These Bitcoin Hardware Wallet Private Keys Are NOT Safe!

  Рет қаралды 22,183

Rhett Reisman - Level Up Your Brain

Rhett Reisman - Level Up Your Brain

Күн бұрын

Пікірлер
@arielrglaze
@arielrglaze Жыл бұрын
Ok. So I just discovered that I’m not as smart as I thought I was.
@RhettReisman
@RhettReisman Жыл бұрын
U r smart king 👑
@nosuchthing8
@nosuchthing8 5 күн бұрын
I was always blessed that way!!!!😂
@frodev728
@frodev728 7 сағат бұрын
that already makes you smarter than you were.
@narwhaltacos2197
@narwhaltacos2197 Жыл бұрын
This video was really straightforward and helpful. Thank you so much!
@RhettReisman
@RhettReisman Жыл бұрын
Glad to help :)
@sateshmahadeo4366
@sateshmahadeo4366 Жыл бұрын
Not all random numbers that come out of a computer are generated by an algorithm. What you spoke about is PRNG (Pseudo Random Number Generator). There is also TRNG (True Random Number Generator) that uses some miniaturized natural phenomenon to generate non-deterministic random numbers and feed them into the computer. For example, a very low-power light beam can be shot into a crystal and the quantum randomness of a low-power light source can cause photons to exit the crystal in unpredictable directions. This can create true random numbers. Ledger claims to have an onboard TRNG, but of course, take Ledger's claims with a cup of salt. I generated my own 256-bit random number. I am an astrophotographer and I took a deep-space image of a galaxy and sampled a row of 256 pixels across the galaxy's core. I passed the data through a simple function on an air-gapped computer to generate a 256-bit binary number that then generated my seed phrases. There's enough quantum randomness in camera pixel readings to create true random numbers. Creating your own random 256-bit binary is the undisputed safest way to generate seed phrases.
@RhettReisman
@RhettReisman Жыл бұрын
This is great info, thanks for sharing! That sounds like a very solid way to generate truly random numbers.
@martinlutherkingjr.5582
@martinlutherkingjr.5582 3 ай бұрын
Hope you destroyed that camera after that and the memory card it wrote the image to. And hope it doesn’t have wireless connectivity.
@VAVA38731
@VAVA38731 11 күн бұрын
Thats the most beautiful thing i ever read
@crush_override
@crush_override 5 күн бұрын
So you think someone will try to get his random photo out of his total number of photos that he has and run through his random seed generator to got his seed phrase. That someone should just go play Powerball​@@martinlutherkingjr.5582
@rufuspipemos
@rufuspipemos 8 ай бұрын
Thanks to Sam Bankman-Fried for making a guest appearance at 0:45.
@RhettReisman
@RhettReisman 8 ай бұрын
lmfao Sam the stock footage god
@marty590
@marty590 Жыл бұрын
Great video, Rhett! I have worked with random generators in my own code and know that the identical seed will generate the same number from experience. I could not figure out how 2 Trezors with identical software could generate different random numbers. No one else has explained this to me as clearly as you. Thanks.
@RhettReisman
@RhettReisman Жыл бұрын
Glad to help :) Yeah random functions are pretty interesting. Really the danger comes when you try to roll your own seed, most of these devices out of the box work fine.
@MrFooChops
@MrFooChops Жыл бұрын
​@@RhettReisman And what dangers are they, just the one you listed in this video regarding not rolling the dice enough time, right?
@RhettReisman
@RhettReisman Жыл бұрын
Yeah really just not rolling enough and ending up with a low entropy seed
@JanPBtest
@JanPBtest Жыл бұрын
0:46 There is, just use the heat noise in the electronics. But I don't know which hardware wallets use this method (if any).
@RhettReisman
@RhettReisman Жыл бұрын
That’s an interesting method. I haven’t heard of any that do, but it sounds like it would probably work. I guess it still comes down to is the algorithm that takes that noise and turns it into a number truly random or just pseudo random
@ahmayya24
@ahmayya24 Жыл бұрын
I have two questions?? If my crypto from Bitcoin is transfer to Trezor T model hardware wallet. All my crypto ( digital assets) will only stay safely in Trezor T. Is that correct? Let says, All my crypto from Coinbase that I have transferred to Trezor T model wallet can not be transfer back to Coinbase whenever I wanted to buy, trade or sell. Is that correct? Which hardware wallet is the safest, secure and does not ware out easily which can last for 10 years or more ? Which hardware wallet is safer, compatible and have the ability to trade, buy and sell even after all crypto from Coinbase has been transferred to hardware wallet? Please advice ❤ Thank you very much
@RhettReisman
@RhettReisman Жыл бұрын
1. Yes, when you transfer your cryptocurrencies (such as Bitcoin) to your Trezor Model T hardware wallet, they are stored securely on the device. However, remember that the actual coins are always on the blockchain, the wallet simply holds the private keys to access them. 2. No, that's not correct. You can transfer your cryptocurrencies back to Coinbase or any other exchange whenever you want. The Trezor wallet simply stores your digital assets - it doesn't lock them in. You are free to send your crypto back to Coinbase (or any other exchange) for trading, buying, or selling. 3. The security of a hardware wallet largely depends on its design and the practices of the user. Both Trezor and Ledger are popular choices and have proven to be secure. However, they can only be as secure as the user allows them to be. This means that you should never share your recovery seed, always verify transaction details before confirming, and keep the device physically secure. Regarding durability and lifespan, it's difficult to say as these devices haven't been around for more than a decade yet, but they are designed to be durable. Remember, always keep your recovery seed in a safe place, as it's the only way to recover your funds if the device is lost, stolen, or damaged.
