Hacker News new | past | comments | ask | show | jobs | submit login

The checksum in a 12-word seed is only 4 bits. This means you could absolutely pick 12 random words using nothing but a dice. When importing the seed on a hardware wallet, if it complains that the seed is invalid (because the checksum is invalid) just change the 12th word by picking the next one in the BIP39 list (https://github.com/bitcoin/bips/blob/master/bip-0039/english...). If it complains again, tries the next one. And so on. At most you may have to try 2⁴ = 16 different words. One of them will pass the checksum. And there you go, you have a valid seed that was generated with a simple dice roll, without the need for custom code running on an MCU or offline computer.

Edit: BTW your method of calling MicroPython uos.urandom() to generate the seed is not necessarily safe! The MicroPython API does not guarantee the entropy always comes from a secure hardware RNG. Just "when possible". This means depending on your MicroPython version, how the framework was compiled, what exact revision of the ESP8266, entropy may or may not come from a secure hardware RNG. As a former InfoSec professional reviewing hardware/firmware/software security-related code, I often found flaws at many levels in this area.

Edit #2: In fact, after more looking into it, the current version of MicroPython relies on an undocumented register (https://web.archive.org/web/20160417080207/http://esp8266-re...) that "seems" to be a hardware RNG however it has never been determined if it is suitable to use for cryptographic purposes. It would be a lot safer to generate your seed on an offline Linux laptop booted of a Live USB or equivalent (with no storage device), using the good old cryptographically-secure getrandom(2) syscall than blindly trusting an undocumented sketchy ESP8266 register whose implementation is completely unknown. If I were you I would discard any wallet created using your ESP8266 code.




The problem with that is that inputting this in a Ledger, for example, is very cumbersome, and trying sixteen times could take an hour.


How often do you need to regenerate your seed? That hour is more than short enough for me.


For me, it compares disfavorably to just having an ESP8266 generate the seed for me.


use the offline tool. will take you 30 seconds.

https://www.ledgerwallet.com/support/bip39-standalone.html or https://github.com/iancoleman/bip39

PS: even a 24 word checksum takes just a couple minutes


It'll take me 30 seconds to use, but setting up the Raspberry Pi and formatting the SD card afterwards is a hassle. You can't beat the ESP8266 method, since you can just look at the code and be sure what it's running.


I'm not sure the ESP8266 is a great way of accomplishing the goal of being able to know what's running by just looking at the code, unless the Espressif has suddenly opened their firmwares and toolchains. An AVR (like an arduino) would probably be better suited for the task, as the open toolchains are mature.


What would Espressif be able to do? Somehow retain the entropy it gave to the code that you used to generate the key and then send it to their servers when you reflashed with an unrelated program and connected to WiFi? That seems a bit far-fetched.

Regardless, sure, the Arduino is also a good platform to do this on. It doesn't run MicroPython, though, so I implemented my particular program on the ESP for speed/ease of development.


Don't forget the Debian bug that created weak keys from 2006 to 2008. These sorts of things happen. It's best not to attempt to disparage the possibility.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: