DEV Community

mibii
mibii

Posted on • Edited on

Dont Trust the built-in Wallets mnemonic entropy

In the world of cryptocurrencies, ensuring the security of your assets is paramount. One crucial aspect of this security is the proper generation of mnemonic phrases, also known as seed phrases. A mnemonic phrase acts as the key to access your cryptocurrency wallet, enabling you to recover your funds and interact with the blockchain. Remember, the security of your crypto assets starts with the generation of your mnemonic phrase, and it's essential to understand the importance of proper entropy when generating them.

Understanding Mnemonic Phrases:

A mnemonic phrase is a sequence of words that represent a cryptographic seed. This seed is the foundation for generating all the cryptographic keys needed for your wallet. By keeping your mnemonic phrase safe, you can restore access to your wallet if you ever lose your device or experience technical issues.

Entropy and Cryptographic Strength:

The strength of your mnemonic phrase lies in the entropy it contains. Entropy is a measure of randomness and unpredictability. The higher the entropy, the harder it is for malicious actors to guess or brute-force your seed and gain unauthorized access to your funds.

In the context of mnemonic phrases, entropy is measured in bits. A longer mnemonic phrase with more bits of entropy is exponentially more secure. The default entropy for a 12-word mnemonic phrase is 128 bits, considered sufficiently secure for most users.

Generating a Secure Mnemonic Phrase:

To ensure the security of your mnemonic phrase, it's vital to generate it using a trusted method. The bip39 library is a common choice for this purpose. By default, it generates a mnemonic phrase with 128 bits of entropy (12 words). You can customize the entropy level if you desire higher security.

Beware of Scams and Bad Practices:

However, it's crucial to be aware of potential scams and bad practices. Some dishonest developers may cut corners during wallet creation. They might use predefined mnemonics that they're aware of, effectively giving them access to your wallet from the outset. This can lead to a complete loss of your assets.

Avoid wallets that do not provide transparency about how they generate mnemonics.
Even if you are Trust the Wallets that you are using - better Generate Your OWN Mnemonic: using reputable libraries like bip39.

Generating Entropy from User Interaction
A reputable method of generating entropy for a mnemonic phrase is to use unpredictable user actions, such as mouse movements or key presses. This ensures that the entropy is highly random and not easily predictable. By capturing user interaction, the entropy becomes a robust foundation for generating the mnemonic phrase.

Here the NodeJS code snipet sample of how to create the mnemonic phrase with your own entropy: (Entropy is based on randomness in the user's key presses)

const bip39 = require('bip39');
const readline = require('readline');

// Variables to store collected entropy
let collectedEntropy = '';
let entropyLength = 256; // Number of bits of entropy

// Create a readline interface for user input
const rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout
});

// Function to generate random bytes based on collected entropy
function customRandomBytes(size) {
  while (collectedEntropy.length < size * 2) {
    // Wait until enough entropy is collected
  }

  const randomBytes = collectedEntropy.slice(0, size * 2);
  collectedEntropy = collectedEntropy.slice(size * 2);

  return Buffer.from(randomBytes, 'hex');
}

// Prompt the user to start entropy collection
console.log('Press any keys to start creating entropy...');
rl.input.once('keypress', () => {
  console.log('Collecting entropy...');

  // Listen for key presses to collect entropy
  rl.input.on('keypress', (character, key) => {

      collectedEntropy += character.charCodeAt(0).toString(16);
      if (collectedEntropy.length >= entropyLength * 2) {
        console.log('Enough entropy collected.');
        rl.close();

        // Generate mnemonic using customRandomBytes function
        const mnemonic = bip39.generateMnemonic(entropyLength, customRandomBytes);
        console.log('Generated mnemonic:', mnemonic);
      }

  });
});

// Start listening for key presses
rl.input.setRawMode(true);
rl.resume();


Enter fullscreen mode Exit fullscreen mode

And again remember, the security of your crypto assets starts with the generation of your mnemonic phrase.
By understanding entropy and using trusted tools, you're taking a critical step towards safeguarding your investments from potential threats. Stay vigilant, stay secure, and enjoy the benefits of the crypto revolution with peace of mind.

Continuing with the concept of self-operating crypto wallets, it’s worth exploring the realm of manual wallet management, allowing you to take control of essential operations independently, without being tied to a particular wallet software. Let’s delve into the next key aspect of a standard crypto wallet operation: the generation of wallet addresses.

Top comments (1)

Collapse
 
mibii profile image
mibii

I would be appreciated for your comment about bip39 library. I use it considering that it is might be a safe library.