Bitcoin Forum
November 14, 2024, 10:49:38 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: info about Ian Colman mnemonic  (Read 398 times)
hosseinimr93
Legendary
*
Offline Offline

Activity: 2590
Merit: 5678



View Profile
July 01, 2023, 10:38:18 PM
Last edit: July 01, 2023, 10:51:44 PM by hosseinimr93
 #21

To be exact, you would need to guess 23 words and then calculate the 24th, as it is the checksum of the 23 previous words.
The checksum isn't the 24th word. The checksum in a 24 word seed phrase is the last 8 bits. This means that the first 3 bits of the last word are determined randomly and the last 8 bits are a function of your 256 bit entropy.
If you have 23 words and don't have the last word, there would be 8 possibilities for the last word.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Saint-loup
Legendary
*
Offline Offline

Activity: 2800
Merit: 2428



View Profile
July 01, 2023, 11:54:20 PM
Last edit: July 02, 2023, 12:48:26 AM by Saint-loup
 #22

If there are a total of 2256 combinations. one combination of 24 words has the same chance of being picked than another combination of 24 words. This probability is 1 out of 2256 whether how it was generated if each word was picked randomly.
If there are some unconscious but common psychological patterns/biases in your choices, don't you think someone or something(like an AI) could discover and exploit them one day, and instead of having to check 2256 combinations, he will just need to focus on 2^25.6 ones for example?
Personally I don't trust softwares to generate good randomness either because too many bugs/limitations have been found in the past, physical randomness is the most reliable IMO.

Quote
There appears to be a flaw in Google’s Android operating system, making it impossible for the OS to generate “secure random numbers,” which are needed to encrypt Bitcoin transactions.. This affects those who use Bitcoin wallet apps like Bitcoin Wallet, Blockchain.info, BitcoinSpinner, and Mycelium Wallet. Some apps, like Coinbase and Mt Gox are still secure because they don’t rely on the Android OS to generate their numbers.
[...]
Alex Klyubin, a Google Security Engineer on the Android team has acknowledged that this is a legitimate flaw in Android. The problem, as often seems to be the case, is Java.”Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” said Klyubin. Translated out of geek speak, that means that Android is, as we thought, not generating random numbers correctly.
https://www.digitaltrends.com/mobile/how-to-fix-bitcoin-android-bug/

Quote
Applying this test to the output of various pseudorandom sequence generators is interesting. The low-order 8 bits returned by the standard Unix rand() function, for example, yields:
Chi square distribution for 500000 samples is 0.01, and randomly would exceed this value more than 99.99 percent of the times.
While an improved generator [Park & Miller] reports:
Chi square distribution for 500000 samples is 212.53, and randomly would exceed this value 97.53 percent of the times.
Thus, the standard Unix generator (or at least the low-order bytes it returns) is unacceptably non-random, while the improved generator is much better but still sufficiently non-random to cause concern for demanding applications.
https://www.fourmilab.ch/random/

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
MusaMohamed
Sr. Member
****
Offline Offline

Activity: 1064
Merit: 346



View Profile
July 02, 2023, 03:26:56 AM
 #23

Again, the words aren't picked. Entropy is used to generate a random number, and that random number is encoded as a seed phrase.

If the random number is generated in a cryptographically secure way, then yes, the probability is the same. The point I am making is that I don't believe the Javascript function crypto.getRandomValues within a browser environment (as is the case with Ian Coleman) will generate truly cryptographically secure numbers.
fred21 misunderstood the process.

Seed phrase is a human-readable version of private key after encoding. We can pick a private key randomly with any tool like with coin, pencil, paper or with a wallet software and it should be picked offline.

We can use Bitcoin Core, Electrum wallet to generate a wallet, but turn off Internet connection before and when creating a wallet.

Keys, Addresses (Mastering Bitcoin)
Keys and Addresses (Learnmeabitcoin.com)
[Full Guide+Code]Seed Phrase & The Process of Deriving Bitcoin Addresses from It

.
Duelbits
▄▄█▄▄░░▄▄█▄▄░░▄▄█▄▄
███░░░░███░░░░███
░░░░░░░░░░░░░
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░░░░███▄█░░░
░░██▌░░███░▀░░██▌
█░██░░███░░░██
█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀
.
REGIONAL
SPONSOR
███▀██▀███▀█▀▀▀▀██▀▀▀██
██░▀░██░█░███░▀██░███▄█
█▄███▄██▄████▄████▄▄▄██
██▀ ▀███▀▀░▀██▀▀▀██████
███▄███░▄▀██████▀█▀█▀▀█
████▀▀██▄▀█████▄█▀███▄█
███▄▄▄████████▄█▄▀█████
███▀▀▀████████████▄▀███
███▄░▄█▀▀▀██████▀▀▀▄███
███████▄██▄▌████▀▀█████
▀██▄█████▄█▄▄▄██▄████▀
▀▀██████████▄▄███▀▀
▀▀▀▀█▀▀▀▀
.
EUROPEAN
BETTING
PARTNER
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
July 02, 2023, 08:03:07 AM
Merited by Cricktor (1)
 #24

Seed phrase is a human-readable version of private key after encoding.
It is a human readable encoding of your entropy, not of your private key. The seed phrase is then passed through a number of hashing functions alongside some other data in order to deterministically produce your private keys.

