The fact that we don't have a good method makes it a problem.
Well that's that I thought too but maybe we were wrong.Quote
The only implementation of cards to seed phrase I am aware of is Ian Coleman's, which as we have already discussed here is not great.
Check out Aaron Toponce's implementation called Deckware.https://pthree.org/2021/02/18/introducing-deckware-a-224-bit-entropy-extractor/
Plus he put it on github and it's as easy as downloading a single html file.
https://github.com/atoponce/deckware
Props to that dude for his hard work.
Quote
I am not aware of any other implementation, and I'm certainly not going to propose one. They obviously can't be used "as is" since a seed phrase or a private key needs to be presented in bits, and a string of cards is not in bits nor directly convertible to bits without applying some kind of transformation.
The key to extracting entropy for card decks is the ability to form a bijective map from the set of permutations of the symmetric group on n objects to the set of integers from 1 to n!. It's very simple in fact. Just maybe not easy to come up with on your own but once you see how it works, it makes sense. I think Aaron has a pretty good tool there, wouldn't hesitate to use it but first I would need to duplicate his results for some trial runs to make sure it works as expected. But it couldn't be made any simpler than his drag and drop idiot proof interface
Quote
This gets us back to the original discussion regarding converting a string of dice rolls in to a string of bits, which as I argued before, should not just be a case of applying a hash function and assuming you now have a cryptographically secure random number and you are perfectly safe.
So again, I would say that if you don't trust /dev/urandom for some reason, then stick to flipping a coin to produce a string of bits directly. Anything else is more complicated, more time consuming, and potentially less secure.
So again, I would say that if you don't trust /dev/urandom for some reason, then stick to flipping a coin to produce a string of bits directly. Anything else is more complicated, more time consuming, and potentially less secure.
Well yes, nothing is more simple than flipping a coin and getting your 256 bits that way. But it's nice to know that someone actually put in the hard work to extract the entropy from a deck of cards. Now I can just use their tool rather than trying to invent my own. With all of that said, I'm sure you'll have hesitations about this card deck entropy extracting method but it's better than anything else I've seen for card decks. Plus he bumped up the entropy level to 237 bits if you notice. since he includes the 2 jokers. problem is if you don't have the 2 jokers, you need to find some since his tool won't work without them.