Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Private Key by 256 coin flips
by
MrFreeDragon
on 23/10/2019, 19:37:25 UTC
Quote from: bitmover on October 23, 2019, 06:49:35 PM
Quote from: MrFreeDragon on October 23, 2019, 06:15:49 PM
Can you explain the algorithm and the process of private key generation by a hardware wallet (ley's say by Ledger)?
Ledger nano does not generate private keys, but a BIP 39 24 word mnemonic seed. Different from what you are doing, because generating private keys directly (however, this allows you to create just one address)
-snip-
Quote
Here’s how a BIP 39 24-word mnemonic seed is generated:
The device generates a sequence of 256 random bits using the true random number generator (TRNG) built into the device’s Secure Element.
The first 8 bits of the SHA-256 hash of the initial 256 bits is appended to the end, giving us 264 bits.
All 264 bits are split into 24 groups of 11 bits.
Each group of 11 bits is interpreted as a number in the range 0 - 2047, which serves as an index to the BIP 39 wordlist, giving us 24 words.
https://ledger.readthedocs.io/en/latest/background/master_seed.html

Actually the same random number: 256bit number - they still generate a 256bit number (like 256 coin flips in my case). They just use this number in a different way: they append 8 first bits (actually repeat them) to receive 264bits in order to present it by 24 words. So, first of all they generate 256bit number, and later present this number by 24 words from 2,048 determined words list.

Hence, the common thing in "coin flip" and "hardware wallet" is a 256bit number generation. My visual tool makes it visually flipping a coin 256 times with 50%/50% chances for every bit, and I evaluated these 256 bits as absolutely random. Howeve you argued this and said that:
Quote from: bitmover on October 23, 2019, 05:04:11 PM
-snip-
I still think the most secure way of generating a private key is through a hardware wallet.
-snip-

Probably we compare the different things: randomness and security. If you mean the most secure way, i also beleive that the hardware wallet could be better (at least the user does not know the key and does not have some parts of it in memory). For security we should consider more things, not only randomness.

But I was talking about randomness saying that the coin flip method is absolutely random. If you still beleive that hardware wallet generates "more random" number rather than a physical coin flip, can you please describe why? In other words, why the AIS-31 compliant true random number generator (TRNG) generates a more random 256bit number rather than physical coin fliped 256 times?