Stop trying to use dice-rolled seeds unless you're an expert ❌
Just had yet another person (hard to count the total now) reach out about a low-entropy seed they generated and were allowed to import into a certain hardware wallet. A lot of the blame for these lost funds falls on influencers who shill users on overly-complex security setups without properly explaining the massive risks and tradeoffs associated for the average user.
What happened:
Less than 10min after funds were sent to what they thought was secure storage, they were swept to an attackers address.
They used <10 dice rolls, meaning the private key had <25bits of entropy when the minimum for strong security is 50 dice rolls (128 bits of entropy). Wallets should not allow a user to import a seed that they know is completely insecure.
Staying safe:
As I have said many times, if you don't know the ins and outs of dice rolls, entropy, verification of the resulting seed offline, etc. please do not use dice rolls alone for seed generation. 99.99999% of users are better off allowing good, multi-source, open-source random number generation like we do on Passport.
To date I have heard of zero compromised seeds that were generated using on-board RNG due to entropy issues, while there are countless examples of users losing funds due to improper dice rolls.
Stay safe out there, folks.
Seth For Privacy
npub1tr…w2y5g
2024-02-15 15:20:13
Author Public Key
npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5gPublished at
2024-02-15 15:20:13Event JSON
{
"id": "fb33b8c2643f4803fada1faf4b58a9594c865931d94b714c35de6ae2b671c94f",
"pubkey": "58ead82fa15b550094f7f5fe4804e0fe75b779dbef2e9b20511eccd69e6d08f9",
"created_at": 1708010413,
"kind": 1,
"tags": [],
"content": "Stop trying to use dice-rolled seeds unless you're an expert ❌\n\nJust had yet another person (hard to count the total now) reach out about a low-entropy seed they generated and were allowed to import into a certain hardware wallet. A lot of the blame for these lost funds falls on influencers who shill users on overly-complex security setups without properly explaining the massive risks and tradeoffs associated for the average user.\n\nWhat happened:\n\nLess than 10min after funds were sent to what they thought was secure storage, they were swept to an attackers address.\n\nThey used \u003c10 dice rolls, meaning the private key had \u003c25bits of entropy when the minimum for strong security is 50 dice rolls (128 bits of entropy). Wallets should not allow a user to import a seed that they know is completely insecure.\n\nStaying safe:\n\nAs I have said many times, if you don't know the ins and outs of dice rolls, entropy, verification of the resulting seed offline, etc. please do not use dice rolls alone for seed generation. 99.99999% of users are better off allowing good, multi-source, open-source random number generation like we do on Passport.\n\nTo date I have heard of zero compromised seeds that were generated using on-board RNG due to entropy issues, while there are countless examples of users losing funds due to improper dice rolls.\n\nStay safe out there, folks.",
"sig": "bd1836ee727338ab95f59e4b0ce987b0a112eeaf4e1eeffbb1967fa00e9b2b4ba5f84b82bc8a8beb96d08acacfb02062c72a428effc58d3053397ea38f2a2aaa"
}