phrase, as an extra check.
Also, can put decent bait on it for a while and watch, if still there later on can feel confident to add more
Yes. Whatever you produce yourself, put in multiple devices to ensure none are lying to you.
In the dice-rolling example, you could get two manufacturers, enter the same rolls and ensure they produce the same seed phrases. The problem is that there arenāt two vendors (just ColdCard, AFAIK) so to verify, you basically have to spin up an offline computer and run the Python source code.
Using an offline computer to reproduce your seed phrase generation process kinda negates the advantage of having eternally quarantined, air gapped hardware in the first place. Plus, itās not Coinkiteās preferred method anyway. They recommend using a mix of your own words and their in-device entropy, which is entirely unverifiable.
By contrast, many vendors can perform the last word generation, XPUB generation, and address generation. So starting with seed words makes more sense to me.
Ooh didnāt know it was just coinkite, assumed others too.
Could roll once as a test wallet to get confirm with computer calc, if agreement, roll a new seed and trust it, I guess.
I didnāt know about the vendors helping with last word, thatās kinda huge news to me. You could ārollā random 1-2048 23 times, and then roll 1-8 for final word. Do I have that right?
> and trust it, I guess.
Exactly. Best you can do is audit, dry-run with offline computer, then trust.
> You could ārollā random 1-2048 23 times, and then roll 1-8 for final word. Do I have that right?
Correct. ColdCard, Keystone (formerly Cobo Vault), SeedSigner and Spetre DIY will show you the list of conforming last words, from which you can pick. There may be other devices, I donāt know.
Thanks for info. Now to hopefully retrieve this note down the line when I wanna find it š
Seedsigner lets you enter dice rolls
Does it use the same algorithm as ColdCard? IIRC, the CC algo was to concatenate the rolls as a string and run it through SHA256.
not sure ...
```
def generate_mnemonic_from_dice(roll_data: str, wordlist_language_code: str = SettingsConstants.WORDLIST_LANGUAGE__ENGLISH) -> list[str]:
"""
Takes a string of 50 or 99 dice rolls and returns a 12- or 24-word mnemonic.
Uses the iancoleman.io/bip39 and bitcoiner.guide/seed "Base 10" or "Hex" mode approach:
* dice rolls are treated as string data.
* hashed via SHA256.
Important note: This method is NOT compatible with iancoleman's "Dice" mode.
"""
entropy_bytes = hashlib.sha256(roll_data.encode()).digest()
if len(roll_data) == DICE__NUM_ROLLS__12WORD:
# 12-word mnemonic; only use 128bits / 16 bytes
entropy_bytes = entropy_bytes[:16]
# Return as a list
return bip39.mnemonic_from_bytes(entropy_bytes, wordlist=Seed.get_wordlist(wordlist_language_code)).split()
```
Looks like it, yeah. Same in spirit anyway, taking the hash of a string.
Would be worthwhile feeding a ColdCard and a SeedSigner the same stream of rolls and see what seed phrases they produce.
nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqzrthwden5te0dehhxtnvdakqzxmhwden5te0dehhxarj95ezu7n9vfjkget99e3kcmm4vsq3camnwvaz7tmwdaehgu3dwfjkccte9emkcann9eehqctrv5q3wamnwvaz7tmwdaehgu3wvekhgtnhd9azucnf0gq35amnwvaz7tmwdaehgu3wdaexzmn8v4cxjmrv9ejx2aspz3mhxue69uhkummnw3ezummcw3ezuer9wcq3yamnwvaz7tmwdaehgu3wwccxctnfduq3qamnwvaz7tmwdaehgu3wwa5kuegpzfmhxue69uhk7enxvd5xz6tw9ec82cspzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6gpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq37amnwvaz7tmjv4kxz7fwdehkgetjw4hxuetjwvhxuet5wahhy6cpz3mhxue69uhhyetvv9ujumn0wd68ytnzvuq3samnwvaz7tmjv4kxz7fwwdhx7un59eek7cmfv9kqz9nhwden5te0wfjkccte9eehgmmwv4ezucm0d5qzpukfdjtlvsv62w8cfnel5uhzr9rqtcvysztwdeghpn89kanen4qqes7wzv nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnvv9hxgqgswaehxw309ahx7um5wghxcctwvsq3qamnwvaz7tmwdaehgu3wwa5kuegpzpmhxue69uhkummnw3ezuamfdejsz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqzqjjktunxr9j2auxra6rmn8y62uc64rwc4qpjd7t2gm7h7gr7scf6g3y4wt have tests like these been done before, please?
what? are you actually suggesting to roll dices?
D6 has ~2.6 bits per roll.
Using casino-grade dice, I can confirm that the seed phrases generated by SeedSigner (v0.8.0) and ColdCardQ (1.3.0Q) match!
Rolling 3 dice at a time, gives me these values:
```csv
roll,die_1,die_2,die_3
01,3,4,5
02,4,4,3
03,6,3,3
04,5,3,6
05,2,6,1
06,2,6,2
07,2,1,2
08,3,4,1
09,3,5,2
10,6,1,6
11,2,3,5
12,1,1,5
13,2,3,1
14,3,1,6
15,2,1,6
16,3,5,2
17,2,5,1
18,4,4,1
19,2,6,6
20,6,4,6
21,5,4,4
22,6,6,4
23,4,5,1
24,6,2,1
25,2,1,2
26,2,1,4
27,4,4,5
28,1,2,1
29,1,2,3
30,1,2,6
31,1,6,4
32,2,5,1
33,2,3,3
```
Which generate the following seed phrase:
```csv
index,word
01,TALEnt
02,ROUGH
03,SEA
04,WOLF
05,ORANge
06,CORN
07,MOTOr
08,RIOT
09,WRONg
10,OFFIce
11,THEY
12,RIOT
13,ZEBRa
14,VIRTual
15,PEOPle
16,CAPItal
17,DEPUty
18,PHONe
19,SCENe
20,CASTle
21,COOK
22,ISSUe
23,CRICKet
24,TERM
```
with a fingerprint of `#421e05ba`.