SnowDog2003 (OP)
Jr. Member
 Offline
Activity: 41
Merit: 1
|
 |
April 04, 2013, 05:32:17 PM |
|
This may have been asked before, but here is a question that's been bothering me:
How do you seed the random number generator that's used to select the 12 words from the 1625 word dictionary, for the wallet seed? Does it use time? Does it use some other type of random event? Then how are the random events combined, and what degree of entropy does this seed have for the random number generator?
The reason I ask is because, while it's true that 12 words selected from a 1625 word dictionary yield approximately 3 x 10^38 combinations, the combinations are also constrained by the number of possible numbers which could be used to seed the random number generator. How many possible numbers are there for this seed?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
SnowDog2003 (OP)
Jr. Member
Offline
Activity: 41
Merit: 1
|
|
April 06, 2013, 02:21:47 PM |
|
Thank you for the answer! I can't really speak to the issue, but I want to respond anyway in case you're not aware of this: This link that you sent me implies that this is the call being made: os.urandom(16).encode('hex'), with a larger number, I assume. This article speaks to this method. On a Linux system, this method queries '/dev/urandom' which is set by the operating system. "os.urandom(n) Return a string of n random bytes suitable for cryptographic use. http://docs.python.org/2/library/os.html#os.urandom"This function returns random bytes from an OS-specific randomness source. The returned data should be unpredictable enough for cryptographic applications, though its exact quality depends on the OS implementation. On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom. If a randomness source is not found, NotImplementedError will be raised." However, specifically on Ubuntu, this advice is given against using this method for a cryptographic use: " A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current non-classified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead." Basically, it's saying that a read from /dev/urandom will not wait for a large amount of entropy to be collected, if it's lacking, but will return immediately with some result; whereas a read from /dev/random will wait for the entropy necessary for strong cryptographic purposes. http://manpages.ubuntu.com/manpages/jaunty/man4/random.4.html |
|
|
|
|
|
|
|
BkkCoins
|
If you have issues with not enough entropy with /dev/urandom (eg. you do a lot of generation in a short time on a web server or something) then you should look into the rng-tools package.
This has a daemon that collects entropy to feed /dev/urandom. I tried this out on my test server and it keeps the entropy pool very high always. It also logs entropy status info to syslog.
|
|
|
|
nebiz
Member
Offline
Activity: 87
Merit: 12
|
|
April 29, 2013, 02:01:34 AM |
|
Hi Thomas, thank you for this wallet, I have really enjoyed it from an aesthetic perspective so far. Given that a lot of people are likely to start creating wallets on a very simple device right after an OS install (debian netboot or similar), would it be wise to increase the system entropy somehow and collect randomness in a method similar to that used by GnuPG? Thanks again for your work with the wallet! |
tips: 1KY4hsybyqpTdxy8nSXh3KUKRi8jeGH8Jx
|
|
|
ThomasV
Moderator
Legendary
Offline
Activity: 1896
Merit: 1353
|
Hi Thomas, thank you for this wallet, I have really enjoyed it from an aesthetic perspective so far. Given that a lot of people are likely to start creating wallets on a very simple device right after an OS install (debian netboot or similar), would it be wise to increase the system entropy somehow and collect randomness in a method similar to that used by GnuPG? Thanks again for your work with the wallet! I don't think so. If the wallet is installed by people, then the system already has some entropy, just because of the way people interact with it. I would be more concerned about really simple devices (such as the "trezor"), not something able to run a full debian OS, and about seeds generated during that device initialization. I am not an expert, however; correct me if I'm wrong. |
Electrum: the convenience of a web wallet, without the risks
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
August 14, 2013, 04:48:09 AM |
|
hang on though if 10000's of people us electrum are they not calling this repeatably or is my maths way off....though if they are all using the same call in python, then some one will luck out? could dev put in a mouse over this area like true crypt uses?  |
|
|
|
ThomasV
Moderator
Legendary
Offline
Activity: 1896
Merit: 1353
|
|
August 14, 2013, 08:54:47 AM |
|
hang on though if 10000's of people us electrum are they not calling this repeatably or is my maths way off....though if they are all using the same call in python, then some one will luck out?
