Bitcoin Forum
June 19, 2024, 07:25:10 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Idea: Ledger as seed generator?  (Read 270 times)
NeuroticFish (OP)
Legendary
*
Offline Offline

Activity: 3710
Merit: 6426


Looking for campaign manager? Contact icopress!


View Profile
November 30, 2023, 03:52:27 PM
 #21

However, I wouldn't probably  prefer  the randomness generated by Sparrow itself over, let's say, that one generated by Ledger. At least with Ledger, I am aware that RNG is certified as PTG.2 class, as stated in  ANSSI-cible-CSPN-2023_17en.pdf  document. On the other hand, there is no certification for RNG used by Sparrow (I couldn't find any relevant information on this).

Therefore, it appears that your initial idea to use Ledger as the SEED generator (while taking all the necessary precautions) makes sense.

While certified RNG certainly sounds great, I am not smart enough to understand why Sparrow's RNG may not be good enough. (Maybe somebody can help?)
I would think that people looking up Sparrow's code would see if the library used by Sparrow for generating random numbers is flawed (but I didn't look into it myself and would not know what to look for anyway).

On the other hand, no matter how good is the random number generator if it's used with malicious intent. For example no matter how random is the number it gets; if that number is for example afterwards adjusted (!) to be multiple of a big prime number, everything will look great, but the result is a small set the seeds will be part of, hence easy to look them up and steal the money.
Of course, since nothing like this has happened yet, maybe Ledger was not that evil after all (at least this was how I was thinking when I started this), but there can be other surprises they can come with and I didn't think of.

Although I thought at first "how could I have just missed Sparrow as solution", I am glad I've made this topic. Interesting (at least for me!) ideas still come up.

If  OP uses Ledger nano s, then, they won't need to worry about Bluetooth since this wallet doesn't have that capability.

That's exactly what I have: Nano S (without plus, obviously).

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18588


View Profile
November 30, 2023, 08:25:16 PM
 #22

I would think that people looking up Sparrow's code would see if the library used by Sparrow for generating random numbers is flawed (but I didn't look into it myself and would not know what to look for anyway).
Sparrow uses Java's SecureRandom function to generate its entropy, which sources entropy from /dev/urandom. This is similar to Electrum, which uses Python's randrange which also sources from /dev/urandom.
satscraper
Hero Member
*****
Offline Offline

Activity: 770
Merit: 1436



View Profile
December 01, 2023, 08:27:42 AM
 #23

I would think that people looking up Sparrow's code would see if the library used by Sparrow for generating random numbers is flawed (but I didn't look into it myself and would not know what to look for anyway).
Sparrow uses Java's SecureRandom function to generate its entropy, which sources entropy from /dev/urandom. This is similar to Electrum, which uses Python's randrange which also sources from /dev/urandom.

Very well. According to NIST, urandom    falls into a bucket of "Non-Approved RBGs", thus it can not even be classified for RNG.

Thus, randomness coming from Ledger's TRNG (embedded into  ST33J2M0 and classified as PTG.2)  looks like more reliable  in my eyes.

It is to be regretted that OP didn't come with their idea before I have smashed my Ledger device.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18588


View Profile
December 01, 2023, 10:07:01 AM
 #24

Very well. According to NIST, urandom    falls into a bucket of "Non-Approved RBGs", thus it can not even be classified for RNG.
That's not what that means. It means it's not fully compliant with FIPS requirements (which are controversial to begin with), but they still say it can be used.

Don't forget that NIST previously promoted functions containing backdoors, so I wouldn't put too much faith in their rankings.
NeuroticFish (OP)
Legendary
*
Offline Offline

Activity: 3710
Merit: 6426


Looking for campaign manager? Contact icopress!


View Profile
December 01, 2023, 01:42:39 PM
 #25

I've also watched Andreas Antonopoulos on YouTube (https://www.youtube.com/watch?v=9scIevuymZM) telling that probably the old Ledger Nano S has too small memory to hold any threat Cheesy
Somehow he tries to minimize the potential evil Ledger can do. On the other hand he said or implied that such functionality (API) can be done (or already exist) in theory in any hardware wallet, so we are pretty much going nowhere. Of course, some HW are fully open source and that helps.



Since there are some holidays around here, I had time to make a test. I wanted to setup a cold storage with an encrypted Linux on an USB stick. After spending almost a full day with Ubuntu, Debian and Mint all failing on me in various ways (i.e. I was unable to install without errors and start), I was left with the good ol' Tails, where, as I suck at Linux (nothing new here), I was unable to install Sparrow, but I was able to follow ETFbitcoin tutorial with /dev/urandom and IanColeman page (thanks!!) and make myself a new seed.

Generating new seed with Ledger would have been more convenient, but... I am still unconvinced (well, the seed made with /dev/urandom is still a test, no funds sent yet).

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
satscraper
Hero Member
*****
Offline Offline

Activity: 770
Merit: 1436



View Profile
December 01, 2023, 02:29:57 PM
 #26

Very well. According to NIST, urandom    falls into a bucket of "Non-Approved RBGs", thus it can not even be classified for RNG.
That's not what that means. It means it's not fully compliant with FIPS requirements .

Yeah, I know this but if it is not fully compliant with FIPS why should we trust it at such app as crypto wallet. The question is rhetoric.


I wouldn't put too much faith in their rankings.

Anyway, we need to trust some entity of this kind. At this moment I would prefer to put faith to NIST rather than on anything else.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!