@ahmayya24
@ahmayya24 Жыл бұрын
@@RhettReisman this is very helpful information. Much appreciated for your response.
@gainknowledgeandinsight
@gainknowledgeandinsight 11 күн бұрын
Is stax safe? if you have a 25th word, then that should make it more secure from sweeper attacks? Thanks.
@Tommy-h8v4h
@Tommy-h8v4h 3 күн бұрын
True;-)
@RhettReisman
@RhettReisman 2 күн бұрын
Yeah stax is safe. If you have a 25th word you should always be protected from the risks in this video
@jonthomas1438
@jonthomas1438 Жыл бұрын
As always thanks, I don't do any of this stuff, but I still enjoy your content, you deserve to have a bigger platform.
@RhettReisman
@RhettReisman Жыл бұрын
Thanks man 🙏 I appreciate all the support, keeps me going haha
@AskDadWhy
@AskDadWhy Жыл бұрын
I read the Ledger article, and isn't 2^256 random enough? Dopey me, but there's more possible private keys than than there are atoms on earth. Anyway, an interesting look at options. Nice work with the lighting /production improvements, btw. Looking better than ev.
@RhettReisman
@RhettReisman Жыл бұрын
Thanks 🙏 got a new camera, might switch to it permanently (still might use the old camera and lightning for back to monitor videos - needs an upgrade for sure) I think ledger’s process is probably fine (and I’m still using ledger) unless we start to see mass ledger hacks - maybe I wasn’t clear enough about that a bunch of people have asked.
@samthorpe8446
@samthorpe8446 Жыл бұрын
Just thinking about Andreas' video about all the sand in all the galaxies haha. Thanks for the video, I've picked up a lot from you recently :)
@RhettReisman
@RhettReisman Жыл бұрын
Exactly, Andreas is the goat Glad to help!
@samthorpe8446
@samthorpe8446 Жыл бұрын
​@@RhettReisman Similar to your 1-1000 example, there's a finite (although huge) number of btc addresses. Is anything more than 100 dice roles unnecessary, given you've already provided sufficient entropy to cover all 2^256 addresses?
@RhettReisman
@RhettReisman Жыл бұрын
Yeah 100 dice (n) is the crossover point where 6^n > 2^256. If you had a 16 sided die or something you could get away with 64 dice (etc)
@robsimmons10
@robsimmons10 Күн бұрын
When using the diceroll method, wouldn't it make better sense to use 10-sided dice (0-9 vs 1-6) ?
@RhettReisman
@RhettReisman Күн бұрын
You could use less dice if it was 10 sided just make sure you're getting enough entropy
@Afiore108
@Afiore108 Жыл бұрын
So for us lesser mortals, ledgers basic set up where it generates a random seed is not secure and someone could guess the seed?
@RhettReisman
@RhettReisman Жыл бұрын
Ledger’s process for generating seeds is in the description. You can’t add entropy to a ledger, so unless ledgers start getting mass hacked I think everyone will be fine - I use a ledger in my multisig. Entropy becomes a problem when you try to roll your own seed and don’t make the number random enough.
@summerbreeze5115
@summerbreeze5115 Жыл бұрын
​@@RhettReisman what about Trezor?
@RhettReisman
@RhettReisman Жыл бұрын
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
@kryton7687
@kryton7687 Күн бұрын
​@@RhettReisman great information, thanks. I am not coder howewer, so I cant tell from the code if trezor (or Ledger) is dependent on external source of randomness. If I use air gapped PC to initialize my hw wallet, wont there be a problem with missing such external sources due to lack of internet connection ?
@CarAudioInc
@CarAudioInc Жыл бұрын
interesting stuff, I never even though about how wallets generated your seed, thanks for the vid
@RhettReisman
@RhettReisman Жыл бұрын
Yeah it’s pretty interesting. I wasn’t really clued into the topic until I stumbled on that Twitter thread. Good to know I think, but most people will hopefully never need to know haha. Will be good if this saves one or two people from a low entropy seed
@Firemedic2105
@Firemedic2105 17 сағат бұрын
So if we just let the CC generate is that safe enough? What about using the ledger seed phrase in a CC and a CC phrase in a ledger... is there differences in the products that would make that useful? Or is multisIg the only way to be completely safe?
@RhettReisman
@RhettReisman 14 сағат бұрын
Yes - that's what you should do. Lots of people get a coldcard thinking they should be rolling dice etc and that's how they get burned. To be completely safe from this risk you could add a passphrase or use multisig
@jjones7837
@jjones7837 10 ай бұрын
That was a level up for sure. Thanks bro.
@RhettReisman
@RhettReisman 10 ай бұрын
Lfg 🧠🧠🧠
@martinlutherkingjr.5582
@martinlutherkingjr.5582 3 ай бұрын
For Ledger you can still roll dice and use bitbox’s lookup table. Your Ledger would automatically calculate the last word - the checksum word.
