Accardo
|
|
October 25, 2023, 04:23:57 PM |
|
Talking of generating a seed phrase with dice, I just stumbled across this post on Reddit: https://www.reddit.com/r/coldcard/comments/17epqk8/040_bitcoin_taken_instantly_from_my_coldcard/OP used a single dice roll to generate his seed phrase. He rolled a 5, used that as his entropy, and had his funds immediately stolen. Obviously it's a failure on OP's part to understand what is going on, but it's also a massive failure on Coldcard's part that it let him proceed to generate a seed phrase using a single dice roll. Very bad situation that would have been easily avoided if the user had simply calmed down, used common sense, and done some research. Coldcard has videos and documentation explaining the process of rolling dice and generating a seed from dice rolls. He didn't bother checking any of that, and was more concerned getting his money off his Ledger as soon as possible, even though there isn't an immediate threat. Coldcard is partially to blame for allowing it, but that's what you get if you want absolute control. I am not a Linux user, but I know the system gives you much more freedom than Windows. That also means a possibility of making serious self-destructive mistakes. Handing over freedom to users; decentralization. Still has disadvantages like self-destructive mistakes. Most cold card guides I've read suggest for 100 rolls or more, but from his responses he never looked into it. He thought it'll be just like his ledger wallet experience. I'd support one of the responses on the thread; saying that inexperienced users should use the coldcard generated seed phrase. Instead of using the rolling dice feature of generating seed phrase. He shot himself on the leg trying to increase the security or entropy of his seed phrase; make it hard to guess or brute-force. Cold card is not to blame. It's not their responsibility. As they were not present with the user to guide them physically, on how to use the dice generated seed feature. With their true random number generator in the hardware chip. The hardware's seed picking methods are still secure against attackers. Not every user can boost the entropy of their seeds using the dice. How then can CC help them? It's now a personal encounter or issue. It would have been better if the victim imported seeds from his previous wallet. The dice generated seed phrase is easy to guess if the user is not experienced at generating entropy. It'll be a better security development if they restricts users that use a single dice roll to generate seed phrase.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
|
October 26, 2023, 03:12:17 PM |
|
It would have been better if the victim imported seeds from his previous wallet. That would have defeated the purpose of him buying a new hardware wallet. He bought his Coldcard to get away from Ledger that he lost his trust in. Obviously, you have to move away from the old seed phrase also. It'll be a better security development if they restricts users that use a single dice roll to generate seed phrase. They can at least add a warning message informing users if the provided number of dice rolls isn't sufficient enough for a safe wallet. After that, it's up to the user to make a greater effort. It's easy to blame the user after something like this, but honestly, I don't know what he was thinking.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
shield132
|
|
October 27, 2023, 10:25:12 AM |
|
Is there any reason to generate seed phrase with dice when you can generate it in Electrum? There is no reason and when problem is easy to solve, you shouldn't start looking for more complex solutions. If we want to get number 2 by adding some numbers to each other, easy solution is: 1 + 1 = 2 Hard solution is: 49+60-5+17+43-150+12-24 = 2
I hope I explained well what I wante to say. If OP's discussion is just a theory, then my answer will be that you are safe to generate a see phrase with biased dice if no one knows that you are generating a seed when you roll dice. There are millions of rolls every day on many casinos, if no one knows that during 10:18 - 10:20 Pmalek logged in in his account and played dice and saved their results on paper, then there is absolutely no way someone will be able to hack your wallet.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1708
Merit: 8353
Fiatheist
|
|
October 27, 2023, 12:24:15 PM |
|
Is there any reason to generate seed phrase with dice when you can generate it in Electrum? How can you verify that your seed is generated randomly, on a hardware level? Short answer: you can't. You can rely on cryptographic libraries, which rock and the like, but when it comes to generating random numbers, while CSRNG are pretty good sources, there is no manner to verify they aren't tampered whatsoever. Tossing coin can provide complete and provable randomness. It doesn't go more transparent user interface than that.
