Are dices for generating seed words fair?

[o_e_l_e_o]

we measure the bias every time we do another trial run and compare the output to previous ones. is it a long and arduous, tedious process? yes. is it worth it? sure.

No, it isn't worth it. As I calculated earlier in this thread, you are looking at over 16k flips to be relatively sure of excluding a bias from a coin flip, which has 2 possible outcomes. The number of runs to exclude bias from a bingo ball machine with 75 balls would number in the millions. Absolutely not worth it.

it's always worth it to do something no one else has ever done.

People coming up with their own methods of generating keys, backing up their seed phrases, creating difficult to access wallets, etc., is a leading cause of people losing their coins. Just because someone hasn't done something before, does not mean it is worth doing it nor that it is a good idea.

don't you think that it is not unreasonable to want to be able to extract entropy from a set of identical objects (aka, bingo balls or cards in a card deck) when they are ordered in a randomized fashion without having to resort to a function like sha-256 which is not known to be 1-1? please answer yes. but i know you won't.

No, I don't. You are attempting to create a solution for a problem which doesn't exist. We already have easy, simple, quick, and provably secure ways to generate private keys. We do not need to reinvent the wheel.

So I treated it like a challenge.

If you want to treat it as a challenge for a bit of fun, then I can't stop you. But I would never recommend using it to generate private keys or wallets you will use to actually store funds.

[1714558167]

1714558167

[larry_vw_1955]

No, it isn't worth it. As I calculated earlier in this thread, you are looking at over 16k flips to be relatively sure of excluding a bias from a coin flip, which has 2 possible outcomes. The number of runs to exclude bias from a bingo ball machine with 75 balls would number in the millions. Absolutely not worth it.

absolutely not true. you can measure the sizes and weights of the balls and any other characteristics you deem important if you like to see if they are within a close enough specification of each other. that eliminates the need to actually go through "millions" of trial runs. if you're paranoid you can do all of that. i'm not that paranoid. i realize that for the intents and purposes of creating bitcoin private keys the setup i have is more than random enough. it's just common sense. now if everyone in the whole world was using MY machine to generate their seed phrase well maybe then a bit more formal testing, as I have alluded to, would be more preferable. but even then it would perform that function just fine. generating millions if not billions of seed phrases and there would be no security issue whatsoever. that's just how it is. i know you disagree. but that is the truth.

[LoyceV]

People coming up with their own methods of generating keys, backing up their seed phrases, creating difficult to access wallets, etc., is a leading cause of people losing their coins.
~
You are attempting to create a solution for a problem which doesn't exist.

The only reason I can think of to create your own solution, is so you can hide it in plain sight. I've never felt completely secure with seed phrases laying around, but I can think of many different ways to come up with my own entropy source.
Example: I take a picture. That's 12 million pixels, each with 16 million color options. Even though none of it is very random, I'm pretty sure it contains much, much more entropy than 2²⁵⁶. I could even use only the last 100,000 bytes of the JPG as input to produce a hash, and store the picture with all my other pictures (including backups, of course) without ever worrying about it.
Disclaimer: I haven't tried this, and most people probably shouldn't attempt it.

[o_e_l_e_o]

-snip-

Again, agree to disagree. If you want to use a kids' toy to generate private keys then no one can stop you, but it is not a method you should be recommending to anyone else.

I could even use only the last 100,000 bytes of the JPG as input to produce a hash, and store the picture with all my other pictures (including backups, of course) without ever worrying about it.

Except you can never have a physical back up, only a digital one. And what if your OS automatically resizes the picture? Or what if your cloud storage compresses it? Or chooses a different color encoding scheme? Or converts the format? Or even so much as changes the metadata. Any of these things, most of which you probably wouldn't even notice happening, will result in your back up being useless and impossible to recover.

If you don't like a seed phrase lying around, then either hide it better, encrypt it, or use it as part of a multi-sig or passphrased set up so it is useless on its own.

[larry_vw_1955]

Except you can never have a physical back up, only a digital one. And what if your OS automatically resizes the picture? Or what if your cloud storage compresses it? Or chooses a different color encoding scheme? Or converts the format? Or even so much as changes the metadata. Any of these things, most of which you probably wouldn't even notice happening, will result in your back up being useless and impossible to recover.

which is why that method is not useful. which is why steganography really isn't useful. unless you're willing to zip up your image files which introduces the possibility of corruption...and then can't use image storage services.

If you don't like a seed phrase lying around, then either hide it better, encrypt it, or use it as part of a multi-sig or passphrased set up so it is useless on its own.

what about printing your seed phrase in a microscopic size so that it could only be viewed under high magnification? that seems like a cool method but kind of technically challenging. you could then have it lying around anywhere and the worst thing that could happen is it gets lost.

[o_e_l_e_o]

what about printing your seed phrase in a microscopic size so that it could only be viewed under high magnification? that seems like a cool method but kind of technically challenging. you could then have it lying around anywhere and the worst thing that could happen is it gets lost.

This is an interesting idea, but very few people have the equipment or expertise needed to do this. And of course you should never even considering asking a professional or other third party service to do it for you.

There are plenty of ways to hide a seed phrase in your house which would make it near impossible to be found. A favorite of mine that I've talked about before is to hide it in the house itself. Unscrew an electrical socket or a light fitting and hide it in your wall or ceiling. Pull up a carpet and a floorboard and hide it under there. Take a door off its hinges, cut a little hole out of the bottom of the door (the thin side against the ground) and hide it in there. Or if you want it on metal, then use a flat plate and screw that plate on to some wooden beams or similar so it blends in with your foundations, roof truss, or similar. All of these are incredibly easy to do with the most basic of tools. A thief is never going to find these unless they have a week to systemically take apart your entire house, and if that's happening, then you've probably got bigger things to worry about.

[larry_vw_1955]

This is an interesting idea, but very few people have the equipment or expertise needed to do this.

there's a movie where they microprinted some information into the eyeball of some person on a postage stamp. there was like 4 or 5 stamps on the envelope but only one of the eyeballs had the microprinting in it.  

And of course you should never even considering asking a professional or other third party service to do it for you.

yeah, that would be very dumb indeed.

There are plenty of ways to hide a seed phrase in your house which would make it near impossible to be found.

Me crossing off all of those ways since they are now public knowledge... The first place someone is going to be looking now that you've mentioned it not only here but probably elsewhere.

A favorite of mine that I've talked about before is ...

Well and here's the thing. Those are all fine and dandy ways of hiding somethhing IF

#1) you don't end up forgetting about what things you have hidden and where. if you end up forgetting where you hid it, then you are pretty much never going to want to move out of your house! so what you'll have to do is record where you hid it. and then keep that record safe as you would your own private key which kind of defeats the entire purpose of the entire thing in the first place since just record your private key instead of its location.
#2) say you move out of the house and forget to bring it with you and maybe someone is doing some home maintenance then they find what you hid. your private key has now been revealed. there's a much greater chance of that than someone brute forcing it using a computer.

[o_e_l_e_o]

there's a movie where they microprinted some information into the eyeball of some person on a postage stamp. there was like 4 or 5 stamps on the envelope but only one of the eyeballs had the microprinting in it.  

I would imagine that such tiny printing would be incredibly fragile. A microscopic tear in the paper or even a smudged fingerprint could render the writing illegible.

Me crossing off all of those ways since they are now public knowledge... The first place someone is going to be looking now that you've mentioned it not only here but probably elsewhere.

If an attacker breaks in to your home and the first thing they do is start unscrewing all your electrical sockets and taking your doors off their hinges, instead of helping themselves to your other valuables, then you have suffered a complete failure of your opsec and your privacy. There are countless TV shows and movies where people hide things under floor boards or inside walls. This is not a new concept. For an attacker to start doing this to your house, then they must already know that you own a large amount of bitcoin, your address, you have it in a wallet which only requires one back up to compromise (as opposed to an additional passphrase or a multi-sig), and that you have said back up stored on site. And if an attacker already knows all that, then you have already lost all your security.

#1) you don't end up forgetting about what things you have hidden and where.

If you forget which outlet you've hidden it in, you could probably unscrew and check every outlet in your house in under an hour. Not a huge issue.

#2) say you move out of the house and forget to bring it with you and maybe someone is doing some home maintenance then they find what you hid. your private key has now been revealed. there's a much greater chance of that than someone brute forcing it using a computer.

So don't use a system where compromise of a single back up can lead to loss of coins. And simply move all your coins to new wallets when you move house.

[larry_vw_1955]

I would imagine that such tiny printing would be incredibly fragile. A microscopic tear in the paper or even a smudged fingerprint could render the writing illegible.

actually a better way would be to put it on film that way it is pretty durable and you could still hide it underneath the postage stamp which is probably a better location for it anyway.

If you forget which outlet you've hidden it in, you could probably unscrew and check every outlet in your house in under an hour. Not a huge issue.

"honey, what are you looking for?"

"oh nothing much but i might need to tear the house down to find it because if it's not in one of these electrical sockets then somehow it must have gotten moved into one of the wall spaces..."

So don't use a system where compromise of a single back up can lead to loss of coins. And simply move all your coins to new wallets when you move house.

so you thought you had found all your hidden private keys so you didn't move anything to new wallets. just so happens the new tenants didn't like the color of your old carpet so they had someone come and replace it. and guess what they found underneath your old carpet? a way to get your money.

[o_e_l_e_o]

"honey, what are you looking for?"

"oh nothing much but i might need to tear the house down to find it because if it's not in one of these electrical sockets then somehow it must have gotten moved into one of the wall spaces..."

If you've lost one of your back ups, then you simply retrieve a different one (since you should always have more than one back up) and move the coins within to a new wallet. Simple.

so you thought you had found all your hidden private keys so you didn't move anything to new wallets.

Losing a back up and then failing to move the coins within is a problem with any and every back up and is not unique to my method in any way. If you can't find a back up or aren't sure if you've found them all because you can't remember how many you made, then obviously you should assume the worst (an attacker now has access to that back up) and move your coins to a fresh set of wallets. This is just common sense.

[larry_vw_1955]

If you've lost one of your back ups, then you simply retrieve a different one (since you should always have more than one back up) and move the coins within to a new wallet. Simple.

that's the first time i ever heard someone say "you should always have more than one back up". if that were the case then why not make 1000 backups. more is better right? obviously not. every additional backup opens up a new possibility that your backup could be discovered by someone without your knowledge. example: you store a backup seed phrase in your bank deposit box even though you already have one at your home. now you just opened yourself up to an entirely new attack vector: someone getting into your bank deposit box and stealing your bitcoin. how many more additional backups like that do you want?

Losing a back up and then failing to move the coins within is a problem with any and every back up and is not unique to my method in any way.

the problem is, people don't necessarily always realize they have "lost" a backup do they? if they're not even keeping track of how many different places they stored it, how are they going to know one of them is lost? how are they going to keep track of everywhere they stored the backup? using google docs?

If you can't find a back up or aren't sure if you've found them all because you can't remember how many you made, then obviously you should assume the worst (an attacker now has access to that back up) and move your coins to a fresh set of wallets. This is just common sense.

i'm not sure anything is common sense when it comes to being organized and keeping information organized so that you can manage all your information.

[Lida93]

This is an interesting idea, but very few people have the equipment or expertise needed to do this.

there's a movie where they microprinted some information into the eyeball of some person on a postage stamp. there was like 4 or 5 stamps on the envelope but only one of the eyeballs had the microprinting in it.  

And of course you should never even considering asking a professional or other third party service to do it for you.

yeah, that would be very dumb indeed.

There are plenty of ways to hide a seed phrase in your house which would make it near impossible to be found.

Me crossing off all of those ways since they are now public knowledge... The first place someone is going to be looking now that you've mentioned it not only here but probably elsewhere.

A favorite of mine that I've talked about before is ...

Well and here's the thing. Those are all fine and dandy ways of hiding somethhing IF

#1) you don't end up forgetting about what things you have hidden and where. if you end up forgetting where you hid it, then you are pretty much never going to want to move out of your house! so what you'll have to do is record where you hid it. and then keep that record safe as you would your own private key which kind of defeats the entire purpose of the entire thing in the first place since just record your private key instead of its location.
#2) say you move out of the house and forget to bring it with you and maybe someone is doing some home maintenance then they find what you hid. your private key has now been revealed. there's a much greater chance of that than someone brute forcing it using a computer.

Like the saying goes, " where a man's treasure is, that's where his heart lies", so for someone to forget to move out with his private key then he must be moving out with something 3times bigger than what his private keys hold access to else why will you forget except maybe such a person is suffering from a memory loss issues.
Another thing which I find risky in hiding a seed phrase in the house could end up becoming a bad idea in the event of a natural disaster like earthquakes or man-made disaster like fire engulfing the whole building maybe out of carelessness while cooking.

[o_e_l_e_o]

that's the first time i ever heard someone say "you should always have more than one back up".

That's pretty standard advice, not just in bitcoin but in general. The problem with creating only a single back up is you have zero redundancy in your system. One mistake or event is all it takes for you to lose everything, especially considering the majority of people who create a single back up store it in the same location as their wallets themselves - at home.

Yes, you have to balance protection against loss versus risk of discovery, but two back ups in different locations should be the minimum.

now you just opened yourself up to an entirely new attack vector: someone getting into your bank deposit box and stealing your bitcoin.

Then you use a system in which compromise of one back up does not lead to loss of funds, such as an additional passphrase or multi-sig.

the problem is, people don't necessarily always realize they have "lost" a backup do they?

That's a separate problem and is common to every back up system. If you have a standard approach to all your wallets, then this issue is minimized.

Another thing which I find risky in hiding a seed phrase in the house could end up becoming a bad idea in the event of a natural disaster like earthquakes or man-made disaster like fire engulfing the whole building maybe out of carelessness while cooking.

Correct. Hence my point about always having more than one back up in separate physical locations.

[larry_vw_1955]

Yes, you have to balance protection against loss versus risk of discovery, but two back ups in different locations should be the minimum.

I understand the importance of general data backups but I thought one backup for a bitcoin seed phrase on a durable medium like a metal plate was sufficient. Maybe I got brainwashed by all this people that are using metal plates who seem to think that. Bet they dont have a second backup.

Then you use a system in which compromise of one back up does not lead to loss of funds, such as an additional passphrase

and where are you going to store your passphrase?  a multi-step system has a weakness in that it requires more than one part to be able to recover the whole. so you just made recovery efforts harder for yourself.

or multi-sig.

and who is the other party/parties? how do we know they can be trusted?

That's a separate problem and is common to every back up system.

it's really not common to every backup system just the ones you are used to using. consider a backup system where the seed phrase was not visible to the naked eye. with something like that, seems like you could store it in alot of places. if you happen to forget where you put a few of them, no big deal. not like anyone else is going to be able to take advantage...

[o_e_l_e_o]

I understand the importance of general data backups but I thought one backup for a bitcoin seed phrase on a durable medium like a metal plate was sufficient. Maybe I got brainwashed by all this people that are using metal plates who seem to think that. Bet they dont have a second backup.

So a metal plate is obviously more durable than a piece of paper, but it is not indestructible and it is not immune to loss either. What if there is a gas explosion at your house? You are going to spend weeks manually sifting through the rubble looking for a tiny metal plate? Would your local authority even permit you to do that? What if there is a flood or a hurricane? Your metal plate could now be anywhere in a 20 kilometer radius? Good luck finding that. Regardless of what medium your seed phrase is on, a single back up in the same location as your wallets themselves (i.e. at home) is not safe.

and where are you going to store your passphrase?

On a separate piece of paper in a separate location to my seed phrase.

and who is the other party/parties? how do we know they can be trusted?

Me. I'm the other party. I can set up a 2-of-2 multi-sig and back up my two seed phrases separately. An attacker would need to find both to compromise by wallet.

if you happen to forget where you put a few of them, no big deal. not like anyone else is going to be able to take advantage...

I'd prefer if the security of my wallets was not based on random chance and hoping that someone doesn't stumble across a seed phrase that I've hidden in plain sight.

[larry_vw_1955]

Regardless of what medium your seed phrase is on, a single back up in the same location as your wallets themselves (i.e. at home) is not safe.

ok i'm not going to disagree with that. based on the argument you provided yet we know most people don't do that. they have one metal plate and call it a day. just the reality of things. that's how they have been led to believe is all they have to do. plus these metal plate systems are not cheap which discourages them from doing additional backups.