@RhettReisman
@RhettReisman 3 ай бұрын
Yeah you just need to make sure you’re rolling enough dice. Less than 100 is a recipe for disaster
@martinlutherkingjr.5582
@martinlutherkingjr.5582 3 ай бұрын
@@RhettReisman The bitbox lookup table has you roll 5 4-sided dice and flip a coin for each word. So a 24 word seed would have 115 dice rolls (4 sided dice) + 23 coin flips.
@Hawaii_NoKaOi
@Hawaii_NoKaOi 10 ай бұрын
Great video! Thanks!
@RhettReisman
@RhettReisman 10 ай бұрын
Happy to help :)
@StSmallhouse
@StSmallhouse Жыл бұрын
Thanks, Rhett, this video really helps me to find/do a safe setup for my wallet(s).
@RhettReisman
@RhettReisman Жыл бұрын
Happy to help :)
@opsalbal
@opsalbal Жыл бұрын
This is super informative, thanks for sharing!
@RhettReisman
@RhettReisman Жыл бұрын
Glad to help :)
@sylvianederlander2317
@sylvianederlander2317 Жыл бұрын
Am I correct here? No problem with the entropy in the coldcard’s selection of 12 or 24 word seed phrase but IF you add predictable low entropy like ‘1234’ as a dice roll, you open the door to someone guessing the private key?
@RhettReisman
@RhettReisman Жыл бұрын
Exactly 💯
@tri-che-chus
@tri-che-chus 7 ай бұрын
Hi Rhett. I have seen this video a couple of times. It is a fantastic issue and key to safety for the seeds and wallets. Is there any number where it begins to be absurd about the dice rolls? I get that 100 is essential, but how about the maximum? When does it not make any sense anymore because the math in the hardware wallet software can process so many digits? For example, 250 dice. And finally, how will it look like a dice roll-generated seed (at least 100 to 250 dice) with a passphrase added? Does this make sense to you? Thank you so much! Amazing content! 💪
@tri-che-chus
@tri-che-chus 7 ай бұрын
PD: Finding the holy grail of security may not be so important now. Still, it will surely be vital in 10 years with quantum computers, the exponential generation and use of seeds, and the - hopefully - rising price of bitcoin. Best!
@RhettReisman
@RhettReisman 7 ай бұрын
Happy to help! Yeah this is an interesting topic. Anything over 100 is wasted entropy (ie. Rolling 2000 dice is the same as rolling 100) You could optionally add a passphrase on top of your seed for more security (but it’s a trade off as you’re adding more complexity).
@tri-che-chus
@tri-che-chus 7 ай бұрын
@@RhettReisman Understood! Thank you so much! 🙏🏻
@marty590
@marty590 Жыл бұрын
So if you generate entropy by entering dice the cold card does not also incorporate the "external entropy function" used in the standard seed generation?
@RhettReisman
@RhettReisman Жыл бұрын
That’s right. And if you only roll 5 dice, for example, your seed phrase will be very easy to recreate.
@Leeds1919LUFC
@Leeds1919LUFC Жыл бұрын
so are you saying, if I setup a cold card using their default "generate me a seed phrase" I'm basically trusting them to "roll the dice 100 times" whereas, if I didn't want to trust them, I could roll the dice 100 times and generate my own seed phrase that I know is TRULY (or as close as humanly possible) random?
@RhettReisman
@RhettReisman Жыл бұрын
Exactly. And if you roll the dice yourself only 10 times you’re going to lose your Bitcoin.
@ToroPRInvierte
@ToroPRInvierte 19 күн бұрын
Can you roll dice with trezor?
@RhettReisman
@RhettReisman 2 күн бұрын
You can roll dice and put that seed in any hardware wallet
@阿香-v7w
@阿香-v7w Жыл бұрын
What equipment should I use to generate my own mnemonic phrase What is the equipment in the 5:39 video Can it solve my need to generate mnemonic phrases by myself?
@RhettReisman
@RhettReisman Жыл бұрын
Grab 100 dice and a COLDCARD hardware wallet from Coinkite, link in the description
@SorawisitT
@SorawisitT 10 ай бұрын
Hi, what do you mean by “the entropy on the SD card?” Can you elaborate? Thanks.
@RhettReisman
@RhettReisman 10 ай бұрын
If I’m getting the timestamp/context right I think it was the idea that you can seed the random function in coldcard using a jpeg picture file (screenshot of your desktop etc) and that has embedded entropy / randomness because your desktop looks different than any other desktop
@SorawisitT
@SorawisitT 10 ай бұрын
@@RhettReisman I see, thanks. I thought the Coldcard can only generate seed based on their on-board TRNG and manual dice rolls.
@Hasan-jf7by
@Hasan-jf7by 10 ай бұрын
Hello. Do you happen to know which hardware wallet let us view private keys of each coin? I know, it is seen as "vulnerability" but I want to have full control over my keys. Do you know which brand can do it?
@RhettReisman
@RhettReisman 10 ай бұрын
You can get a private key from a ledger, trezor coldcard or many other options
@Hasan-jf7by
@Hasan-jf7by 10 ай бұрын
@@RhettReisman I am afraid it is not possible. They don't show real private keys for each crypto. They show only 12/24 word seed.
@CountryHouseIncubators
@CountryHouseIncubators Жыл бұрын
Why do we not allow the randomness to be inputted by the user like the file sharing apps once did. You move the mouse and that's your randomness
@RhettReisman
@RhettReisman Жыл бұрын
That would be a good solution if it forced you to include enough bits of entropy.
@CountryHouseIncubators
@CountryHouseIncubators Жыл бұрын
@@RhettReisman definitely a wake up call. I created an online wallet but now it looks like I'm getting one of these guys first
@RhettReisman
@RhettReisman Жыл бұрын
Hardware wallet is definitely the move 🔥
@CountryHouseIncubators
@CountryHouseIncubators Жыл бұрын
Help me understand something. So the seed words provide for all the private keys you will use but can 2 different seed word combinations overlap and potentially generate the same private key?
@RhettReisman
@RhettReisman Жыл бұрын
Sorry KZbin didn’t give me notification of your last comment. His might help you understand how seed phrases work: privacypros.io/wallets/mnemonic-phrase
@Fudmottin
@Fudmottin 5 күн бұрын
I know this video is a year old. But I'm hoping you might be able to evaluate an idea. What if you go to some interesting location such as a forrest and took a photo. You now have a digital file. Then you pick an easy to remember number. Using that file, you apply the SHA-256 hash algorithm to that file. Then you hash each hash for your favorite number of times. That gives you 256 bits of entropy. To reproduce it, you need that exact file and knowledge of the number. Use different photos or different numbers to generate keys for a multi-sig setup. This assumes you can enter your key directly into the cold wallet you have chosen.
@RhettReisman
@RhettReisman 2 күн бұрын
Yeah you could do this. The biggest issue would be making sure that no one else could ever access the photo (make sure that you're taking the photo on a device that has never been connected to the internet etc) At that point it would be cheaper and faster to just buy some hardware wallets and forget about it.
@hinesward4944
@hinesward4944 Жыл бұрын
Informative vid, thanks
@RhettReisman
@RhettReisman Жыл бұрын
Glad to help :)
@FinancialCharles
@FinancialCharles Жыл бұрын
so do you advise against doing the regular 12 word entropy no dice? is it really going to be that much of a risk?
@RhettReisman
@RhettReisman Жыл бұрын
12 words and 24 words actually have the same amount of entropy. If you're using a hardware wallet and you use their random generation function, you should be fine. If you're using a hardware wallet and elect to roll you own seed, you NEED to roll 100 dice. Any less loses security. I plan to live stream in the future to show how fast a low entropy seed will get hacked (sub 10 dice I imagine will get hacked very fast)
@MatthewJ-zd6fe
@MatthewJ-zd6fe 4 күн бұрын
So coldcard, using their random generator = fine ? I'm 80iq regard. Want to make sure I'm good
@jasonf4626
@jasonf4626 Жыл бұрын
How man. QQ - who/what do you prefer as your multi - sig vendor? I saw ur old videos but curious if you’re doing case / un or if you’re just managing yourself at this point…
@RhettReisman
@RhettReisman Жыл бұрын
In the process of moving out of Casa platinum to Casa gold + managed myself. I like the idea of collaborative custody, but I’m a little hesitant about 2 of 3 setups My setup is very likely to change in the next year or so. With Casa coming out with new offerings, I’m sure Unchained will as well.
@peacew6
@peacew6 Жыл бұрын
You seem to use "seed" and "entropy" interchangeably. What is exactly their relationship? Thank you for your video.
@RhettReisman
@RhettReisman Жыл бұрын
Good clarification thanks for asking The entropy is used to generate the bitcoin seed phrase. If I have a function that generates a random number given a seed (not the bitcoin seed but a fixed value to give the random function direction) it will always generate the same number given the same seed Random(5) = 12345 5 is the entropy (also called a “seed” in random functions which might be where the confusion is) that generates the bitcoin seed 12345 The problem is that 5 is a really easy number to guess, so if you have an easy to guess entropy you can recreate the bitcoin seed phrase. You would want something like this instead Random(3648362864387394749338399….[until you reach enough entropy]) = ??? Some very random bitcoin seed phrase Hope that made sense
@peacew6
@peacew6 Жыл бұрын
@@RhettReisman So in the context of a random function, "seed"="entropy". Got it. Thank you so much. I appreciate it
@sergiosergio12345678
@sergiosergio12345678 Жыл бұрын
For 100 dice rolls you have 6**100 which is 6.5x10**77 which is very secure, however maximun entrophy is achive with a few more dice rolls since if using a 24 word seed you have 2048**24 which is 2.9x10**79 posible seeds. Idealy you want the entrofy higher than the number of possible seeds, that means the number of dice rolls should be 103 or higher for optimal security using 24 word seeds, however 100 dice rolls is so close to max security it is fine.
@RhettReisman
@RhettReisman Жыл бұрын
There’s only 2**256 bits of entropy in a Bitcoin private key which is less than 6**100. 24 word seed phrases don’t have any more entropy than a 12 word seed phrase. Good reminder that the BIP 39 mnemonic words are not private keys, they a representation of a private key.
@sergiosergio12345678
@sergiosergio12345678 Жыл бұрын
@@RhettReisman are you sure? Since if using a 24 word seed my understanding is that if 2 seeds are different so are the private keys, since for each word there are 2048 possibilities that would make a total of posible combinations of 2048**24 to exceed this number 6**x. x has to be greater than 103. 2048 is 2**11 11*24 is 264, I get 2**264, not sure how you got 2**256
@RhettReisman
@RhettReisman Жыл бұрын
@sergiosergio12345678 Private keys use sha256 (256 bits of entropy) en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm Andreas Antonopolous has a good video explanation that I’m having a hard time finding rn but I’ve linked it in a previous comment somewhere 🧐 The mnemonic phrases are not the private key, they are an abstraction of the private key. There are more 24 word mnemonics than there are private keys (some of the entropy is lost in conversion). 12 is enough to generate the full entropy which is why a lot of wallets suggest 12 words.
@sergiosergio12345678
@sergiosergio12345678 Жыл бұрын
@@RhettReisman You are correct something new I learned today thanks for the link, but that means there are less private keys than possible 24 word seeds, however when using 12 word seeds the number of possible seeds is lower than the total number of private keys, which makes 24 word seeds more secure, however 12 word seeds for all practical purposes are extremely secure. That is interesting because it means 2 different seeds could have same private key even though the probability of that happening is extremely small.
@RhettReisman
@RhettReisman Жыл бұрын
@sergiosergio12345678 That makes sense - I found the video with Andreas. kzbin.infoU0T49duRt74?feature=share @ 14:00 He’s saying that even though what we just said makes sense it’s actually only 128 bits of entropy that get used (not 256 that I originally suggested) which means that 12 words is sufficient and 24 is same security as 12. 2048^12 > 2^128
@devinlain8203
@devinlain8203 5 күн бұрын
Isn’t ledger and Trevor both open source? So we can see how they generate?
@RhettReisman
@RhettReisman 2 күн бұрын
Ledger is not open source
@nonshatter7
@nonshatter7 Жыл бұрын
This is deep, but like so many of your videos looks super informative. I basically get it but will have to watch this one again to fully understand it.
@RhettReisman
@RhettReisman Жыл бұрын
Let me know if it still doesn't make sense - this one is definitely a doozy
@nonshatter7
@nonshatter7 Жыл бұрын
​ I've just watched it again and it did make more sense this time round. I was at 50% understanding, now I'm 90% there. You explain things very well, especially for a tricky concept. I just need to relate it fully to how the coldcard performs each method - seed input and no seed input. I'm sure I'll get it fully when I have time for a 3rd watch. Please do make the video as you suggest showing how a poorly generated code could be swiped.
@ikust007
@ikust007 Жыл бұрын
Brillant. So … in resume : I can not count on the actual système of cold card (same kind of system like Ledger) for my seed phrase hence I need those dice??
@RhettReisman
@RhettReisman Жыл бұрын
If you choose the option to roll dice you need to roll 100 dice - if you roll a small number, your seed will be compromised. You can trust most out of the box options (the default coldcard option should provide enough entropy) and ledger should provide enough entropy (their methodology is in the description)
@ikust007
@ikust007 Жыл бұрын
@@RhettReisman love the idea of multisig . Will listen to your video .
@cramsa
@cramsa Жыл бұрын
Multiple Sigs are more complex to properly set up vs just rolling dice into a cold card and having a good pass phrase. Multi Sog sound more suited for a company or business.
@RhettReisman
@RhettReisman Жыл бұрын
Definitely a little more complicated. I think they’re also good for individuals with large net worth % exposure to btc also
@Emrico35
@Emrico35 6 ай бұрын
@@RhettReisman how we can make multisig? can you make a video about it?
@air-ren
@air-ren Жыл бұрын
wait...i can create my own seed phrase?...for my Ledger?
@RhettReisman
@RhettReisman Жыл бұрын
Not on a ledger, see the description for how ledger seed phrases are generated
@air-ren
@air-ren Жыл бұрын
@@RhettReisman understood thanks for the response!
@RhettReisman
@RhettReisman Жыл бұрын
No problem :) anytime!
@CAIOVSKY
@CAIOVSKY 11 ай бұрын
Just using a passphrase wouldn’t break an entropy attack?
@RhettReisman
@RhettReisman 11 ай бұрын
That’s a good way to protect but isn’t foolproof. Depends on strength of password and how much entropy is used
@PortalGeographia
@PortalGeographia Жыл бұрын
My account was rekeyed, and now?
@RhettReisman
@RhettReisman Жыл бұрын
What do you mean?
@stevenngn6081
@stevenngn6081 Жыл бұрын
my friend's CC got hacked because of this. He did not roll enough dices. I think later on, CC has updated firmware and automatically roll dices for you.
@RhettReisman
@RhettReisman Жыл бұрын
If you let them generate the seed it should have enough entropy. Good reason to use a multisig though.
@bummers
@bummers 4 күн бұрын
It's called pseudo random numbers, 'cos the so called random numbers is pulled from a super long of numbers, and the seed points to the starting point.
@RhettReisman
@RhettReisman 2 күн бұрын
That's so random
@HarryOsirian
@HarryOsirian 4 күн бұрын
Rhett, very interesting video. For us poor people, can I introduce a multi-step authentification using an authentication app, email with a code + the ledger?
@RhettReisman
@RhettReisman 2 күн бұрын
I'm sure you could do that but it seems overly complicated. You should either stick with a single ledger, optionally add a passphrase to solve the entropy problem, upgrade to a multisig, or just use the ETFs if self custody is too complicated.
@HarryOsirian
@HarryOsirian 2 күн бұрын
@@RhettReisman Got it, thanks for the reply. Very helpful
@mrprfct7069
@mrprfct7069 2 ай бұрын
If I let coldc choose my 24 word seed, is that ok?
@RhettReisman
@RhettReisman 2 ай бұрын
Yes! You should allow the hardware wallet to generate the seed phrase and it will use enough entropy. The issue comes up when you take matters into your own hands - you need to make sure you're rolling enough dice.
@mrprfct7069
@mrprfct7069 2 ай бұрын
@@RhettReismanthis is what I did and it May be overkill. I asked the cold wallet to issue 12 bip39 words. Wrote those down and then erased them. I used those 12 words as a Passphrase to a new wallet with 24 seed words. Overkill but it is what it is. Soon i will add multi sig using different hardware manufacturers. But I need to figure out how I will be storing these pass phrases and seeds since I don’t want them in the same house.
@rufuspipemos
@rufuspipemos 8 ай бұрын
This video is really phenomenal. In just a few minutes of watching it, I've decided that I will not be making my own seed phrase from dice. Ever. At some point we have to believe that the people behind Trevor and Coldcard and others are better at this than I am. I come from the financial world. This reminds me of those who think they can outperform the stock market, when all the facts and data say the best way is to buy a low cost index fund. At some point you have to make the most logical decision and not think we are the smartest people in the room.
@RhettReisman
@RhettReisman 6 ай бұрын
Happy to help. Yeah this is a pretty crazy concept. Dice can be really dangerous. Exactly - we're rarely the smartest people in the room especially on every topic.
@ikust007
@ikust007 Жыл бұрын
Another topic : can you tell us again what kind of bode you have ? Looking at Raspberry or Start9(but too $ for me now ). Cheers mate Question : why not an old lap top ?
@RhettReisman
@RhettReisman Жыл бұрын
Yeah those start9 ones are really expensive :/ i just use a raspberry pi with umbrel video here: kzbin.info/www/bejne/aImYlIaArtqBZqs
@ikust007
@ikust007 Жыл бұрын
@@RhettReisman excellent and thank you !
@ahmayya24
@ahmayya24 Жыл бұрын
Are there any Bitcoin miner and SHIB inu miner on apps? Please recommend the popular miner and how to mine crypto? Thank you very much
@RhettReisman
@RhettReisman Жыл бұрын
I don’t recommend mining for most people. More info on mining here: kzbin.info/aero/PL-p_L_HbK7jUhxmgAETTMnowG2Bi0GkI1
@VonchkynProduction
@VonchkynProduction 7 күн бұрын
the twitter thread is gone now 😢
@RhettReisman
@RhettReisman 2 күн бұрын
I am sick to my stomach fam 😭 I added a link to another article but it will never be the same
@kimgaugemusic
@kimgaugemusic Жыл бұрын
A cold-card will actually allow you to go beyond 100 dice rolls. I took mine to 111 rolls and then stopped.
@RhettReisman
@RhettReisman Жыл бұрын
Interesting, 100 should be enough. 111 is creating entropy that won’t be used
@crisper1614
@crisper1614 2 күн бұрын
Fun fact. There’s people who “hash” the 12 and 24 seed phrases on GPUs just like mining asic resistant coins.
@RhettReisman
@RhettReisman 2 күн бұрын
Interesting - i haven't heard about this
@ikust007
@ikust007 Жыл бұрын
Damn!! Finally understood multisig!!!!
@RhettReisman
@RhettReisman Жыл бұрын
WOOOT 🧠🧠🧠
@PeeedaPan
@PeeedaPan Жыл бұрын
Multisig is the way of the future. But also, adding a passphrase to the seed will add another order of magnitude security onto the 1 in 1E77 possible seed phrases.
@RhettReisman
@RhettReisman Жыл бұрын
Passphrase is definitely a good option 🔥
@davidsonnow
@davidsonnow Күн бұрын
Yes, you can have true random number generation! Ex., a computer taking digital photos of a lava lamp every minute. Convert what the camera sees to a number and there you go, true random generation.
@RhettReisman
@RhettReisman Күн бұрын
Just make sure the computer is never connected to the internet
@joeellis2920
@joeellis2920 Жыл бұрын
Should we be concerned with Trezor Wallets?
@RhettReisman
@RhettReisman Жыл бұрын
Only if you’ve rolled your own seed (and used less than 100 dice)
@johnmoore2056
@johnmoore2056 14 сағат бұрын
When I punched the thumbs up on the video, I noticed that I was 'like' # 777. Feeling, 'not very random' here.
@RhettReisman
@RhettReisman 9 сағат бұрын
Exactly. Some dummy in the comments who didn’t listen to the video will probably use 777 as his seed phrase and lose all his money
@RhettReisman
@RhettReisman Жыл бұрын
COLDCARD or Ledger?
