Idea: Ledger as seed generator?

[NeuroticFish]

This should have been coming for quite a while, but I was so busy I didn't have time to post as much as I'd like and I didn't have the time to give this a good thinking.
I wrote here and there, using a Tails stick is 90% of the time a good solution for me, but I've used my Ledger for simplicity.
Of course (not surprisingly) I no longer trust my Ledger to keep more than 100$ worth of BTC on it and since I still get some earnings from signatures... I want to go away from my Ledger before it's too late.

On the other hand, I also don't want to have Electrum-specific seed, for example because I'm eyeing SeedSigner for the future.

I've been reading different topics on coin and dice based seeds and, after weighting various possibilities (like use random generator for better dice generation) I've came back to this post, which I tend to agree more and more:

1. Leave cryptography to the cryptographers.  Seriously.  Please.  For your safety and the safety of others.

Generating your own random numbers is low-level crypto.  >99% of programmers should never, ever touch low-level crypto directly.  This is not to insult your intelligence:  The smartest programmers in this space all either study up on their cryptography, or leave cryptography to the cryptographers.  Studying cryptography takes lots of smarts; knowing the limits of your own knowledge also takes lots of smarts.

And now the idea: why don't just use Ledger (only!) as seed generator?
I mean: reset Ledger as a new device, write down the new seed, reset it again (because it's unsafe), and I'm done.
Is it anything I've missed? Is this also unsafe for a reason I've missed?

(Was this already discussed and I've missed that?)

[1714848869]

1714848869

[1714848869]

1714848869

[Findingnemo]

And now the idea: why don't just use Ledger (only!) as seed generator?
I mean: reset Ledger as a new device, write down the new seed, reset it again (because it's unsafe), and I'm done.
Is it anything I've missed? Is this also unsafe for a reason I've missed?

Not a bad idea though, and since we reset after creating the seed there is nothing to worry about. So if you guys have a ledger then make use of it like that instead of just throwing it away.

But I don't see any difference at all between a seed created in a way like you said and in an offline electrum wallet or any other wallet, which means the Ledger is obsolete here and we don't need it anyway for random generation of our seeds.

[NeuroticFish]

But I don't see any difference at all between a seed created in a way like you said and in an offline electrum wallet or any other wallet, which means the Ledger is obsolete here and we don't need it anyway for random generation of our seeds.

A seed made with Electrum didn't work on Ledger. Electrum has its own standard. That's why.
If there would not be that "restriction" then I'd agree with you, Electrum would have been just fine for the job.

[Findingnemo]

A seed made with Electrum didn't work on Ledger. Electrum has its own standard. That's why.

So you are going to keep using the ledger as your wallet, because I thought it was only going to be used for seed generation then import the seed into some other wallet because you/we agree Ledger is no more to be trusted for storing cryptos.

Am I confusing, what you are trying to say?

[NeuroticFish]

So you are going to keep using the ledger as your wallet, because I thought it was only going to be used for seed generation then import the seed into some other wallet because you/we agree Ledger is no more to be trusted for storing cryptos.

Am I confusing, what you are trying to say?

No, it was only an example.
I no longer want to keep funds on the Ledger, but I fear that most other wallets (and hardware wallets) will not like (i.e. accept) Electrum - generated seed, hence... I want to try to use Ledger as generator.
Sorry if I was not clear in the previous post

[o_e_l_e_o]

Ledger devices are closed source, so you cannot verify how they are generating entropy and producing a seed phrase for you. With that in mind, it all comes down to how much you trust Ledger. No one can say for sure that what you are proposing will be entirely safe.

Your process is definitely better than using a hot wallet, but I would argue inferior to using an airgapped machine with Tails as you have mentioned, verifiably drawing entropy from /dev/urandom. If you don't want to generate an Electrum seed phrase, then I see no reason you can't use the same set up with Sparrow wallet to generate a BIP39 seed phrase (although I haven't tried this myself).

[Meuserna]

why don't just use Ledger (only!) as seed generator?

...because they might have access to your seed?  Their code isn't open, so there's no way to prove what the code (and thus the device) does or doesn't do.

If you wouldn't trust Ledger to store your seed, why would you trust them to create it?

Pick up a Blockstream Jade for around $60.

Don't risk your Bitcoin by trusting a company you already know you can't trust.

[ABCbits]

And now the idea: why don't just use Ledger (only!) as seed generator?

I'd rather just use /dev/urandom and convert the format as needed. Your Ledger probably is more useful if you use it either as decoy or store altcoin if you can't find better software wallet for that altcoin.

