Recently, I have been wanting to make a guide on how to obtain secret and safe "mnemonics". Just in time for Do Kwon's joke a few days ago, I feel it is necessary to share it with everyone.
A total of 5 steps are required:
1. Find the mnemonic list
2. Find some dice
3. Roll the dice - convert base
4. Find the check digit
5.Backup
Is the hardware wallet you carry with you really safe? In fact: whether it is a hot wallet or a hardware wallet, the mnemonic phrase you get is randomly and automatically generated by the software for you.
Of course, I'm happy to give hardware wallet providers enough credit, but as a crypto native guy, I feel that "trust" is not enough.
Why do you say that? From the time a hardware wallet is produced to your hands, it has gone through too many links: developers, hardware designers, assemblers, packers, courier A, customs, sorting, courier B... and so on.
The worst case scenario is: the automatically generated random algorithm is a cracked version, or simply has a backdoor.
Everyone has heard of the concept of "pseudo-random". After all, random numbers generated by machines have the possibility of being predicted by others. For example, if you use a (tampered) hardware wallet given to you by someone else, then in theory, the 12 words you generated can be generated by others, and your hardware protection methods will be meaningless.
Therefore, it is best for us to generate a set of mnemonics ourselves rather than automatically generating them with the help of a program.
The hardware wallet cannot access the network. It is difficult to implant a backdoor in this link. As long as you can ensure that your mnemonic phrase is truly randomly generated, then the security of the hardware wallet will make up for the last shortcoming, that is, no one can Know your mnemonic phrase.
So how to generate a truly random mnemonic? It's simple: physical randomness.
Next is a tutorial. If you are interested, you can retweet it and wait for the weekend to slowly operate it.
Step1 Find the 2048 mnemonic word list
First of all, popularize a concept: Bitcoin, Ethereum, and all subsequent chains use the same set of protocols, which is BIP-39 created by the Bitcoin community. There are 2048 words here, and in order to avoid handwriting errors, BIP-39 has also thoughtfully removed many words that look very similar.
BIP39 in Bitcoin Warehouse
https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
You can easily obtain these 2048 words from any search engine. Of course, since you are at the cutting edge, you can look for three sources of information and conduct random surveys to confirm that these are genuine BIP39.
Many people don't know that BIP-39 actually supports Chinese; for example, the theory of "one is in and out of one" can also generate a wallet address. Of course, for better compatibility, it is recommended that you use the default traditional word list.
Step2 Find some dice
Next, let's do a thought experiment: If I want to get true randomness, the simplest way is to have a "2048-sided die" and roll it 12 times in a row (actually 11 times, we'll talk about it later), We can obtain a completely random set of real mnemonics.
However, I believe that none of you have such dice, so we have to use some brains.
There is a classic algorithm question, how to use a standard dice to generate random numbers from 1 to 7. https://www.zhihu.com/question/62404167
We just need to change the requirement of this question from 7 to 2048. You can now buy 11 dice or coins online (to be honest, mainland coins are really used less and less now).
Step3 Roll the dice and convert to binary
Now start shaking the dice, and the odd numbers on the dice will be recorded as 1, and the even numbers will be recorded as 0 (the same goes for coins). The combinations of 11 dice are exactly: 2*2*2*2*2*2*2*2*2*2*2*2=2048, so you can use these dice to generate a binary number.
For example, if I shake out a result, it is 1 0 1 1 1 1 1 0 0 0 1. If you convert it into decimal, it is 1521. The algorithm is very simple and can be calculated with pen and paper (it is not recommended to use a computer as the private key does not touch the Internet). For the algorithm, please refer to: https://zhuanlan.zhihu.com/p/75291280
Then you go to the BIP-39 word list and find the 1521st word, which is safe.
Roll it a total of 11 times in a row, and you'll get a completely random set of words, such as: safe hill also idle fade shock walnut cigar eye clean water.
Step4: Obtain the last test word through exhaustive method
Why not roll the dice all 12 words in one go?
The entire mnemonic sequence of BIP-39 contains a certain degree of verification function, similar to the tail number of an ID card, which has a similar design.
Therefore, although the 12th word itself is not a special check digit, considering that the entire mnemonic sequence must comply with certain rules, when creating a wallet, if the entered mnemonic does not comply with the verification rules, Creation will fail.
To put it more simply: not any 12 words on the list can form a set of mnemonics, they must conform to certain rules. If you look for a set of words at random, you will most likely be prompted: invalid mnemonic.
If it is a mnemonic phrase automatically generated by a program, of course it automatically complies with the rules. And we created it physically, so again, some thinking is required.
It's very simple, since the first 11 did not follow the rules. Then, we just need to make the 12th mnemonic phrase match.
So how to get the 12th word? I will not leave my book bag to explain the principle here, and directly adopt the idea of "brute force exhaustion" (unexpectedly, creating a mnemonic by yourself requires brute force cracking).
In fact, if you try 0-30 words at any position in the 2048 mnemonic list, there will definitely be words that meet the rules. For example, when I talk about this group, I start from the 230th word, 233 brown is OK, and 255 cabin is OK.
Of course, it would be best if you try to crack it directly on the hardware wallet, because after all, it will not touch the Internet. But the disadvantage is that it is tiring, and most hardware wallets have few buttons...including ledger S and onekey classic. As for Do Kwon's trezor, I haven't bought it yet, so I don't know.
If you want to be lazy, use a retired mobile phone and download a trustwallet or any wallet you are familiar with. Then, disconnect from the Internet and take turns testing. Until you try out the 12th word that meets the rules, write it down silently, then delete the app, copy whatever you want (clear the clipboard), and restart and shut down the phone several times.
This is done! Through completely physical and random means, without being connected to the Internet, you obtain a set of mnemonic words that absolutely cannot be guessed by anyone. At this time, you enter this set of mnemonic words into the hardware wallet, and your Security is completely exhausted.
Step5 Backup
Of course, it is still recommended to make at least 2 backups. Don't use a pencil (it's easy to fade), don't save it on your computer or mobile phone (then we just did it in vain), don't try to save half of it in two electronic devices (it's easy to be cracked by brute force).
Of course, if you are good enough, you can memorize it (to avoid the Do Kwon tragedy), but this is strongly not recommended. Here are some tips for memorizing mnemonics, such as mine: safe hill also idle fade shock walnut cigar eye clean water cabin.
You can make up a story: In a (safe) small mountain village, there is a (hill) hill, and there is an (idle) lazy young man in the village. His clothes have faded badly...balabala
In this way, in theory, if you remember the story, you will also remember the mnemonic phrase. However, I would like to emphasize that the human brain is a very cool biological storage device and is not recommended to ordinary people, except Do Kwon.
Of course, if you simply want to make a cold wallet as a long-term holder, I think writing it on paper, copying the address, and only transferring it in but not out, then you don’t even need a hardware wallet. This was also common practice in the early years. Mentioned "paper wallet".
Finally, I wish everyone can always protect their wallets and assets. If you have any questions or ways to improve physical randomness, please leave a message to communicate.
Author of this article:
0xTodd | Nothing Research Partner