We can use Bitcoin Core, Electrum wallet to generate a wallet, but turn off Internet connection before and when creating a wallet.
Temporarily disconnecting the internet on a computer which is regularly used for various internet related tasks such as browsing and downloading achieves almost nothing. Any malware which steals seed phrases or private keys will just wait until you reconnect in order to send your data off to an attacker. For maximum safety you should be using a permanently airgapped computer.
fred21 (OP)
Member
**
Offline Offline

Activity: 154
Merit: 29


View Profile
July 02, 2023, 09:00:41 AM
 #25

So in accordance to what you are saying some seed phrases are easier to guess than others.

In the Ian Coleman Mnemonic, you can check entropy details.

Time To Crack
centuries
Event Count
63
Entropy Type
hexadecimal
Avg Bits Per Event
4.00
Raw Entropy Words
21
Total Bits
252
Filtered Entropy
1fd2f279505c87ecf83b09042c0a032021abfdf566eb2ea38a09a90123ed4bc
Raw Binary
00011111110 10010111100 10011110010 10100000101 11001000011 11110110011 11100000111 01100001001 00000100001 01100000010 10000000110 01000000010 00011010101 11111110111 11010101100 11011101011 00101110101 00011100010 10000010011 01010010000 00010010001 11110110101 0010111100


Are you saying that :
1) this is not big enough entropy?
2) this is enough entropy but with JS, thiere can be bugs?
3) other things?
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
July 02, 2023, 09:59:50 AM
 #26

2) this is enough entropy but with JS, thiere can be bugs?
This, as I've explained several times.

On the face of it, there is nothing wrong with Ian Coleman's site. It is a useful tool, and one I use myself for exploring seed phrases and derivation paths. But javascript entropy generators are not secure. Although the site produces 128-256 bits of entropy (depending on how many words you select), I am not convinced this entropy is securely generated, and so provides less than 128-256 bits of security.

I would never use any javascript or webpage to generate a seed phrase I actually planned on using.
fred21 (OP)
Member
**
Offline Offline

Activity: 154
Merit: 29


View Profile
July 02, 2023, 03:56:14 PM
 #27

What type of bug can there be?

This is not because something is simple that it is weak

in anyway, browser based mnemonic generators, create seed phrase. I can't see why some seed phrases are less secure than other.

For example,I could write the 2048 words each one on piece of paper. Put all in a bag, then I pick 23 times a piece of paper by placing back the paper inside the bag each time. Between each picking, I shake the bag several minutes.
I do the same to get the 24th word by taking into account the checksum

By the way is there a way to measure the randomness with which a seed phrase was generated ?
Cricktor
Legendary
*
Offline Offline

Activity: 952
Merit: 1474


Crypto Swap Exchange


View Profile
July 02, 2023, 04:41:21 PM
Merited by pooya87 (4), hosseinimr93 (4), o_e_l_e_o (4), Z-tight (1)
 #28

What type of bug can there be?

There can be any kind of bug as JS interpreters and JIT compilers are complex pieces of software, same applies to any modern browser. And it wouldn't be the first time that there could be bugs in the PRNG. You seem stubborn to acknowledge that there could be bugs and you simply can't dismiss the existance of bugs.


I can't see why some seed phrases are less secure than other.

You have been warned, but you're free to go ahead and ignore any advise.


For example,I could write the 2048 words each one on piece of paper. Put all in a bag, then I pick 23 times a piece of paper by placing back the paper inside the bag each time. Between each picking, I shake the bag several minutes.
I do the same to get the 24th word by taking into account the checksum

Thank you for this example. It's great to show issues with trying to create true randomness, which is not easy, btw.

This might work well enough, but you can't be sure. Why is that? Well, let's assume your pieces of paper are mostly equal. If they aren't, the heavier might have a tendency to be faster at the bottom of the bag, the lighter might be statistically more often at the top of the pile in the bag. That scews the uniformity of distribution of the pieces. Can you quantify it? I guess not really. It should concern you though, not to know how much of influence this makes.

Equal flat pieces of paper might tend to stick together, maybe only two pieces of paper stick together but then maybe you end up with multiple pairs of such stickies. If they only stick together for some time during shaking, it again hinders equal distribution of the pieces during shaking.

How do you want to make sure that the way you shake gives you an equal re-distribution of the pieces?

Next variable is how and from where you grab your piece when you draw one after shaking. If you distort the piece then you change it's behavior compared to the rest of the pieces. Then not all pieces are the same anymore.

I'm not sure if you get it, but understand that what sounds to be random is actually not easy to be sure it's truely random. And for the seed of your wallet, the random entropy of 128 or 256 bits, you definitely want the entropy to be as random as possible.


By the way is there a way to measure the randomness with which a seed phrase was generated ?

I'd say, not really, as the sample space of at most 256 random bits isn't enough to get good answers by the randomness tests that exist.