On a separate piece of paper in a separate location to my seed phrase.

your protocol is getting complicated now. lets see, you have to store the seed phrase in at least 2 different physical locations and then you need to store the passphrase in 2 additional physical locations. so that's 4 different physical locations at the very least. then you have to have a way to remember where all those locations are. not impossible to do but you'll need a good memory.

Me. I'm the other party. I can set up a 2-of-2 multi-sig and back up my two seed phrases separately. An attacker would need to find both to compromise by wallet.

unless you have some special software for doing that it doesn't sound like it would be very userfriendly to actually use a wallet setup like that. unless you just plan to use the same bitcoin address over and over ignoring best use practices.

I'd prefer if the security of my wallets was not based on random chance and hoping that someone doesn't stumble across a seed phrase that I've hidden in plain sight.

so you go and hide your metal plate in some hole in the ground somewhere and you think that is safe. what happens if someone comes along with a metal detector? hopefully you dug your hole deep enough.  

[o_e_l_e_o]

that's how they have been led to believe is all they have to do. plus these metal plate systems are not cheap which discourages them from doing additional backups.

Completely agree. It's akin to how centralized exchanges have convinced people that they are too stupid to write down 12 words and need to leave their coins in the custody of a third party. Now these metal plate manufacturers convince people that paper isn't safe, when in reality two pieces of paper in separate locations is exponentially more robust (and cheaper) than one metal plate kept at home.

Nothing wrong with using metal plates, but you still need redundancy in your set up. And you can buy a stainless steel plate for 5 bucks at a hardware store. No need to pay upwards of $100 for the same thing.

not impossible to do but you'll need a good memory.

True. I also have a wife who knows about the back ups too. More redundancy.

unless you have some special software for doing that it doesn't sound like it would be very userfriendly to actually use a wallet setup like that. unless you just plan to use the same bitcoin address over and over ignoring best use practices.

It's fairly easily done. You could do it on your main computer using Electrum and two different hardware wallets, for example. Or if you've got two old laptops/computers/devices which you can airgap.

so you go and hide your metal plate in some hole in the ground somewhere and you think that is safe. what happens if someone comes along with a metal detector? hopefully you dug your hole deep enough.  

I would put that under the heading of "random chance". All my back up locations are physical secured - someone would need to physically break in, either to the building itself, a locked safe or similar, or both, in order to compromise them. They will not be randomly stumbled across.

[larry_vw_1955]

Nothing wrong with using metal plates, but you still need redundancy in your set up. And you can buy a stainless steel plate for 5 bucks at a hardware store. No need to pay upwards of $100 for the same thing.

the metal plates themselves are not what form the bulk of the cost. the tools needed to create the seed phrases on the metal plates do and does the hardware store have those too? but still i would imagine 2 metal plates $10, the tools to do the stamping maybe $50.

I would put that under the heading of "random chance". All my back up locations are physical secured - someone would need to physically break in, either to the building itself, a locked safe or similar, or both, in order to compromise them. They will not be randomly stumbled across.

https://www.nytimes.com/2019/07/19/business/safe-deposit-box-theft.html

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

[o_e_l_e_o]

but still i would imagine 2 metal plates $10, the tools to do the stamping maybe $50.

A quick web search and I can find metal engraving pen for $10-15, and a set of metal letter stamps for hammering in to the metal for $15-20. So still significantly cheaper than any proprietary piece of kit.

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

Another great argument for having more than one back up then.

[larry_vw_1955]

A quick web search and I can find metal engraving pen for $10-15, and a set of metal letter stamps for hammering in to the metal for $15-20. So still significantly cheaper than any proprietary piece of kit.

ok yeah that's true. i'll have to look into those "metal engraving pens" not sure how well they work. or how long they last but i guess they don't have to last very long to engrave a seed phrase one or two times.

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

Another great argument for having more than one back up then.

i doubt it's a great argument for anything other than not storing your seed phrase in a place like a bank deposit box or storage unit that you pay for rent to keep. as the story shows, you're at the mercy of the company that manages the thing. so are you going to admit that storing your seed phrase in such a place is highly risky?

you did read the story, right? they drilled out the locks on his box and yeah that was a mistake on their part. but they didn't realize they were making a mistake. but they had the wrong box. could happen to anyone right? then the contents of his box got sent to some other storage facility but at some point during that process, the "good stuff" got taken. stolen. get the point?