What type of bug can there be?

This is not because something is simple that it is weak

in anyway, browser based mnemonic generators, create seed phrase. I can't see why some seed phrases are less secure than other.

For example,I could write the 2048 words each one on piece of paper. Put all in a bag, then I pick 23 times a piece of paper by placing back the paper inside the bag each time. Between each picking, I shake the bag several minutes.
I do the same to get the 24th word by taking into account the checksum

By the way is there a way to measure the randomness with which a seed phrase was generated ?

So in accordance to what you are saying some seed phrases are easier to guess than others.

In the Ian Coleman Mnemonic, you can check entropy details.

Time To Crack
centuries
Event Count
63
Entropy Type
hexadecimal
Avg Bits Per Event
4.00
Raw Entropy Words
21
Total Bits
252
Filtered Entropy
1fd2f279505c87ecf83b09042c0a032021abfdf566eb2ea38a09a90123ed4bc
Raw Binary
00011111110 10010111100 10011110010 10100000101 11001000011 11110110011 11100000111 01100001001 00000100001 01100000010 10000000110 01000000010 00011010101 11111110111 11010101100 11011101011 00101110101 00011100010 10000010011 01010010000 00010010001 11110110101 0010111100


Are you saying that :
1) this is not big enough entropy?
2) this is enough entropy but with JS, thiere can be bugs?
3) other things?

I don't see why the number generated would be more likely to be cracked when the seed phrase has the same chance of being guessed.

Also when you use your seed phrase in the ian Coleman JS interface, the interface generate always the same addresses with the related private keys in the same order because this is deterministic. This is doing the same job as any other interface using the same protocol with the same seed phrase.
If I put the seed phrase in any other wallet, it will generate the exact same addresses in the same order with the same private keys. So on this side there is no difference between JS and the other software.

If there are a total of 2²⁵⁶ combination. one combination of 24 words has the same chance of being picked than another combination of 24 words. This probability is 1 out of 2²⁵⁶ whether how it was generated if each word was picked randomly.

It encodes this number generated into a seed phrase. whether it is done via JS or bitcoin Core, the resulting seed phrase has an equal chance to be guessed by someone trying every combination of words.
The entropy doesn't change the chance of guessing one seed phrase compare to another.

Are there 24 words combination from words listed in BIP 39 protocol easier to guess than other? If you pick at random those 24 words, you have the same probability to get each of those combination.   

As there are 2048 words, total number of combination is 2048x2047x2046x...x2025x2024. So when you pick one combination, you have one chance out of 2048x2047x2046x...x2025x2024 to get one specific combination independently from how it was generated

Let's dive into JS generating seed phrase.

First, I could myself generate a seed phrase without anything. I just pick 24 words from the list given in the BIP 39 protocol.
So if Ian colman give me a list of 24 words randomly in the same list what can be wrong? It is just picking word at random.

The risk maybe is the code being change to give me a list of 24 word already known by somebody. But this is hacking not JS related.

I would rather download Ian Coleman mnemonic on github https://github.com/iancoleman/bip39

I use tail OS with no internet connection to generate my address.

Ian Coleman mnemonic is applying the same protocol to generate 24 words phrases and the resulting addresses as any other code. So what is the issue?

Also what would you recommend to generate BTC private Keys for cold storage? I don't trust hardware wallet.

About Electrum : Do you know if I can use it in tail OS and if it can be used like Ian Coleman to generate keys and mnemonic phrase only.

thanks

Hello,

I would like to know if Ian Coleman mnemonic is still updated and safe to generate BTC address and key.

Also, are there alternative to this browser based solution?

My main goal is to generate BTC address on my own with javascript on a browser only without being connected tto the internet?

Thanks for your help

My seeds are encrypted with AES (https://www.aescrypt.com) and private keys are BIP38 encrypted. Even if someone breaks in google drive, he will not be able to get private key because of that.

Moreover, I will not keep my keys in one drive because of hard drive failure, fire, flood, robberies.... I have to keep one copy off site.

Yes I agree, but my private key are BIP 38 encrypted or my seeds are on txt file and AES encrypted on google drive

[quote ]
That's another risk: malware could patiently wait until your computer goes online again. Using a LIVE Linux DVD that runs only from memory (obviously offline) is much safer.
[/quote]

That's what I am fearful of. I have only one computer. If I buy new computer, it will always need to be connected to internet for OS update. Any ideas?

@mocacinno

thanks, I read your post and thank you for spending time to write this.

I am very careful about my funds.

I use bitadress.org offline or Ian coleman wallet offline. I don't use software wallet.
I use coinb.in offline to generate and send transaction.

I store my encrypted seed and encrypted private key (BIP38) on paper, on a drive and on google drive (3 copies)

I always put flight mode on my computer and use private browsing on firefox before using bitaddress.org or ian coleman wallet or coinb.in.

And I always close firefox, delete unemcrypted files, empty the trash before removing plane mode on computer.

So this is interesting.

is it better to spread BTC on several addresses than leaving on one?

and

is it better to spread BTC on several seeds than on several addresses of the same seed?

thanks

Hello,

I have already had this discussion however I still have trouble understanding how can't someone with good computer can't get a private key of a BTC address with BTC on it and just withdraw the BTC.

Even if I have BTC on cold storage, what if someone get my private key by accident just by generating a new address on its own wallet.

this only a question of probabilities. Can you prove this will never happen?


thanks

I have heard that bitaddress.org generated address was crackable but not anymore now.

Thanks for your reply.

I will try to use those addresses from now

I am also wondering if ian coleman Mnemonic Code Converter is the best tool as a browser based way to generate offline word seeds and all private, public keys and address?

is it really 100% secure in terms of randomness of the word seeds?

I also have some BTC on paper wallet generated on bitaddress.org (offline). is it at risk?

thanks

Hello,

I have used for 1 year the ian coleman Mnemonic Code Converter (https://iancoleman.io/bip39/) to manage my BTC

However I would like to generate  Bech32 address for efficiency with my wallet (thanks to words mnemonic).

Is there a way to do so with ian coleman Mnemonic Code Converter or other ?

Is it safe to keep BTC on P2PKH address?

thanks

This is not what I meant.

Checking transaction, is a way of submitting the transaction hash (base 64 or something like that) before broadcasting it.

Then, the tool can say that the hash is valid or not, It can retrieve the transaction information (amount sent, receiving/submitting addresses, fees...) and also say if it has been signed (using the private key of the sender address)

This is what I meant by checking transaction. this is not looking at blockchain explorer what I meant.

If somebody has one reliable tool to submit and check transactions before broadcast, it would be fine.

I meant that the broadcasting is always done online yes.

But signing transaction with private key and checking transaction is done offline with no problem.

I have an hard time finding tool to sign and check transaction offline with private key.

Hello,

As for now, I have found a way to generate offline my monero wallet here : https://moneroaddress.org/

However, I haven't found a way to build transaction offline (sign, check, broadcast).

has anyone any idea?

tahnks

Hello,

I am looking for the equivalent of coinb.in that is for btc BUT i need  this for monero.

coinb.in is browser based tool that allows to sign(offline), verify(offline) and broadcast (online) btc transaction.

I just want to do the same with monero. Hasn't it been invented yet?

thanks.