Usually you test your RNG source thoroughly with large sets of samples with randomness tests (there are various) and to call your RNG a good one it should pass as many test as possible without obvious flaws. Only then you know that you can rely on your RNG to produce good random entropy as your entropy seed for your wallet.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
icynote_original
Newbie
*
Offline Offline

Activity: 14
Merit: 1


View Profile
July 05, 2023, 05:55:54 PM
 #29

some month ago, I using iancoleman script for find privatekey. but never find.
please share how to using this iancoleman script for find privatekey.  Embarrassed
hosseinimr93
Legendary
*
Offline Offline

Activity: 2590
Merit: 5678



View Profile
July 05, 2023, 07:04:55 PM
 #30

some month ago, I using iancoleman script for find privatekey. but never find.
please share how to using this iancoleman script for find privatekey. 
Iancoleman can be used for generating a BIP39 seed phrase and deriving keys from a seed phrase.
What do you mean by a finding a private key? Do you mean you have a seed phrase and you want to derive the private key associated with an address?

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
satscraper
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1640



View Profile
July 05, 2023, 07:56:17 PM
Last edit: July 05, 2023, 08:46:19 PM by satscraper
 #31

What type of bug can there be?


Math.random of JavaScript is  PRNG (rather than TRNG) which uses algo (depends on browser)  designed  for general-purpose randomization  (needed for example at game development)   rather than for producing of true randomness suitable for cryptographic. So, entropy generated by JavaScript (and subsequently SEED phrase)  is less secure than that one generated by TRNG in hardware wallets, say in Passport 2  which utilities Avalanche diode as a source of randomness.

Ian Coleman mnemonic (used on offline machine)   is good for testing purpose rather than for generating SEED to which you will trust you stash.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Cricktor
Legendary
*
Offline Offline

Activity: 952
Merit: 1474


Crypto Swap Exchange


View Profile
July 06, 2023, 12:34:50 PM
Merited by satscraper (1)
 #32

<snip>

To my knowledge and if the used browser does support it, the iancoleman.html script uses strong cryptography randomness functions when they are available, not only math.random(). Rather crypto.getRandomValues() is used which should give randomness more like a CSPRNG (cryptografically safe pseudo random number generator). crypto.getRandomValues() is considerably better than math.random(), though I'm no expert in this field.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
satscraper
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1640



View Profile
July 06, 2023, 07:21:37 PM
Merited by Cricktor (1)
 #33

<snip>

To my knowledge and if the used browser does support it, the iancoleman.html script uses strong cryptography randomness functions when they are available, not only math.random(). Rather crypto.getRandomValues() is used which should give randomness more like a CSPRNG (cryptografically safe pseudo random number generator). crypto.getRandomValues() is considerably better than math.random(), though I'm no expert in this field.

Yeah, you are correct. I mentioned function commonly used at the development of  general-purpose  apps as my brain was focused on JavaScript itself rather than on   Ian Colman mnemonic which uses in browser window.Crypto.getRandomValues. However even the latter does not  guarantee that relevant numbers are truly random.

   

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Kryptowerk
Legendary
*
Offline Offline

Activity: 2114
Merit: 1403


Disobey.


View Profile
July 07, 2023, 11:39:27 PM
 #34

I don't see why the number generated would be more likely to be cracked when the seed phrase has the same chance of being guessed.
Because the number is being generated by different processes using different entropy sources. If your entropy source is poor, then your number won't be completely random.

If I put the seed phrase in any other wallet, it will generate the exact same addresses in the same order with the same private keys.
This is a completely separate (and completely trivial) function to generating the seed phrase in the first place.

I don't understand why you are arguing about this, especially when it is clear you do not understand the basics. Javascript key generators are insecure. There are plenty of easy to use alternatives already suggested. Electrum, for example, is already bundled with Tails, so is trivial to use since you are planning to use Tails anyway. As I said above, you seem very keen to use an insecure javascript generator and there is nothing we can do to stop you, other than warn you of the risk.

That's interesting, so is this the issue with javascript based key generators: They use a library which does not generate sufficient entropy to have good enough randomness? Or are are there other concerns regarding JS?
Shouldn't there be a selection of RNGs available for javascript by now? Just wondering, seems a little odd to have such a massively used language without providing a secure RNG solution.

Get educated about Bitcoin. Check out Andreas Antonopoulos on Youtube. An old but gold talk: https://www.youtube.com/watch?v=rc744Z9IjhY

UPDATE 2024: Daniel Schmachtenberger on The Meta-Crisis: https://www.youtube.com/watch?v=LSx8j8lSewA Important talk about the current state of this planet and human society in general.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
July 08, 2023, 08:36:17 AM
Merited by Cricktor (1), satscraper (1)
 #35

Or are are there other concerns regarding JS?
Again, I would point people to this post from Greg Maxwell - https://bitcointalk.org/index.php?topic=5324030.msg56590276#msg56590276.

Shouldn't there be a selection of RNGs available for javascript by now? Just wondering, seems a little odd to have such a massively used language without providing a secure RNG solution.
A selection of functions does nothing to address all the underlying issues outlined in the post above. The best solution is to just avoid webpage based wallet/seed/key generators.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!