@DanOTaylor
@DanOTaylor Жыл бұрын
How does this dice role example work if you use ledger? Does ledger go this route? Edit - I see you answered this around 11:03 and posted links. Duh! Thanks!
@lukebal
@lukebal Жыл бұрын
Trezor
@MajesticLawnGnome
@MajesticLawnGnome Жыл бұрын
Coldcard alll the way
@MajesticLawnGnome
@MajesticLawnGnome Жыл бұрын
@@lukebal careful trezor if you watch bitcoin university beware of their coinjoin company they partnered with
@MrFooChops
@MrFooChops Жыл бұрын
​@@lukebal You definitely want to steer clear from Trezor after they recently partnered up with a surveillance chain firm. LEDGER is also no good, they just recently announced they can decrypt your private keys from your device. They say you have to opt-in but the fact is they are now capable of doing this and since their code is NOT open-source there's really no way to trust what they're doing. This was basically their Bud Light moment. ColdCard is definitely the way to go.. P.S follow Mathew from Bitcoin University
@darkmugetsu6572
@darkmugetsu6572 Жыл бұрын
As to why I have multiple hardware wallets instead of 1. I knew such a risk exists thus I spread out my crypto investments on multiple storages both hardware and crypto platforms .
@RhettReisman
@RhettReisman Жыл бұрын
Exactly 🔥🔥
@davidsonnow
@davidsonnow Күн бұрын
There is no mathematical difference of me making up 100 numbers off the top of my head and rolling a dice 100 times. This guy is pure insanity.
@RhettReisman
@RhettReisman Күн бұрын
Tell me you failed high school math without telling me you failed high school math
@ikust007
@ikust007 Жыл бұрын
Do we have a discord …?
@RhettReisman
@RhettReisman Жыл бұрын
I don't really use discord :( I'll make a poll and see if people think that would be helpful
@ikust007
@ikust007 Жыл бұрын
@@RhettReisman session
@crackjoker-yb8jp
@crackjoker-yb8jp Күн бұрын
Sweeped?
@RhettReisman
@RhettReisman Күн бұрын
Draining the funds in the wallet
@crackjoker-yb8jp
@crackjoker-yb8jp Күн бұрын
@@RhettReisman Swept.
@neuideas
@neuideas 9 ай бұрын
The Ian Coleman BIP39 utility is a very useful tool, but like all tools, it needs to be used appropriately.
@RhettReisman
@RhettReisman 8 ай бұрын
Yeah totally - gotta be careful out there doing your own cryptography
@cryptomadness7271
@cryptomadness7271 Ай бұрын
It makes perfect sense.
@RhettReisman
@RhettReisman 2 күн бұрын
We are all just dice at the end of the day
@sylvianederlander2317
@sylvianederlander2317 Жыл бұрын
Please do a livestream where you fund such an address easy to hack.
@RhettReisman
@RhettReisman Жыл бұрын
I think that will be cool I’ll do it when I have some time :)
@RogerRoger101
@RogerRoger101 9 күн бұрын
6 ^100 ≈2.37×10^77 odds that someone will roll the exact same number as you. (using 6 sided dice) approximately 1 in 2.37 x 10^77 chances.
@RhettReisman
@RhettReisman 2 күн бұрын
Safety in numbers 😎
@dsp4392
@dsp4392 9 ай бұрын
"Talk to me like a normal person" *Whips out vscode*
@RhettReisman
@RhettReisman 9 ай бұрын
😂🤣😂
@DEVUNK88
@DEVUNK88 2 күн бұрын
how are people getting their hands on these wallets in the first place? I dont know anyone that even knows what they are and if they did, they arent some turbo nerd that could even begin to figure out how to crack it...Who the f is doing this?
@RhettReisman
@RhettReisman Күн бұрын
Lots of people use hardware wallets. To your point a lot of people don't understand them and unfortunately think they will be safer rolling dice (and then don't roll enough dice). This is one of the biggest vulnerabilities for people who end up getting hardware wallets. Lots of people have lost their money this way
@agent-8699
@agent-8699 Жыл бұрын
As Spock would say, "fascinating."
@RhettReisman
@RhettReisman Жыл бұрын
As Abraham Lincoln would say: "Hunnid"
@MajesticLawnGnome
@MajesticLawnGnome Жыл бұрын
Lmao
@DEVUNK88
@DEVUNK88 2 күн бұрын
ultimate security is rolling 500 dice and multisg with 5 coldcard wallets
@RhettReisman
@RhettReisman Күн бұрын
Fr fr
4 күн бұрын
Hardware Wallet are not safe. Also the same guy: Buy hardware wallet.
@RhettReisman
@RhettReisman 2 күн бұрын
Welcome to the internet
@ProdulyNotbemx
@ProdulyNotbemx 2 сағат бұрын
if you bought a hardware wallet please, never use crypto again good luck
@VAVA38731
@VAVA38731 11 күн бұрын
New fear unlocked …
@RhettReisman
@RhettReisman 2 күн бұрын
For real for real
@21Million
@21Million 3 күн бұрын
But Bitcoin "feeds on chaos" , like Michael Saylor would say.
@RhettReisman
@RhettReisman 2 күн бұрын
I don't like speaking in metaphors
@kenqwerty3685
@kenqwerty3685 Жыл бұрын
Man never went to the moon.
@RhettReisman
@RhettReisman Жыл бұрын
Talk about it king
@fasteddiepool2717
@fasteddiepool2717 Күн бұрын
👍
@RhettReisman
@RhettReisman Күн бұрын
🫡
@racm2023
@racm2023 6 күн бұрын
Don’t use the hardware wallet to generate your private key. Problem solved.
@RhettReisman
@RhettReisman 2 күн бұрын
Real Chads roll their own dice in a blacked out room and do all their hashes by hand because they're great at math and never make mistakes. Jk don't do this
@davidsonnow
@davidsonnow Күн бұрын
Haha this guy is scaring you in this video so that he can influence you to buy his products. How friggin lame
@RhettReisman
@RhettReisman Күн бұрын
There is a monster under your bed. The only way to save yourself is to use my affiliate link to buy all this paper: amzn.to/4gqkI77
@robinbrisebois8142
@robinbrisebois8142 Күн бұрын
entropy is disorder
@RhettReisman
@RhettReisman Күн бұрын
Go off king
@imonnights
@imonnights Жыл бұрын
Lmao 42069 😂
@RhettReisman
@RhettReisman Жыл бұрын
I am become memelord destroyer of seriousness
@davidsonnow
@davidsonnow Күн бұрын
FFS. This guy is mathematically challenged is not even funny! No, you don’t have to get a stupid container filled with miniature dice! Yes, if you literally just make up numbers on the fly, you will be fine. This guy is taking paranoia to a brand new level.
@RhettReisman
@RhettReisman Күн бұрын
You don't have to, you could just roll one dice 100 times but it's more error prone.
@mikyahl8749
@mikyahl8749 Жыл бұрын
I CAN MAKE UP MY OWN WORDS AND SPELL THE WRONG ON PURPOSE. THATS A LITTLE MORE SECURE.
@RhettReisman
@RhettReisman Жыл бұрын
Lmao
@QuadTap
@QuadTap Жыл бұрын
rip mass adoption
@RhettReisman
@RhettReisman Жыл бұрын
Fr
@za_ozero
@za_ozero Жыл бұрын
That yankee soap opera didnt put men above low Earth orbit
@RhettReisman
@RhettReisman Жыл бұрын
😂🤣😂
@summerbreeze5115
@summerbreeze5115 Жыл бұрын
What about Trezor One ? 😢 Im i safe Im too dumb for this new technology stuff
@RhettReisman
@RhettReisman Жыл бұрын
Trezor entropy is open source - it should be fine as long as you’re not rolling your own seed with low entropy Trezor code: github.com/trezor/trezor-mcu/blob/master/firmware/reset.c#L46
@summerbreeze5115
@summerbreeze5115 Жыл бұрын
@@RhettReisman So I'll be fine with the seed phrase generated by Trezor One ?
@RhettReisman
@RhettReisman Жыл бұрын
I would be very confident in a seed phrase generated by a trezor
@summerbreeze5115
@summerbreeze5115 Жыл бұрын
@@RhettReisman 🥰🥰🥰 Thank you Sir
@RhettReisman
@RhettReisman Жыл бұрын
Glad to help :)
@Leeds1919LUFC
@Leeds1919LUFC Жыл бұрын
Isn't rolling the dice 100 times the same as the number going into the parenthesis on the code though? For instance, let's say I rolled 10,5,3,5,6,72,1,6,89,2,5,1,4,5,6 etc. etc. Wouldn't that just be: random.seed(105356721689251456) and the number generated would still be the same every time?
@RhettReisman
@RhettReisman Жыл бұрын
Yes, but because you’ve rolled 100 dice there are 6^100 combinations of what that number in the parenthesis can be (which is not brute forceable by any computer) it’s ~ 6x10^77 So you get safety by generating a seed to the random function that is impossible to recreate.
@lukebal
@lukebal Жыл бұрын
42069. Best # ever. A+ content
@RhettReisman
@RhettReisman Жыл бұрын
Goated meme lord back at it again
5 Things NO ONE KNOWS About Hardware Wallets
9:19
Rhett Reisman - Level Up Your Brain
Рет қаралды 69 М.
Best Cold Wallets of 2024! (So Far)
25:22
Cyber Scrilla
Рет қаралды 154 М.
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН
How I hacked a hardware crypto wallet and recovered $2 million
32:18
I hacked time to recover $3 million from a Bitcoin software wallet
21:31
How To Make Your Own Crypto Steel Recovery Seed Backup for Only $3.35
10:24
John Chow dot Com
Рет қаралды 245 М.
Blockchain 101 - A Visual Demo
17:50
Anders Brownworth
Рет қаралды 2,7 МЛН
What is Bitcoin Mining? (In Plain English)
16:01
99Bitcoins
Рет қаралды 4 МЛН
Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?
36:25
Joe Grand
Рет қаралды 4,8 МЛН
I switched to Tangem from Ledger; but Should You?
10:16
Geek Of All Trades
Рет қаралды 19 М.
What is Bitcoin?  Bitcoin Explained Simply
12:49
99Bitcoins
Рет қаралды 7 МЛН
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН