Thanks, it was certainly a bit of a conundrum :/

Thanks :)

Glad it was helpful!

Thanks, glad it helped

Hola! Thanks and stay safe down there :)

Argentina 🇦🇷 dam the inflation is crazy in that country I hear hope u store your value life energy in bitcoin and spend Argentinian pesos

Yea it's truly insane to see the inflationary stuff playing out there at crazy speed, at least with BTC there is a more accessible option for the masses to avoid the worst of it...

@CryptoGuide The only solution to inflation is ₿itcoin thank god people have a option to opt out in countries like that

.

For sure, it's one of those instances where attempting to offset the theoretical risk of RNG issues will mostly increase the overall risk due to the possibility of messing it up somehow...

Stay safe :)

But how can you mess up "mixing" 5 dices, 20 time in a shoe carton?? What can go wrong???

Most folk don't do it that way.

@@Kerrington_John unbalanced dice may skew the results, plus you have to enter them into a computer to calculate the checksum and that may expose your private key.

Yea bad/inconsistent UX can make it such that even an otherwise advanced user can end up making a mistake like this.

Thanks heaps for the tip, glad you found it helpful :)

Thanks, glad it made sense and glad you found Krux, it's a great project :)

Thanks :)

It actually did have a warning and newer versions of MK4 firmware don't allow you to proceed (Though Mk3 still does)

@@CryptoGuide good to hear. Too bad for me. I must have had the old firmware.

I'm sorry for your loss

​@@bpheardhow often did you roll? Do you still remember it?

@@Kerrington_John unfortunately, only 6 times.

Good job :)

What amount of dice rolls is enough?

50 at a minimum

@@CryptoGuide And this generated enough entropy?

Basically yea

Thanks

Seriously this guys videos have totally helped me with self custody

Glad they have helped :)

@@CryptoGuidelol u took there crypto and gave it back hopefully if I ever get hacked he like u

Unfortunately most of the time it is simply taken and never returned :/

Thank you! Cheers!

Glad it helped

Thanks, glad it helped

Yea it's mostly sorted in the newer firmware on the Mk4 which enforces the minimum of 50 rolls, though this is only on the default workflow. (It's still possible via the temporary seed method)

If you are buying one from the official store and it doesn't look like it has been tampered with then it's probably fine. :)

Thanks, glad it helped

Thr best option is just to let the Coldcard generate the seed for you, using it's onboard TRNG.

The Bitcoin blockchain is over 500GB, LTC is over 100GB and eth is terabytes.

Trezor mixes entropy from both the onboard MCU and the PC that you are connected, both source of entropy would need to be very flawed on both systems for it to be an issue. Trezor also has has deterministic builds, so it's perfectly safe and reasonable to conclude that it's working as intended and that entropy (and therefore seeds) from Trezor are fine.

@@CryptoGuide Thank you!

​@@CryptoGuide what about ledger? They are closed source, so is there no way to ensure the entropy of the seed is enough? They do cite AES-31 certification but I don't think that rules out bugs? Also do they mix entropy from another source like trezor? Would adding a long enough passphrase to the seed protect against such risks? Many thanks, much information is needed to be shared around seed generation entropy.

Ledger use a certified TRNG, but yea a passphrase also mitigates against potential entropy issues in the seed.

Basically there are two seperate workflows, one that is deterministic and one that isn't.

Thanks :)

Basically Blockstreams suggested workflow is fine and because you are generating words directly from the rolls, it's easy to keep track of roughly how much entropy you have in there. (As opposed to what the Coldcard was doing, generating a 24 word seed off a tiny amount of entropy) Modern operating systems are generally fine in terms of being able to generate entropy, the challenges with this tended to be related to embedded systems which didn't have as many peripherals to mix in as entropy sources. The bigger issue tends to happen when software wallet developers don't make use of the cryptographically safe sources of entropy, instead just using basic random() type calls. (Which might be fine for day to day programming, but aren't sufficient for cryptographic use cases)

@@CryptoGuide Thanks a lot, this is really super interesting. Wouldn't have expected that those strange dice would be sufficient! And good to know that modern systems are good enough for providing entropy.

No worries :)

Yea it's pretty crazy, the guy had no idea what bad happened, but was pretty good about the whole thing.

Almost half a bitcoin

.

Thanks

A few thousand USD worth

It would add as much entropy as you added into the passphrase, but would mean the seed isn't identified as being in-use by automated tools that look for such things.

Sorry to hear it, it was a really easy mistake to make with Coldcard for a while there

Nice :)

99 rolls for a 24 word seed is even better, but 50 rolls gives you 128 bits of entropy (for a 12 word seed) which is sufficiently high to prevent it from being brute forced. (So 50 is the minimum, not the max :) )

@@CryptoGuide Okay thanks. Is there a best way to roll the dice? Perhaps shaking up 5 casino dice in a shoebox and then sliding them to one side and input their numbers going from left to right?

Yea basically multiple dice are better than one and mixing them up and reading them on a row is how you want to do it. The thing with using 99 rolls is that even if your dice have a bad bias, you will still have sufficient entropy to be way over 128 bits. (They would need to be almost as bad as a coin flip for it to be a problem with 99 rolls)

@@CryptoGuide okay so would doing it with 3 dice and reading them in a row be fine as well? I just realized I only have 3 casino dice

Shouldn't be an issue. Part of the advantage with multiple dice is that differences/bias between them is mostly cancelled out as the order in which they are read each time will change.

If I didn't have any and was starting out I would probably get a Jade. It gives you the most bang for buck by a mile and also supports the full range of advanced features. (While still being safe and simple if used normally) Being able to use it with a mobile over Bluetooth is also really nice.

Than you

Depends on what I want to store and what device I want to use to access it. The best value retail option would be either the blockstream Jade or Trezor Safe 3. (Though only the former will work with an iPhone)

Child seeds have the same entropy as the parent.

There are two ways that this can happen with any wallet. 1) The wallet uses flawed entropy generation, meaning that there may only be a few billion possible seeds that it can produce. 2) The wallet leaks wallet information to another PC/App. Basically if you have a device that is both open source and uses deterministic builds, coupled with open-source companion apps, then the hope is that folk would notice something like 1 or 2 happening and raise the alarm :)

@@CryptoGuide Thank you for the quick response. Do you know if Trezor is fully Open source and uses deterministic builds and the trezor suite app is also open source? To make it clear is Trezor one of the safest in that respect?

Trezor is both open source hardware and software with deterministic builds. :)

This question doesn't make much sense... The Electrum vs Sparrow difference doesn't matter and the Coldcard Mk4 and Q1 are fundamentally the same in terms of security. What are your actually trying to achieve?

There is nothing wrong with letting you hardware wallet generate the seed words, but if you are feeling paranoid then you could use 100 dice rolls. (Or just add a passphrase instead to also protect your backups)

@CryptoGuide after watching this video I'm paranoid lol. thanks for educating us plebs on how to keep our btc safe and secure

Perhaps I should have mentioned it a few more times but basically the hardware or software key generation generally the best choice for the vast majority of folks, it's very difficult to mess up. ;)

@CryptoGuide Yeah I understand what you mean it's the easiest & safest way for the average basic user not to mess up or over complicated things to much and lose funds due to technical capabilities. Thank you soo much you add value to the bitcoin community

Glad it helped :)

If you mean BC Vault, it's totally closed source, so there isn't anything to review beyond taking the vendors word for it that it's doing what they say it's doing.

@@CryptoGuide yes BC Vault, so you don’t recommend this wallets at all then?

It might be fine if you already have one, but I would suggest there are better alternatives :)

Trezor, Jade and Bitbox are all great options. Bitbox02 is probably the easiest to use and Jade is the one you want if you need to use it with an iPhone.

@@CryptoGuide do you think passphrase is necessary?

Depends what you want to achieve, it can be a great way to add a layer of protection to your physical backups. That said, it does add complexity to your backups and should be written down somewhere as well.

What do you mean "chosen 12 nice BIP39 words", do you mean with dice or just chosing words that seem good to you? (If it's the latter then this isn't secure at all)

@@CryptoGuide Ooops - I actually meant self-selected words + PassPhrase = ParentSeed This ParentSeed + Index = ChildSeed Such a ChildSeed is not safe at all? : ( And such a CS + PassPhrase then probably not much more? 😳

Self selection of words is a security disaster... Don't do it, humans suck at randomness... There is literally no reason to do this...

@@CryptoGuide This is unpleasant to hear, but of course I am very grateful! I was aware that even selected words are not really safe. But I assumed that these human traces would be "obliterated" if they were combined with a PassPhrase and an index to derive a new (child)seed, which then also got a PassPhrase. The reason for this "recipe" is a brainwallet that is supposed to be bulletproof - but apparently this is cryptographic nonsense. Thank you for your many efforts to teach people and lead them into the new era as harmlessly as possible! 🙏🙏

Where did you get the idea that brainwallets are bulletproof? (They are one of the worst ways to secure your funds, for multiple reasons)

There is nothing wrong with the default RNG, but yes you can easily add a passphrase with Coldcard. (Just be sure to include it in your backups too)

The same, as each first word is representing the first few bits of entropy from whatever device you are getting it from. (And you are basically throwing away the rest each time) The matter of sourcing those bits from different sources is still a factor, but isn't related to the actual amount of entropy.

If you are using 99 rolls then there is a huge buffer of extra entropy above the minimum 128 bits, so as long as you are rolling an actual dice (even a crap one) it will be fine.

No, but the main issue is that for the firmware up until Feb 2023, it was easy to think that you were in the "adding rolls" workflow when you were in the deterministic one. The "additional rolls" workflow is triggered by letting the device generate 24 words and then pressing a button at the step where you review the initial words. (Which then prompts you to add dice rolls)

Almost certainly, what version of firmware were you running?

Or just use the onboard TRNG and a passphrase of you don't want to trust it ;)

@@CryptoGuide I also assume that this is probably the best choice. If I really started to hodl lots of Bitcoin, I should hodl my coins in multiple completely seperate wallets anyway to reduce damage in case one does somehow get compromised. The extra paranoid people could also compile the software themselves and flash it onto the device before setting it up to be extra extra extra safe.

I think that most people struggle to maintain one set of backups, so introducing multiple sets just complicates things further.

@@CryptoGuide This method however literally decentralizes your risk of loosing everything. And as long as you carefully plan, what you are doing, keeping track of all your assets. Utilizing this method makes your assets as safe as horcuxes made Voldemort unkillable. Just make sure to not give anyone a proximity sensor for your hardware wallets and access to your memories around the clock. Then you should be as safe as Voldemort initially intended to be - at least financially.

Ideally sure, but don't underestimate the danger that complexity adds to your backups

The video explains it but basically the Coldcard allowed the users to generate a 24 word seed based off a single dice roll.

Adding a passphrase is only additive. (And can add some benefits like plausible deniability)

@@CryptoGuide thanks for the reply!

No worries

They are both very similar. Basically the Safe 3 is going to be a great option if you aren't an advanced user who will be doing stuff like Multisig.

No, that's exactly the opposite... The users who lost funds used dice (with too few rolls) and would have been better off using the onboard TRNG.

@@CryptoGuide ahhhh okay thanks 🙏

No worries, stay safe :)

The key thing in this instance is the number, so you want to make sure that you have at least 50... (And 100 is better)

@@CryptoGuide Thank you very much for the answering of all my questions. You got a new subscriber !

No worries, thanks :)

No problem and thanks for the tip :)

They are a great device for advanced users, but not really suitable for beginners.

No, you need at least 50 for a 12 word seed and 99 for a 24 word seed.

Depends on what you are looking to store and what device you intend to use to interact with the hardware wallet.

​@@CryptoGuidefor Bitcoin? Is jade entropy good enough? If used with green on phone?

Jade is a great device and there is nothing wrong with having it generate the seed for you. (This is the best approach for the vast majority of users)

@@CryptoGuide thank you for your reply. Im already using a hard wallet but also thinking of getting another cold wallet for BTC only and another one for alt coins only. What would you recommend for those?

Jade is great for Bitcoin, what you use for alts will depends on what you want to store and will mostly come down. To comparability

With the firmware from earlier this year, you just rolled once, pressed that you were done and you were good to go. You can achieve the same thing today, with the current firmware, via the "Temporary Seed" workflow.

No, I mean a BIP39 passphrase see coldcard.com/docs/passphrase/ or www.ledger.com/academy/passphrase-an-advanced-security-feature

@@CryptoGuide Sorry for asking but What is the difference if I use a random passphrase that I can only think? This isn't safer?

What does "I can only think" mean?

@@CryptoGuideInstead of using a word from BIP -39 list, why not using a passphrase with numbers words and sumbols to make it much harder for someone to find?

A BIP39 passphrase doesn't need to be a single word or even words from the BIP39 word list. It can in include numbers, symbols, etc. Just be sure to include it in your backups somehow as well.

A pen and paper used for what? (In terms of seed storage, a pen and paper is what you want)

No, letting the device generate the seed is the best option for the vast majority of people

@@CryptoGuide thanks

No worries :)

​​@@CryptoGuideBut rolling 100 dices isn't that difficult. Just use a shoe carton, mix 5 dices 20 time and that's it. How isn't that for nearly everyone better/safer than letting cold card generating a seed?

Because too many folk don't take the time to do it properly, will just pick numbers themselves without dice, etc.

Yes a passphrase does add a significant layer of protection, especially if you never made any transactions on the raw seed as there is simply no way for someone to know that that seed is even in use. Multisig does add even more security, but also adds significant complexity in terms of what you need to keep for the backups.

​@@CryptoGuideCould you further explain how to keep a "clean" raw seed? Isn't even sending 0,1 BTC to it making it "dirty"? And if someone finds your seed, couldn't he see anything on it stored, doesn't matter if you were using it for transfer or not?

It isn't really a case of dirty or clean, but simply that if a given seed has never made any transactions without a passphrase, it's impossible to know it if has ever been used. (Either with a passphrase, with multisig, etc)

@@CryptoGuide But what does that change? It's only a problem if someone finds your seed ? And the probability is near 0 or am I wrong? How else will someone know your seed ??

That's right, it's only relevant if someone finds your seed.

I'm sorry for your loss...

Basically if you use a single die then it's bias could be an issue. That said, if you do the full 99+ rolls for a 24 word seed, even if the entropy out of a single dice isn't perfect, it will still be well above what is required for a secure seed. (This would only be a major problem if you were only doing 50 rolls for a 12 word seed, going for the full 24 gives you a significant buffer) For it to be a problem with 99+ rolls, the dice would need to be so bad as to be looking almost like a coin toss in terms of the outcomes that it is giving you.

@@CryptoGuide thank you. How many dice should you use and can they be six sided dice? And would a seedphrase created by throwing a die (or two dice perhaps?) 99 times be as or more secure than a wallet created using a Ledger device?

2+ dice is fine and D6 dice are also fine. (And the dice don't all have to be the same) Just look at my video on making a zero trust wallet with dice and I talk about it more there.@@pubdefendr

@@CryptoGuide I watched the video you mentioned. Thank you! Do you think that creating a seed phrase on seedsigner using a picture is more secure than by using dice?

The camera mode is about better convenience and speed, not better security. (Especially if compared against 99 dice rolls)

Though I do agree that the CC UI/UX is kinda crappy

Because it's mostly related to a firmware flaw that was present in the mk4 and has mostly been an issue for mk4 users thus far.

​@@CryptoGuide Cut you explain further what you mean with Firmware flaw?

Basically the firmware didn't enforce a minimum number of dice rolls for the deterministic dice process, which was made worse by the fact that this process was moved to so as to be far easier to find. It has been partially fixed, but the unsafe seed generation is still possible in older firmware (so Mk3) and also in the Mk3 if initiated via the temporary seed workflow.

​@@CryptoGuide I understand. So it was a secondary security problem. You could always have created safe wallets by dice roll on the mk3/4, but only by rolling enough dices by yourself. So beginners and people without enough knowledge would be in danger. That's a grave mistake done by coldcart to be honest. Shouldn't have happened. Hope the rest of their software & hardware is ok.

I have ordered a Trezor 3, so will post when it arrives. Generally speaking it looks to have all the features of the T at a fraction of the price... (Though without the fancy colour touchscreen)

@@CryptoGuide plus the secure element. However I’d like to know how you’d enter the passphrase without the touch screen. Do you have to use the computer keyboard and risk key logging detection?

​@jonathanlivingston7358 it's via the screen using the two click buttons like on the trezor one

@@formetoknow540 oh I c. So that means that Trezor T and 3 have the same level of security to remote attacks but Trezor 3 is higher in security to physical attacks. I don’t know how I feel about entering a long passphrase with just two buttons. That must be quite difficult Thank you!

Yea you can see in both their announcements and their Github that passphrase entry can be on-device, so it will likely be a fairly painful exercise to enter with two buttons, though no worse than something like a Ledger.

As long as you can manage the extra backups required :)

I don't think it is, but Ledger and Trezor and excellent choices.

That isn't really the approach with Coldcard, it's basically a device by advanced users, for advanced users. (And is therefore often not really suitable for newbies to use)

Just because you are paranoid doesn't mean that you are wrong ;)

@@CryptoGuide Haha well, to be fair, I use a password manager. Only my master password is generated with 50 dice rolls. All my other passwords are randomly generated by the password manager and are 50+ random characters long.

Nice, simply using a password manager is a great thing that far too few people do...

Thanks for the tip, I'll work on it :)

you can adjust the youtube video speed dude.

That's my standard advice ;)