Verifying Dice Roll Math
Video: COLDCARD Dice Rolls seed entropy
You have the option of creating the seed value for your Coldcard by rolling a six-sided dice (D6). Choose "Dice Rolls" from the "Import Wallet" screen.
You just keep pressing 1–6 as you roll.
This allows you to remove any risk of our the Coldcard's random number generator (RNG) being compromised, and you are creating the private key directly. In that way it's not really an 'key import', but a 'create key'.
Number of Rolls
Please note that each roll of a D6 dice provides only 2.585 bits of additional entropy (randomness). Therefore, for 128-bit security, which we consider the absolute minimum, you need 50 rolls, and for 256-bits of security, 99 rolls. The Coldcard does not limit the number of rolls, but will warn you if you apply too few rolls.
Duplicating Our Math
But what if we lied and still used some tricky way to pick a non-random but random-looking value for the seed?
Video: Dice Rolls on Tails
You may have noticed the first screen always looks like this:
The seed value is calculated as SHA256 over the rolls, when
expressed as an ASCII string. Therefore, you will always see
e3b0c... 27ae4... b855 as a starting value, since that's
SHA256 over an empty string. You can calculate other values using
Python as follows:
>>> from hashlib import sha256 >>> sha256(b'').hexdigest() 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >>> sha256(b'123456').hexdigest() '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
Values can also be calculated from the command line (shell) of most computers using one of the following commands:
$ echo -n 123456 | sha256sum 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
$ echo -n 123456 | openssl sha256 (stdin) = 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
The ideal environment to perform this checking is a computer running Tails - The Amnesic Incognito Live System, preferable without any network connection and no hard drives. Do not use your actual dice rolls on a normal desktop system as that will completely comprise the security of your Coldcard!
You may be worried that this hex number shown on the Coldcard is not honestly converted into the seed words. To check that we are applying BIP-39 correctly, you can use this simple python3 program: rolls.py.
$ echo 123456 | python3 rolls.py 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92 1: mirror 2: reject 3: rookie 4: talk 5: pudding 6: throw 7: happy 8: era 9: myth 10: already 11: payment 12: own 13: sentence 14: push 15: head 16: sting 17: video 18: explain 19: letter 20: bomb 21: casual 22: hotel 23: rather 24: garment
As you can see, it shows the hash (which you can cross verify as above with other command-line tools) and then shows the corresponding BIP-39 mnemonic words.
Again, a Tails system is ideal for this verification process.
1) Get a copy of
rolls.py onto the Tails system.
After starting tails, use Tor Browser to visit
coldcardwallet.com/docsand get back to this page.
Alternatively, you might use a flash drive to sneakernet the file.
2) Run your dice rolls through
In Tails, open "Applications > System Tools > Terminal".
Type this sequence of commands:
$ cd "Tor Browser" $ ls
You should see the
rolls.pyprogram you downloaded already. If you used some other means to get it into your Tails system, go to the directory where it's located.
Further Internet access or write access to any media is not required or desired past this point.
$ echo 123456 | python3 rolls.py
It should print the hash and seed words shown above (
Repeat but using the dice rolls you provided to Coldcard. Both should arrive at the same set of seed words.