If the result provided by RNGCryptoServiceProvider were weak or flawed then hash of that result is no different than the original entropy and it too would be weak.
In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc.
100k hashes will slow down brute-force by 100k times, even if the entropy was weak.In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc.
But you may be right, I will remove the multi hash and add custom entropy. Thank.
It is better to hide private keys, they cannot be entered from the keyboard
or by copying, it is not safe.The seed phrase generates an encrypted wallet with a password.
User entropy is also needed, one RNG is not reliable.
Yes, I'll think about it.