How to generate BIP39 phrase from computer-generated randomness AND dice/cards?

[pf]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Note: I don't want to rely on only one of those two. I want to combine both.

[1715468167]

1715468167

[1715468167]

1715468167

[1715468167]

1715468167

[PawGo]

I am not aware of any tool for that, but the process is so well described here:
https://medium.com/the-capital/cryptocurrency-911-how-does-12-word-seed-phrase-work-9d892de9732
that I think you may do it manually.
Word lists are here: https://github.com/bitcoin/bips/tree/master/bip-0039 - you may use any language you want

[n0nce]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Note: I don't want to rely on only one of those two. I want to combine both. (My dice could have been rigged by the Rockefellers or my computer RNG botched by the Rothschilds, but both having taken place is less likely  )

You could have expressed your desire of combining two sources of entropy without telling us about your racist / conspiracy ideas.
Make sure to inform yourself about the effectiveness of this. In my opinion, it barely makes any sense, but I can't be bothered explaining cryptography to you.

[pf]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Note: I don't want to rely on only one of those two. I want to combine both. (My dice could have been rigged by the Rockefellers or my computer RNG botched by the Rothschilds, but both having taken place is less likely   )

You could have expressed your desire of combining two sources of entropy without telling us about your racist / conspiracy ideas.
Make sure to inform yourself about the effectiveness of this. In my opinion, it barely makes any sense, but I can't be bothered explaining cryptography to you.

Fixed. (However anyone can read what I jokingly wrote, hence the added   , in your quote - and in my quote of your quote.)

The topic of entropy is interesting. If I were to pick one, I would probably test the dice statistically and then use that. Computer RNG? Could have been compromised by any number of parties (e.g. the CPU manufacturer). The idea of combining the two is to have some safety in the very unlikely case my dice throws are getting messed up in some unimaginable ways.

[PawGo]

The topic of entropy is interesting. If I were to pick one, I would probably test the dice statistically and then use that. Computer RNG? Could have been compromised by any number of parties (e.g. the CPU manufacturer). The idea of combining the two is to have some safety in the very unlikely case my dice throws are getting messed up in some unimaginable ways.

Does it really matter?
Let's say your "computer RNG is compromised", whatever it means for you. Finally all you have is private key and address. Do you think someone will try to attack your coins assuming that you used compromised RNG when you generated your seed?
I have a feeling that you want to play with all that just for fun, not because of any real issue.
Even if you use a coin for your flips, it could be not balanced. I everyone would know that coins X are not balanced and ratio is not 50/50 but let's say 51/49 - do you think your seed is not secure?
Anyway, at the end you may always verify if your result is "random enough". I wanted to attach famous strip of RNG "999", but it is part of that page: https://www.incibe-cert.es/en/blog/verifying-randomness together with some links to very interesting papers.

[BlackHatCoiner]

So, you want to combine both your RNG and a "provably" random number generator, such as a dice. Why would you want to do that? What's the benefit? If you don't mind.

[dkbit98]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Using just dice for achieving true randomness would be more than enough if done properly, and adding anything more could actually reduce random result.
There is no reason to overcomplicate things but I guess you could use Geiger counter that is measuring radioactive decay, one of the most random events in nature.
Some hardware wallets are already combining multiple sources to achieve better randomness but there are some flaws in this method.
Only Keystone, Passport and Coldcard have verifiable seed generation.

[pooya87]

Bitaddress is doing an alternative way of this by taking your mouse movement as source of entropy then from what I know it mixes it with a computer generated entropy.
Implementing what you want is trivially easy though. You can do a very simple hash where you generate 256-bit entropy with computer and append it to the 256-bit entropy you generated using dice and hash it using SHA256 to get a 256-bit result. Or use HMACSHA256 and use the two entropies as message and key.

[NotATether]

Do you really want to use dice/cards for your randomness?

If the sequence of dice or card numbers chosen are predictable (and human predictability is always greater that of a machine), then the actual entropy will be lower then the expected entropy. They're only warranted if the information that will be processed by the entropy must be kept top secret and in confidential places at every minute, and you have physical security procedures (think: rotating guards, security cameras, restricted entry with ID or biometric identification on the doors, and an auditing system) to augment the amount of randomness that's going inside your seed phrase.

Otherwise, it will be easier to break into your house and take your cryptocurrency papers and electronics.

The amount of randomness you use must be complemented by appropriate physical measures so that that attack vector is not easier to exploit than simply brute-forcing the seed phrase.

For computer random number generation, you should download, compile and use a copy of OpenSSL which combines many different sources of entropy, including some of its own, so that no one contaminated source of randomness can contaminate the entropy.

[coinableS]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

https://iancoleman.io/bip39/ has been around for several years, popular, and trusted. Just check the "Show Entropy Details" box at the top and you can input your own entropy including dice rolls and/or playing cards.

[witcher_sense]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Note: I don't want to rely on only one of those two. I want to combine both.

