Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Merits 1 from 1 user
Re: Are dices for generating seed words fair?
by
larry_vw_1955
on 22/10/2022, 04:12:15 UTC
⭐ Merited by vapourminer (1)
Quote from: o_e_l_e_o on October 21, 2022, 08:23:49 AM
Quote from: larry_vw_1955 on October 21, 2022, 12:18:53 AM
but no dice are being rolled
You are shaking the dice around (whether in your hand or in a bag) and then bouncing them off a surface (either a table or the other dice in the bag) to come to rest in a particular orientation. Any bias in the dice is still relevant.
i wouldn't be bouncing them off any surface. they are taken one by one out of the bag and placed carefully onto a surface not bounced.

Quote
Quote from: larry_vw_1955 on October 21, 2022, 12:18:53 AM
just my opinion.
This is exactly what I'm arguing against. There is an awful lot of complete conjecture in this thread, this is what I think, this is my opinion, and so on. This is not good cryptography. The security of your private keys should be based on tried and tested methods, which are provably unbiased and are provably secure. It should not be based on guesswork and people saying "Well, I think this is probably safe enough".

i understand that and i appreciate that.

Quote from: BlackHatCoiner
It's not a matter of human hand bias (even though you do pick non-randomly from the bag). It's a matter of dice bias. As I said, if there's 50% chance to give 6, then it'll mostly give sixes, whether you use a bag in which you scramble them a hundred times, or not.
I'm not sure about that.

Quote
I don't know what's cakewallet, if it's open-source, if it's peer reviewed, if it's a Bitcoin wallet etc. Would you mind sharing a link that describes the CSPRNG failure in that software? As far as open-source, reputable Bitcoin wallet software are concerned, such as Electrum, there has never been such case.

https://cakewallet.com/

they claim to be open source on the website. but they dont seem to go out of their way to publish the github link for people to check it out but here it is: https://github.com/cake-tech/cake_wallet

https://github.com/cake-tech/cake_wallet/blob/main/cw_bitcoin/lib/bitcoin_mnemonic.dart is where i think they had the issue that generated insecure seeds

here's how it used to be:
https://github.com/cake-tech/cake_wallet/blob/b67bb0664f7268c31c24bd9fb9cbd438c691f5e3/lib/bitcoin/bitcoin_mnemonic.dart#L11-L22

explanation:
https://np.reddit.com/r/Monero/comments/n9yypd/urgent_action_needed_for_bitcoin_wallets_cake/gxqyscl/