Understanding the creation process of a seed phrase endows users and crypto enthusiasts with a profound insight into the mechanism that works tirelessly behind the scenes, ensuring the safety and recovery of digital assets. This knowledge is more than just informational; it is empowering, giving users control and peace of mind as they navigate the complex labyrinth of the cryptocurrency landscape.
How a seed phrase is created helps us appreciate the depth of security it offers and its pivotal role in cryptocurrency management. Let's delve deeper into the intricate process of creating a seed phrase.
Prelude: Understanding Entropy
Before we venture into the genesis of the seed phrase, it is essential to understand the concept of entropy. In this context, entropy refers to a randomly generated set of bits that foster unpredictability and security. This random sequence is the foundational stone upon which a seed phrase is built.
Step 1: Generating Random Entropy
The process initiates with the generation of a random 256-bit entropy. This could be sourced from a cryptographically secure random number generator to ensure high unpredictability and security. The randomness ensures that each generated seed phrase is unique, laying a robust foundation for wallet security.
Step 2: Creating the Checksum
The next step is to create a checksum to add an additional layer of security. The checksum is derived from the SHA-256 hash of the initial entropy. The first 8 bits of this hash are appended to the original 256-bit entropy, resulting in a 264-bit extended entropy.
The quality of entropy, or randomness, is crucial as it underpins the security of the entire cryptographic system. Let's explore the entropy differences between hardware wallets and mobile wallets.
Entropy in Hardware Wallets and Mobile Wallets:
- Dedicated Hardware for Random Generation: Hardware wallets often incorporate dedicated hardware modules to generate high-quality random numbers, ensuring a strong foundation for entropy.
- Isolated Environment: Since hardware wallets operate in an isolated environment, detached from networked systems, the entropy generation process remains untouched by potential external vulnerabilities, maintaining its purity and randomness.
- Operating System's RNG: Mobile wallets generally rely on the mobile operating system's random number generators (RNG). The entropy quality here depends on the RNG’s algorithm and its implementation in the OS.
- Potential External Interferences: Mobile devices continually interact with various apps and networks, which could introduce vulnerabilities affecting the entropy generation process, although modern operating systems work hard to secure these processes effectively.
- Lesser Control over Hardware: Developers creating mobile wallet applications have less control over the mobile device's hardware, which might result in a slightly less predictable entropy than dedicated hardware wallets.
Once we understand the importance of using a high-end secure element to create a good Seed for our wallets, we must understand the difference between a Seedless and a Seedphrase wallet, risks, pros, and cons.
24 Words or a Seedless Wallet - What´s the difference?
When a seed is created within a secure element, it essentially means that the seed (or the private keys derived from it) is generated in a highly secure environment and is resistant to physical and logical attacks. Now, comparing a setup where a seed is generated and stored in a secure element for both seedless and seedphrase wallets, here are the differences:
- Recovery and Back-up: Users can recover their wallet using the seed phrase if the device (like a hardware wallet) is lost, damaged, or compromised.
- User Control: Users have full control over their keys as they can store their 24-word seed phrase offline, completely isolated from internet vulnerabilities.
- Portability: Users can restore their wallet on different devices or wallet applications using the seed phrase, maintaining control over their assets across platforms.
- Security Risk: To show the 24 words, the Seed must leave the device’s secure element. This process opens up a window for attackers to exploit device or software platform vulnerabilities and get access to your keys.
- User Responsibility: Users must securely store the seed phrase and ensure that it doesn’t get lost or fall into the wrong hands, which requires a high degree of responsibility.
- Single Point of Failure: If someone gains access to the seed phrase, they can potentially access and control the wallet and its assets, creating a single point of vulnerability.
- User-Friendliness: Users do not have to worry about writing down, storing, and managing a 24-word seed phrase, which can be a relief, especially for people new to cryptocurrencies.
- Enhanced Security: Since the key remains in the secure element and cannot be extracted, it is shielded from many types of attacks that could occur if the seed phrase is exposed.
- Immediate Use: Users can start using the wallet almost immediately after setting it up without going through the process of safely storing a seed phrase.
- Limited Portability: Without a seed phrase, the wallet is tied to the specific device it was set up on, limiting the ability to restore the wallet on different platforms.
- Dependence on third parties: The user depends on the provider in case of hardwallet failure, even if only the user can access to the system.
- User Experience: While seedphrase wallets demand a meticulous setup and safe storage of the seed phrase, seedless wallets offer a more straightforward setup, which can be attractive for users less versed in crypto security.
- Security Dynamics: While seedphrase wallets rely heavily on users to maintain security, seedless wallets leverage the secure element to enhance security at the device level, reducing reliance on user behavior for security.
- Recovery and Backup: Seedphrase wallets have a robust recovery mechanism thanks to the seed phrase, which is lacking in seedless wallets, making asset recovery in seedless wallets potentially more complex.
Having all the information in our hands, Seedless wallets created on a Secure Element are a superior solution if users can migrate or recover their keys safely and efficiently. We will develop in our next article how we have designed the system to ensure that you will always be able to recover your keys and that your keys never will leave the secure element of your HASHWallet, to provide not only a true random creation of your keys but ensure that they never will be compromised.