Nostr Web Client

Stop trying to use dice-rolled seeds unless you're an expert ❌

Just had yet another person (hard to count the total now) reach out about a low-entropy seed they generated and were allowed to import into a certain hardware wallet. A lot of the blame for these lost funds falls on influencers who shill users on overly-complex security setups without properly explaining the massive risks and tradeoffs associated for the average user.

What happened:

Less than 10min after funds were sent to what they thought was secure storage, they were swept to an attackers address.

They used <10 dice rolls, meaning the private key had <25bits of entropy when the minimum for strong security is 50 dice rolls (128 bits of entropy). Wallets should not allow a user to import a seed that they know is completely insecure.

Staying safe:

As I have said many times, if you don't know the ins and outs of dice rolls, entropy, verification of the resulting seed offline, etc. please do not use dice rolls alone for seed generation. 99.99999% of users are better off allowing good, multi-source, open-source random number generation like we do on Passport.

To date I have heard of zero compromised seeds that were generated using on-board RNG due to entropy issues, while there are countless examples of users losing funds due to improper dice rolls.

Stay safe out there, folks.

Reply to this note

Please Login to reply.

Discussion

Nick Klockenga 1y ago

Sound advice

CitizenPleb 1y ago

Totally agree. But also, as you mentioned, hardware wallets should not let users roll low entropy without explicit warnings in the UI.

On related note, I feel the same way when bitcoiners push multisig real hard on newcomers.

Nick Klockenga 1y ago

The main hardware wallet I have heard that allows weak entropy from dice rolls doesn’t get called out on pods and bitcoin media because it sponsors the influencers. It’s a shame.

average_bitcoiner 1y ago

You're totally not biased either, right?

average_bitcoiner 1y ago

Lololololol

Kendy 1y ago

this isn’t the gotcha moment you think it is. Nick is not our enemy. Save your energy for our real enemies.

average_bitcoiner 1y ago

Not trying to make an enemy, just pointing out observations and asking questions. And then I followed him for the first time.

Nick Klockenga 1y ago

Your making assumption that aren’t true. Just because I contribute and support an open source project (SeedSigner) doesn’t mean I don’t endorse and use other hardware wallets/signing devices. I believe in multi vendor multi sig wallets for cold storage. I use and recommend the hardware wallet I’m calling out. That’s why I care. I just think there needs to be a software update and disclosure to update.

average_bitcoiner 1y ago

It was a question and based on observations.

average_bitcoiner 1y ago

nostr:nevent1qqszmzcm8jcax0mm00cpq899ek6q2tpe7ej5fw42pvdp926q364sqzcpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzp57hgyjdm76mm3sm3uvdzlpnxkamf7x8zxp2xhhzwv22fxjwk7caqvzqqqqqqynqhzkk

Also posted this because there were assumptions in motivation that fueled the question.

average_bitcoiner 1y ago

Also. Name names because my assumption could be incorrect.

CraigTheSpaceBum 1y ago

Sounds like DnD for bitcoiners

Sam 1y ago

Get yourself some mini-dice and generate some good old fashion raw entropy:

https://store.coinkite.com/store/dice-100

protozoan numbness 1y ago

Best sure to overpay for the official coinkite dice.

pleblee 1y ago

CC uses the dice rolls as additional entropy. Get a Coldcard and roll some dice.

C.S.Burner 🪙➡️🔥 1y ago

I feel pretty confident with 128 dice rolls. 1-3 gives 0, 4-6 gives 1. Evaluate the BIP 39 by hand and calculate the last word with something which has never touched a network. No advice for a newbie, but pretty educating for advanced users. And nice to do it with your kids. Also nice with 128 small coins. I like the physical aspect of it.

Bitcoin and Clyde 1y ago

Any info on how the attacker is finding the wallets? Are they just scraping the new blocks for certain wallet types or is this info getting leaked somehow/somewhere?

nobody 1y ago

Yeah just enumerating through low entropy seeds and then watching the mempool for any activity on them. It is trivially easy to do.

Bitcoin and Clyde 1y ago

Thanks and good to know. 🤙🏽

Nostraterrestrial 1y ago

Expert? Overly-complex? Basically all you need to know is the minimum number of dice rolls for strong security.

protozoan numbness 1y ago

This is all stupid. Roll 100 times like it says in the guide.

Tourne1 1y ago

My dumb brain:

Wtf are we even talking about?

WyhtBBDt 1y ago

I'd like it even better with a link to how to do proper dice roll instead though

BitcoinEagle.dev 1y ago

You need to do 100 rolls

WyhtBBDt 1y ago

Actually I got that part right thanks. The missing bit is after that when you compute the last word but I'll get to it when I get to it.

WyhtBBDt 1y ago

https://yewtu.be/watch?v=j5nejoEGWFw

BitcoinEagle.dev 1y ago

* if you are lazy and stupid, no need to be expert

unknown 1y ago

They should just remove it completely.

DopeMind 1y ago

Still...how does attacker know a wallet was created in first place? Was the person being tracked? 50 dice rolls should be good though. I need to study it a bit more. Do you know good sources for dice rolls seed creation?

nobody 1y ago

dice rolls ftw

Deleted Account 1y ago

I don't think you need to be an expert. You definitely should know what's going on under the hood. HW/Signing devices should add extra entropy via dice rolls.

Obi-₿it Koinobi 1y ago

Isn't that what Coldcard does or offers?

Deleted Account 1y ago

Yes.

protozoan numbness 1y ago

Being able to roll a die 100+ times = expert. Glad I achieved something.