Maybe Subkey generation ?
I am not sure BTC is still worth the hassle, most of hashrate is inside of USA (70+% =>51%...). most of BTC holdings is in USA... btc saga will end soon and badly in my opinion. BTC Cash made me pessimistic.
In Europe they have SEPA Instant Credit Transfer which allows people inter bank transfers in under 15 seconds. All KYC, all legal, all gov approved, gov regulated, all without fees to btc exchange / VISA. BTC does not even makes sense anymore. Technological innovations flew right past the BTC.
i am not even sure BTC infrastructure is quantum safe, blockchain "is", but i doubt rest of infrastructure is...
This article is about entropy and mostly an explaination why your mnemonic seed is already safe against wild guesses. The question then is how to secure it against attackers who might want to get it otherwise.
If you live alone writing it on a piece of paper and putting it into a locked drawer might literally be enough, since your main concern would probably be online aftacks. If you have 30 guests a week that calculation might change, but then your scenario is to protect against a guest who A) knows you have a lot of bitcoins, B) posseses all other required information to access the wallet and C) is invited or has broken into your flat. If the latter is an issue, maybe getting a decent door and a safe is a good idea.
This is just an example, but if you want to secure a thing, knowing which attack-vectors to secure it against is key.
tombennet•6d ago
brudgers•5d ago
I'm sure that you aren't just collecting wallet seeds, but that's what it reminds me of.
tombennet•4d ago
- I've explicitly discouraged entering a real mnemonic, in several places. In fact I tried to steer people in a safe direction by putting the random generation component first. The article works best when starting with random entropy.
- All the BIP39 logic is handled client-side using paulmillr/scure-bip39, a minimal audited library.
- It works fully offline - no backend, no database, no server calls.
- There are no cookies or tracking scripts beyond simple pageview stats via Plausible (which is privacy-focused)
That said, I’d genuinely welcome suggestions on how to make it more trustable. Do you think open-sourcing the code for the page/site would help?
jbermudes•3d ago
nick3443•3d ago
sudahtigabulan•3d ago
If the site was malicious, there wouldn't be any disclaimer, and once you insert a passphrase, BIP39 or not, in a text field, it's game over. No need to press Submit even, some JavaScript will send it wherever it has to.
sparkie•3d ago
oakwhiz•3d ago
tombennet•3d ago
er4hn•3d ago
tombennet•3d ago