no, unless they use the same device |
Electrum: the convenience of a web wallet, without the risks
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
August 14, 2013, 09:45:02 AM |
|
hang on though if 10000's of people us electrum are they not calling this repeatably or is my maths way off....though if they are all using the same call in python, then some one will luck out?
no, unless they use the same device so rand seed pulls this from the heat/fan/ or something? |
|
|
|
NinjaBitcoiner
Member
Offline
Activity: 77
Merit: 10
|
|
November 15, 2022, 01:03:36 PM |
|
Sorry for bumping the old thread. So does that mean say i repeatedly generate seeds say 100 seeds one after the other before finally deciding the choose the seed for my wallet. Does that make the seed less secure? |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3598
Merit: 1560
|
|
November 15, 2022, 02:14:34 PM |
|
Sorry for bumping the old thread. So does that mean say i repeatedly generate seeds say 100 seeds one after the other before finally deciding the choose the seed for my wallet. Does that make the seed less secure? no it doesn't. /dev/urandom can generate unlimited cryptographically secure random numbers. it doesn't run out. |
|
|
|
|
NinjaBitcoiner
Member
Offline
Activity: 77
Merit: 10
|
|
November 15, 2022, 02:23:13 PM |
|
Sorry for bumping the old thread. So does that mean say i repeatedly generate seeds say 100 seeds one after the other before finally deciding the choose the seed for my wallet. Does that make the seed less secure? no it doesn't. /dev/urandom can generate unlimited cryptographically secure random numbers. it doesn't run out. It doesn't run out that's true. But there's something weird definitely. I tried it. I created seeds in electrum wizard. After 30,40 seeds the wallet closed. (may be randomness was weakening? ) . I again open and tried. Same happened again. Also the post i quoted. Electrum developer also confirmed /dev/urandom can run out of entropy if it is called repeatedly. Found similar concern here as well - https://bitcoin.stackexchange.com/questions/62871/does-my-electrum-wallet-become-less-secure-if-i-keep-generating-seeds-until-i-se |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3598
Merit: 1560
|
Sorry for bumping the old thread. So does that mean say i repeatedly generate seeds say 100 seeds one after the other before finally deciding the choose the seed for my wallet. Does that make the seed less secure? no it doesn't. /dev/urandom can generate unlimited cryptographically secure random numbers. it doesn't run out. It doesn't run out that's true. But there's something weird definitely. I tried it. I created seeds in electrum wizard. After 30,40 seeds the wallet closed. (may be randomness was weakening? ) . I again open and tried. Same happened again. Also the post i quoted. Electrum developer also confirmed /dev/urandom can run out of entropy if it is called repeatedly. Found similar concern here as well - https://bitcoin.stackexchange.com/questions/62871/does-my-electrum-wallet-become-less-secure-if-i-keep-generating-seeds-until-i-seandrew chow's response there is the correct answer to that question. andrew is a bitcoin core contributor and knows what he's talking about: https://bitcoin.stackexchange.com/a/62894/5273also this answer to the stackoverflow question is the correct one: https://stackoverflow.com/a/5498100/dev/urandom only needs to be seeded with a small amount of entropy. this happens at bootup. after that its pseudo random number generator can generator unlimited amount of random numbers. |
|
|
|
|
NinjaBitcoiner
Member
Offline
Activity: 77
Merit: 10
|
|
November 15, 2022, 04:37:40 PM |
|
Sorry for bumping the old thread. So does that mean say i repeatedly generate seeds say 100 seeds one after the other before finally deciding the choose the seed for my wallet. Does that make the seed less secure? no it doesn't. /dev/urandom can generate unlimited cryptographically secure random numbers. it doesn't run out. It doesn't run out that's true. But there's something weird definitely. I tried it. I created seeds in electrum wizard. After 30,40 seeds the wallet closed. (may be randomness was weakening? ) . I again open and tried. Same happened again. Also the post i quoted. Electrum developer also confirmed /dev/urandom can run out of entropy if it is called repeatedly. Found similar concern here as well - https://bitcoin.stackexchange.com/questions/62871/does-my-electrum-wallet-become-less-secure-if-i-keep-generating-seeds-until-i-seandrew chow's response there is the correct answer to that question. andrew is a bitcoin core contributor and knows what he's talking about: https://bitcoin.stackexchange.com/a/62894/5273also this answer to the stackoverflow question is the correct one: https://stackoverflow.com/a/5498100/dev/urandom only needs to be seeded with a small amount of entropy. this happens at bootup. after that its pseudo random number generator can generator unlimited amount of random numbers. When people say a bad OS can fuck up /dev/urandom what do they mean by that? I think i am being ultra paranoid here. So if i want to generate a strong random seed it doesn't depend on say hardware? I mean if i have old PC will it generate less random seed compared to new gen PC? If i use electrum on linux vs windows which is more better to generate random seed? |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3598
Merit: 1560
|
|
November 16, 2022, 11:32:50 AM |
|
When people say a bad OS can fuck up /dev/urandom what do they mean by that?
idk I think i am being ultra paranoid here.
So if i want to generate a strong random seed it doesn't depend on say hardware?
I mean if i have old PC will it generate less random seed compared to new gen PC?
If i use electrum on linux vs windows which is more better to generate random seed?
it doesn't depend on hardware. either windows, linux, android or OSx is fine. electrum uses a cryptographically secure random number generator on all OS. |
|
|
|
|
NinjaBitcoiner
Member
Offline
Activity: 77
Merit: 10
|
|
November 16, 2022, 04:44:29 PM |
|
I don't want to sound stupid but there's one thing that i need answer for So a bitcoin private key is actually a random integer between 1 and 2^256 right and bitcoin wallet generate it randomly by using PRNG. Ok so what's stopping PRNG from choosing say a random integer between 1 and 100000? Won't that make your private key insecure? There's this website https://privatekeys.pw/keys/bitcoin/1 Here you can actually easily search private keys for any random integer value. So say if PRNG gives private key for value 9000000 then it's insecure right? How to make sure the private key generated by bitcoin wallet is high quality? |
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1498
Merit: 7260
Farewell, Leo
|
|
November 19, 2022, 02:08:38 PM |
|
So a bitcoin private key is actually a random integer between 1 and 2^256 right and bitcoin wallet generate it randomly by using PRNG. A little lower than 2^256, and yes. Ok so what's stopping PRNG from choosing say a random integer between 1 and 100000? Won't that make your private key insecure? Cryptographically secure pseudo-random number generators aren't really random, and that's why they will never return you number 100000 (e.g.) in such a large given range. The numbers they return look random. How to make sure the private key generated by bitcoin wallet is high quality? You can put some trust in the experts around cryptography, using clean OS and vulnerability-free hardware, and make usage of the system's internal CSPRNG. Otherwise, you can roll a fair dice, and generate the entropy yourself, provably randomly. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6677
bitcoincleanup.com / bitmixlist.org
|
|
November 21, 2022, 06:00:55 AM |
|
When people say a bad OS can fuck up /dev/urandom what do they mean by that?
I think i am being ultra paranoid here.
So if i want to generate a strong random seed it doesn't depend on say hardware?
I mean if i have old PC will it generate less random seed compared to new gen PC?
If i use electrum on linux vs windows which is more better to generate random seed?
/dev/urandom is seeded from many different entropy sources including your CPU's hardware source, which might be bugged. But fortunately, this is not a problem for Linux because both /dev/random and /dev/urandom are blended with many other sources of pure entropy. I do not know what kind of RNG is used in Windows, as it is proprietary software. But you should not be at risk using Windows unless you are being targeted by a state agency. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