Some software and hardware wallets have already implemented the feature you are asking for. The way it works is you add several bytes of your entropy by flipping a coin or rolling dice and, in case you didn't provide 256 bits of entropy manually, then an in-built cryptographically secure pseudorandom number generator generates the rest bytes.

Check this, for example: https://bluewallet.io/docs/manual-entropy/

Bluewallet is an open-source non-custodial wallet, so everything can be found on their Github page: https://github.com/BlueWallet/BlueWallet#readme

Please note that unless you're a skilled programmer capable of verifying everything yourself, including the source code behind the seed generation mechanism, you will always have to rely on and trust others when interacting with software. If you don't want to trust, then generate everything manually.

[NotATether]

Please note that unless you're a skilled programmer capable of verifying everything yourself, including the source code behind the seed generation mechanism, you will always have to rely on and trust others when interacting with software. If you don't want to trust, then generate everything manually.

You should not attempt to code a randomness algorithm (this includes seed generation) for production uses unless you are a seasoned cryptographer (Reference).

[pooya87]

https://iancoleman.io/bip39/ has been around for several years, popular, and trusted. Just check the "Show Entropy Details" box at the top and you can input your own entropy including dice rolls and/or playing cards.

This tool, like most other tools, is taking the entropy from user and simply converts that to words. What OP is looking for is a way to combine that input with another source of entropy (generated by computer) and then convert the result to words.

[pf]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

https://iancoleman.io/bip39/ has been around for several years, popular, and trusted. Just check the "Show Entropy Details" box at the top and you can input your own entropy including dice rolls and/or playing cards.

Thanks! Yeah, that's one I came across too that looked trustworthy. Great to have this independently confirmed here.

[pf]

https://iancoleman.io/bip39/ has been around for several years, popular, and trusted. Just check the "Show Entropy Details" box at the top and you can input your own entropy including dice rolls and/or playing cards.

This tool, like most other tools, is taking the entropy from user and simply converts that to words. What OP is looking for is a way to combine that input with another source of entropy (generated by computer) and then convert the result to words.

I can have this site generate a random one of 15 words. (Obviously after cloning it from GitHub and moving it into offline computer.) Then presumably I could simply go into "Show entropy details" and add my dice rolls to the entropy until I get up to e.g. 24 words. Anyone here welcome to critique this idea.

[pf]

What are some of the most reputable tools for doing this? Something that many users have used for years without issues.

Note: I don't want to rely on only one of those two. I want to combine both.

Some software and hardware wallets have already implemented the feature you are asking for. The way it works is you add several bytes of your entropy by flipping a coin or rolling dice and, in case you didn't provide 256 bits of entropy manually, then an in-built cryptographically secure pseudorandom number generator generates the rest bytes.

Check this, for example: https://bluewallet.io/docs/manual-entropy/

Bluewallet is an open-source non-custodial wallet, so everything can be found on their Github page: https://github.com/BlueWallet/BlueWallet#readme

Please note that unless you're a skilled programmer capable of verifying everything yourself, including the source code behind the seed generation mechanism, you will always have to rely on and trust others when interacting with software. If you don't want to trust, then generate everything manually.

[emphasis mine]

I agree that trust will always be needed somewhere. However, I look forward to critiques of what I now write:

In my (current) opinion, there is a huge difference between trusting reputable software, cloning it, transferring it to an offline generic-purpose laptop, and running it there -- versus trusting a hardware wallet. The latter is a specific purpose device. It's a single point of failure where all you need are a few rogue employees in the hardware manufacturing unit rigging the hardware - independently of any firmware installed on it, rendering any efforts of open-source, signing, and reproducibility (Gitian) impotent. I would not be surprised if one day, oops: thousands (millions in a few years) of people running one of the most popular "ultra-secure" hardware wallets suddenly lose their funds.

[pooya87]

~
I can have this site generate a random one of 15 words. (Obviously after cloning it from GitHub and moving it into offline computer.) Then presumably I could simply go into "Show entropy details" and add my dice rolls to the entropy until I get up to e.g. 24 words. Anyone here welcome to critique this idea.

That could work too but if you want the final result to be half machine generated and half manual generated entropy then you have to choose 12 words (128 bit) as the start then you'll have to use the same tool to generate the checksum for the final 256-bit entropy.

[o_e_l_e_o]

There are plenty of ways you could do this, or something like it.

• Take your two pieces of entropy and simply concatenate them.
• Add them together.
• XOR them together.
• Combine them in a hash function.
• Use one as a seed phrase and the other as a passphrase.

I can have this site generate a random one of 15 words. (Obviously after cloning it from GitHub and moving it into offline computer.) Then presumably I could simply go into "Show entropy details" and add my dice rolls to the entropy until I get up to e.g. 24 words. Anyone here welcome to critique this idea.

When you click "Show entropy details", it will display the generated entropy in hex. You would either need to roll a 16 sided dice, convert your standard 6 sided dice rolls in to a hex string, or my preferred option would be take the raw binary and add your dice rolls to that, with 2/4/6 being 0 and 1/3/5 being 1.