Hi guys,
I've just purchased a Ledger and a Coinkite. The beauty of Coinkite hardware wallet is that you never have to connect it online. However, I am thinking: how can I be sure that the BIP39 seed they generate for me is actually randomly generated and not pre-programmed into the device? For example could Coinkite or Ledger could pre-program 1000's of seeds into the devices so that they know there is a high probability that I end up using one of these seeds?
For the ColdCard not only is the software open source so is the hardware:
Firmware:
https://github.com/Coldcard/firmwareBuild your own hardware:
https://blog.coinkite.com/coldcard-hardware-shared/So, yeah you can trust them.
-Dave
Well, if I am not wrong.. Blockchain.info also used Open source code to randomly generate Bitcoin addresses, but at one stage people figured out
that it was not that random at all. Here is a article to show you what happened when the random generator was flawed and not that random at
all
https://www.coindesk.com/blockchain-info-issues-refunds-to-bitcoin-theft-victims Important note : Blockchain.info patched the bug, so this
is not a problem anymore.