|
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
|
October 27, 2023, 03:26:32 PM |
|
<Snip> With that logic, you could also ask why would anyone use any other wallet than Electrum. And still we have loads of software, better or worse than Electrum. Electrum doesn't generate BIP39 seeds, which is the standard for many other wallets. They have their own unique system that is older than BIP39 but far less represented in other wallets. So that's one reason. It also seems to me that you have confused dice and a die with the casino game Dice. This isn't about dice games.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Kruw
Full Member
Offline
Activity: 588
Merit: 141
Make your Bitcoins anonymous - wasabiwallet.io
|
|
October 27, 2023, 05:59:49 PM Merited by vapourminer (1) |
|
Are you saying that we should be combining two sources of randomness or that it's already happening in the background? Is that what the Coldcard and Seedsigner are doing when you input dice rolls into the devices to generate your seed? It's already happening in the background on Coldcard - https://coldcard.com/docs/faq/#entropyCan you provide a few examples?
Every time you roll the dice, also flip a coin. If the coin lands heads, keep the dice result. If the coin lands tails, invert the dice and record that result instead.
|
Coinjoin for FREE! - Connect using https://coinjoin.kruw.io/
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
That's interesting. I didn't know that. I thought that if you select the dice rolls seed generation method, that the entropy comes only from that source. But according to the documentation you linked to, 256 bits of entropy is already generated from Coldcard's hardware and the dice rolls are an addition on too of that. But if that is true, I don't know how to explain this situation that o_e_l_e_o shared a few posts above. The user claims to have rolled a dice and got a '5' which he used to generate his seed. I seriously doubt he used advanced methods to bypass Coldcard's automatic entropy generation (the automated one you talked about), but still got his coins stolen (allegedly) within minutes. The whole story could, of course, be a a smear campaign and complete bullshit, but it's still different from what you said and what the Coldcard docs claim.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
DaveF
Legendary
Offline
Activity: 3668
Merit: 6671
Crypto Swap Exchange
|
|
October 27, 2023, 06:52:51 PM |
|
Slightly OT, but something that was said to me years ago that stuck. All 6 sided casino dice are biased over hundreds of thousands of rolls. They are man made and will show it given time. But in the short term of hours that they are actually on the table it does not matter. If the dice here that @Pmalek are not used for anything else and came from an unknown source then it will never matter because there is still enough randomness in them. Now, loaded dice: https://www.amazon.com/Character-Builder-Loaded-Koplow-Games/dp/B001N1JIU8 that is a different thing. -Dave
|
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
|
October 27, 2023, 07:26:54 PM |
|
There is an interesting experiment that someone like BlackHatCoiner and possibly o_e_l_e_o could partake in. The dice that you linked to aren't available anymore, but if they could get an equal set, it would be fun to see how much entropy you could generate despite their bias towards rolling sixes.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
shield132
|
|
October 27, 2023, 07:43:36 PM |
|
<Snip> With that logic, you could also ask why would anyone use any other wallet than Electrum. And still we have loads of software, better or worse than Electrum. Electrum doesn't generate BIP39 seeds, which is the standard for many other wallets. They have their own unique system that is older than BIP39 but far less represented in other wallets. So that's one reason. It also seems to me that you have confused dice and a die with the casino game Dice. This isn't about dice games. Oh sure, this is not about dice games, my mistake, my brain always thinks about dice and when I read word biased, I quickly thought it was about the problem with provably fairness. I don't say you shouldn't use any software other than Electrum. I simply suggest to use what has been used and tested for years in bitcoin industry, what has been proven to be safe and reliable. You can use Sparrow, no problem but it doesn't have android or ios app if that matters for you. Btw if seed phrase randomness is a problem for you, then I would use vanity address generator on airgapped personal computer and generate bitcoin address with short random prefix. You'll receive private keys that there is absolutely no way they'll be biased or untrustworthy.
|
|
|
|
DaveF
Legendary
Offline
Activity: 3668
Merit: 6671
Crypto Swap Exchange
|
|
October 27, 2023, 08:50:18 PM |
|
There is an interesting experiment that someone like BlackHatCoiner and possibly o_e_l_e_o could partake in. The dice that you linked to aren't available anymore, but if they could get an equal set, it would be fun to see how much entropy you could generate despite their bias towards rolling sixes. I see them as available here, are you US based? The biggest issue is HOW loaded they are. Are you going to roll 20% more sixes or 50% more 90% more? I would think that if you didn't know they were loaded after a few rolls it would be obvious. But the question would be how many till you go hmmmmm something is wrong here. -Dave
|
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2954
Merit: 7565
Playgram - The Telegram Casino
|
|
October 28, 2023, 06:37:10 AM |
|
I see them as available here, are you US based? No, I am not from the US, and currently not logged in to my Amazon account either. I am still getting a "Product Unavailable" description, though. The biggest issue is HOW loaded they are. Are you going to roll 20% more sixes or 50% more 90% more? According to the calculations by BlackHatCoiner, even a visibly biased die is good enough to create enough entropy. And based on what Coldcard's documentation says, the entropy from dice is just an extra that goes on top of the hardware-generated entropy from the device.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
October 28, 2023, 09:23:02 AM |
|
That's interesting. I didn't know that. I thought that if you select the dice rolls seed generation method, that the entropy comes only from that source. But according to the documentation you linked to, 256 bits of entropy is already generated from Coldcard's hardware and the dice rolls are an addition on too of that. Coldcard provides all three options - PRNG only, PRNG + dice, or dice only. https://coldcard.com/docs/middle-ground/#generating-seed-wordshttps://coldcard.com/docs/paranoid/#generating-seed-words-with-256-bits-of-entropy-by-dice-rollsIn the thread I linked, the OP chose dice only and then proceeded with a single dice roll of 5. You can verify this yourself by going to Ian Coleman, showing entropy, putting in "5", choosing dice rolls, choosing 24 words, choosing BIP 84, and generating the same addresses as OP: https://mempool.space/address/bc1qln3mjur5h67xenn04vepunx27fhpvfgvqgwelxhttps://mempool.space/address/bc1qmq80v8cxlsuwkxc8yt7hzjf05jyga3q5uea9uk
|
|
|
|
DaveF
Legendary
Offline
Activity: 3668
Merit: 6671
Crypto Swap Exchange
|
|
October 29, 2023, 12:52:59 PM Merited by vapourminer (1) |
|
I see them as available here, are you US based? No, I am not from the US, and currently not logged in to my Amazon account either. I am still getting a "Product Unavailable" description, though. The biggest issue is HOW loaded they are. Are you going to roll 20% more sixes or 50% more 90% more? According to the calculations by BlackHatCoiner, even a visibly biased die is good enough to create enough entropy. And based on what Coldcard's documentation says, the entropy from dice is just an extra that goes on top of the hardware-generated entropy from the device. Did some poking around, they are showing not available from a bunch of different IPs when going to Amazon. Guess since it's 'sold by' someone else but shipped from Amazon they are only in the US warehouses. If you want a set PM me and I'll ship them to you. Going to be interesting as what to put on the customs form....
Dice for seeds has been done for a while, and as discussed they just add to the entropy from the device. BUT if the entropy is bad / wrong on the device and the dice are loaded not just biased? Over a large enough set of wallet creation with rolls you can run into other people generating the same info. The question is how many. But, you also then have to answer how bad is the entropy and how loaded are the dice. -Dave
|
|
|
|
Cricktor
Legendary
Offline
Activity: 952
Merit: 1530
Crypto Swap Exchange
|
|
September 23, 2024, 02:00:46 PM |
|
~~~
Besides necro-bumping the thread and likely not adding really new content, except maybe for your favorite online dice site, how is a Pseudo Random Number Generator truly random as you claim for that site? That's a contradiction in terms. A PRNG generates deterministic random numbers which only appear random but have a finite sequence period. The determinism is initialized with some start values that ideally aren't predictable. From the same start values a PRNG will generate always the same sequence of pseudo random numbers.
|
|
|
|
ABCbits
Legendary
Offline
Activity: 3066
Merit: 8092
Crypto Swap Exchange
|
~~~
Besides necro-bumping the thread and likely not adding really new content, except maybe for your favorite online dice site, how is a Pseudo Random Number Generator truly random as you claim for that site? That's a contradiction in terms. A PRNG generates deterministic random numbers which only appear random but have a finite sequence period. The determinism is initialized with some start values that ideally aren't predictable. From the same start values a PRNG will generate always the same sequence of pseudo random numbers. @SemiSharma made a non-sense posts, because it's generated with AI. And if you look at his post history, he actually perform hidden SEO spam by adding spam link few days later to avoid moderation. Anyway, i've reported this user and should be nuked soon.
|
|
|
|
DaveF
Legendary
Offline
Activity: 3668
Merit: 6671
Crypto Swap Exchange
|
|
September 24, 2024, 06:17:32 PM Merited by vapourminer (1) |
|
Forgot about this till it got bumped. I had bought the loaded dice to play with. And they really did roll more 6's then normal. Enough to be obvious over a few rolls if you are paying any sort of attention.
So by themselves you would not want to use them to generate a seed. To add some more randomness to a good RNG would probably be fine if the RNG was good. Its just more data to be used.
As a human experiment would be interesting to see if you just put one of the loaded dice in a group of good ones if how many rolls would it take for someone to figure out which one it was.
-Dave
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4508
Merit: 3419
|
|
September 28, 2024, 10:19:50 AM Last edit: September 28, 2024, 08:45:46 PM by odolvlobo Merited by Pmalek (2), vapourminer (1) |
|
I'm not an expert but it seems to me that a biased RNG is only vulnerable if the attacker has information about the RNG or can easily guess the RNG's bias.
For example, suppose that for some reason, your die rolls a 5 less often than expected. How could an attacker take advantage of that bias without knowing that it exists?
Now that I think about it, I think I can answer my own question...
The main idea is that an attacker is not trying to find a specific key, but is trying to find any key. An attacker deciding to attack any keys that came from rolling dice would start out assuming the worst bias and progress by incrementally assuming less bias. Thus, the entire space does not have to be searched to find any entropy generated by biased dice.
An attack against a specific key would be similar, but would start with the RNGs that are most likely to be used. It seems to me that this would add another dimension to the effort, making it infeasible to attack a specific key generated by any RNG with even a low bias.
So, it seems to me that you can safely generate entropy with biased dice if you do it correctly and the bias is not significant. Either way, generating extra entropy seems to be an easy way to overcome any bias.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1708
Merit: 8353
Fiatheist
|
It would be interesting if someone funded an address which was generated using a very biased dice, just to check if people could claim the bounty, sort of like these collision puzzles. If you think your dice is biased, then just roll it for a hundred times. As I have demonstrated in here, even if '1' would come with a probability of 0.75 and 0.05 for each other side, the dice would still produce sufficient entropy if rolled for 100 times.
|
|
|
|
Drawesome
|
|
October 01, 2024, 05:05:40 PM |
|
I've thought about this. Toy dice often have biases. The issue is that if the biases are random due to bubbles forming inside, we wouldn't know anything without inspecting the dice first.
However, there is a type of bias that would be predictable, caused by drilling the pips or filling them with a different material. This bias would make the heavier parts more likely to settle at the base, increasing the probability for the opposite faces. In a quick search, I found that a standard piped die can roll a "6" approximately 0.5% to 1% more often than a perfectly balanced die. In this case, despite the bias, I believe the entropy is still sufficient to consider it safe, but we could do some calculations to verify.
|
|
|
|
|