Is it anything I've missed?

Ledger isn't open source. And with various controversy, don't trust them or their product too much.

[m2017]

Ledger devices are closed source, so you cannot verify how they are generating entropy and producing a seed phrase for you.

Is it possible to check this somehow? I mean generating entropy and the degree of reliability of the generated seed phrases.

With that in mind, it all comes down to how much you trust Ledger.

If @NeuroticFish no longer trusts the storage bitcoins on Ledger, then I, if I were in his place, would not trust the generation of seed pharse.

No one can say for sure that what you are proposing will be entirely safe.

Ledger's representatives may say that, but we know that even what they say should not be believed.

Your process is definitely better than using a hot wallet, but I would argue inferior to using an airgapped machine with Tails as you have mentioned, verifiably drawing entropy from /dev/urandom. If you don't want to generate an Electrum seed phrase, then I see no reason you can't use the same set up with Sparrow wallet to generate a BIP39 seed phrase (although I haven't tried this myself).

Are there any other safe and reliable BIP39 seed phrase generation options?


The only way you can use Ledger HW's is by using the fido u2f function with services such as Gmail or Facebook. Although, no. Still, it is better to throw this device away and never touch it.

[philipma1957]

And now the idea: why don't just use Ledger (only!) as seed generator?

I'd rather just use /dev/urandom and convert the format as needed. Your Ledger probably is more useful if you use it either as decoy or store altcoin if you can't find better software wallet for that altcoin.

Is it anything I've missed?

Ledger isn't open source. And with various controversy, don't trust them or their product too much.

decoy is a great idea. put a few dollars worth of coins in it and you are good to go.

[Lucius]

~snip~
And now the idea: why don't just use Ledger (only!) as seed generator?
I mean: reset Ledger as a new device, write down the new seed, reset it again (because it's unsafe), and I'm done.
Is it anything I've missed? Is this also unsafe for a reason I've missed?

(Was this already discussed and I've missed that?)

I will agree with what some others have already concluded, which is that if you don't trust that you keep your confidential information on that device, then it doesn't make much sense to use it to generate that same information.

Of course, we can ask the question whether the device was connected to the internet after generating the seed and in that way communicated with the Ledger servers and possibly leaked that information - or was the entire process done completely offline and the same seed is used in another wallet.  

In the case of the latter, I don't see that there is a security threat - although after everything we've experienced from Ledger so far, I'd rather find another way to generate seeds or anything related to Bitcoin storage.

[NeuroticFish]

Thanks a lot for the great answers.

I'm not that much into Linux, so playing with /dev/urandom and so on is not for me. But Sparrow is a handy option I've missed.
And yes, Ledger will probably remain useful only for funds/altcoins/decoy and maybe as some sort of collectible.

[ABCbits]

I'm not that much into Linux, so playing with /dev/urandom and so on is not for me.

You could just copy-paste the tutorial. Here's an short example from me,

1. Get 32 HEX character from /dev/urandom using this command. I only copy-paste command from https://stackoverflow.com/a/34329057.

Code:

$ hexdump -vn16 -e'4/4 "%08X" 1 "\n"' /dev/urandom
44393B19866635398D4656494441C7BD

2. Download bip39-standalone.html from https://github.com/iancoleman/bip39/releases and open it with your browser.

3. Select "Show entropy details".



4. Copy 32 HEX character from hexdump command to Entropy text field.



You can replace -vn16 with -vn32 if you want to generate 24 BIP39 words. It shouldn't be as hard as you expected, although i understand if you find this method not convenient.

[satscraper]

And now the idea: why don't just use Ledger (only!) as seed generator?

All depends.

If you intend to use that seed generator for new generation wallets, let'us say like Passport which relies on  Avalanche diode for randomness generation, then it would be unwise.

But, if Ledger's SEED will replace those ones, generated by "old" software wallets, then why not.

After all. many years have passed since the launch of Ledger and we didn't come across any stash dissolution due to the weakness of its SEED, so far.

[Lucius]

~snip~
Many years have passed since the launch of Ledger and we didn't come across any stash dissolution due to the weakness of its SEED, so far.

The only thing we found out in the meantime is that they are not telling us the truth all the time, and that it is technically possible (remotely) to extract the seed from their HW, with which they can then do whatever they want. This fact alone, which they themselves admitted, speaks for itself - but luckily for that company, I would dare to say that at least 80% of their users still do not understand what kind of risk they are exposed to.

[satscraper]

~snip~
Many years have passed since the launch of Ledger and we didn't come across any stash dissolution due to the weakness of its SEED, so far.

The only thing we found out in the meantime is that they are not telling us the truth all the time, and that it is technically possible (remotely) to extract the seed from their HW,

Even if such possibility exists they could not be able to utilize it in the case described by OP.

As I got it, OP's frame of thought is  to  generate SEED on   Ledger being offline and reseted state,  write that SEED down and after that reset wallet again.

Thus, SEED generated by this way will be out of Ledger's team  reach.

[Meuserna]

~snip~
Many years have passed since the launch of Ledger and we didn't come across any stash dissolution due to the weakness of its SEED, so far.

The only thing we found out in the meantime is that they are not telling us the truth all the time, and that it is technically possible (remotely) to extract the seed from their HW,

Even if such possibility exists they could not be able to utilize it in the case described by OP.

As I got it, OP's frame of thought is  to  generate SEED on   Ledger being offline and reseted state,  write that SEED down and after that reset wallet again.

Thus, SEED generated by this way will be out of Ledger's team  reach.

Not if the device has bluetooth or if the device is plugged in via USB.

Using a Ledger for anything other than a decoy or a doorstop is such a poor idea.  Ledger lies to their customers.  Ledger uses key extraction code.  Ledger admitted they can't prove their code doesn't have any backdoors (they can't prove it because their code isn't open).

Don't set yourself up for disaster.

Don't trust Ledger.  Not even a little.

[NeuroticFish]

As I got it, OP's frame of thought is  to  generate SEED on   Ledger being offline and reseted state,  write that SEED down and after that reset wallet again.

Thus, SEED generated by this way will be out of Ledger's team  reach.

Yes, but I've properly understood the others' point: if Ledger cannot be trusted with keeping coins on, we cannot know what other surprises it can have under the hood.
And since there are easy open source solutions - Sparrow wallet being the most user friendly option imho - why bother taking risks with Ledger?

Quite a shame, I never thought I'll be using it for so small period of time...

It shouldn't be as hard as you expected, although i understand if you find this method not convenient.

Well, with this tutorial (thank you for it) it's way less inconvenient than I thought.
I will surely keep a bookmark to it, just in case.

[Meuserna]

if Ledger cannot be trusted with keeping coins on, we cannot know what other surprises it can have under the hood.

THIS.  Case closed.

The only safe use for a Ledger is one of the following:

1: Doorstop.
2: Target Practice.
3: Decoy Wallet.

[satscraper]

~snip~
Many years have passed since the launch of Ledger and we didn't come across any stash dissolution due to the weakness of its SEED, so far.

The only thing we found out in the meantime is that they are not telling us the truth all the time, and that it is technically possible (remotely) to extract the seed from their HW,

Even if such possibility exists they could not be able to utilize it in the case described by OP.

As I got it, OP's frame of thought is  to  generate SEED on   Ledger being offline and reseted state,  write that SEED down and after that reset wallet again.

Thus, SEED generated by this way will be out of Ledger's team  reach.

Not if the device has bluetooth or if the device is plugged in via USB.

Using a Ledger for anything other than a decoy or a doorstop is such a poor idea.  Ledger lies to their customers.  Ledger uses key extraction code.  Ledger admitted they can't prove their code doesn't have any backdoors (they can't prove it because their code isn't open).

Don't set yourself up for disaster.

Don't trust Ledger.  Not even a little.

Don't make waves.

The range of Bluetooth action  is very limited, only a few meters. Therefore, if the OP intends to generate a SEED with the Ledger nano X (which is indeed a Bluetooth-capable device), then, I don't think he will come to Ledger's office to proceed there.

If  OP uses Ledger nano s, then, they won't need to worry about Bluetooth since this wallet doesn't have that capability.

Regarding USB, OP can connect their wallet to a cold computer.


 

Sparrow wallet being the most user friendly option imho - why bother taking risks with Ledger?

I rely on the combined capabilities of Passport 2 + Sparrow + Bitcoin Core tandem in my BTC-routine  (using Passport 2 SEED) . However, I wouldn't probably  prefer  the randomness generated by Sparrow itself over, let's say, that one generated by Ledger. At least with Ledger, I am aware that RNG is certified as PTG.2 class, as stated in  ANSSI-cible-CSPN-2023_17en.pdf  document. On the other hand, there is no certification for RNG used by Sparrow (I couldn't find any relevant information on this).

Therefore, it appears that your initial idea to use Ledger as the SEED generator (while taking all the necessary precautions) makes sense.

But, sure, you are free to use any SEED.