Du kannst auch die deutsche Version dieses Artikels lesen.

The BitBox Monte Rosa update brings a new feature that allows you to create your own wallet seed without the help of additional hardware or software. This article provides you with easy step-by-step instructions on how to create your own random seed to use with Bitcoin wallets.

Download and print the comprehensive instructions document linked below. It contains these instructions and a table with all 2048 words of the BIP39 wordlist, neatly arranged in a matrix for easy lookup. In combination with the BitBox02 hardware wallet, this allows you to generate your own secret seed, without relying on the wallet to do it for you.

Sidenote: one of the principles in cryptography is to never “roll your own crypto”, meaning not to implement cryptographic operations yourself, but to only use established libraries that stood the test of time. Of course we follow this principle. The “roll your own seed” title is just a little insider joke poking fun at this :-)

Why should I do this?

First of all: you don’t need to do this. The BitBox02 uses five different sources of entropy to create high-quality randomness: from manufacturing, your device password, the host computer, the microcontroller and the secure chip. Each source can only add randomness, not reduce it. With the firmware fully open-source and reproducibly built, anyone can check how that works.

But a hardware wallet should be a tool for personal sovereignty. This is why creating your own seed can be an empowering experience. And if done well, you can get a truly random seed that can easily be verified, with zero trust put in the inner workings of the BitBox02 to create randomness.

How does that work?

Modern wallets are based on a single secret seed, from which all private keys and addresses are derived. This seed is just a huge number. But to be secure, it must be truly random, otherwise overall security is reduced.

The seed number is usually encoded into 24 English words because these are easier to write down without introducing mistakes. But just picking random words is not as easy as it sounds, as humans are really bad at creating random patterns. This is why the best choice is to roll dice, preferably really good casino-grade ones.

You can roll your dice to determine the first 23 words. But the main challenge in this process is that you can’t simply pick any word as your 24th word because it needs to be calculated using a hashing algorithm. This last word is in fact in part a checksum over all other words and it’s nearly impossible to compute it manually.

But that’s no problem with the BitBox02 hardware wallet: it enables you to enter the first 23 words and then the device shows you all valid 24th word options. Pick one and you’re all set. That set of 24 recovery words works with every wallet that follows the BIP39 standard and can easily be verified by importing it into another hardware wallet.

Preparations

To generate your own seed, you need the following:

Make sure you are in a private environment. Turn off electronic devices and put your mobile phone somewhere else. Don’t say the numbers or recovery words out loud. Don’t mark anything on the lookup tables. And write down your recovery words only on the backup card, they must never touch an electronic device except the BitBox02.

Finally: get comfortable and put on some good music.

How to roll your dice to get good randomness

It’s important to decide on a specific method first and follow it through, instead of making seemingly random decisions during the process. We find that the following approach works best:

  1. Roll all five dice and the coin together
  2. Arrange all dice that show a number from 1 to 4 in a neat line, pick them from left to right (and top to bottom if in doubt)
  3. Reroll all dice that show a 5 or 6 until they show a number from 1 to 4 and line them up as well.
  4. Put the coin next to the dice.

Not enough dice or no coin? If you don’t have five dice, you can roll a single die to get the 5 numbers between 1 and 4 sequentially. Just note them on paper (and burn it afterwards).

If you don’t want to use a coin, you can also roll a die: numbers 1 to 3 are “heads” and numbers 4 to 6 are “tails”.

Pick your first 23 recovery words

Roll five dice and flip the coin as described above, then pick out the next recovery word from the BitBox02 Diceware lookup table document as follows:

  • The first die gives you the page number of the lookup table
  • Dice 1 to 4 give you the correct row
  • Die 5 and the coin flip give you the correct column

Write down the recovery word on the backup card.

Repeat this for the first 23 words. Don't choose the 24th word yet.

Finalize your wallet on the BitBox02

With all 23 recovery words, you can create a new wallet with your BitBox02. If the BitBox02 is already set up, make sure you have a valid backup of the current wallet and reset the device.

  • In the setup wizard, choose “Restore from recovery words”
  • On the BitBox02, select “24 words”
  • Enter your 23 recovery words on the BitBox02 (and nowhere else)
  • Once you’ve entered the 23 recovery words, the BitBox02 will display 8 valid options for the final checksum word
  • Pick one of the final recovery words at random and write it down as the 24th word on the backup card.
  • Select it on the BitBox02 and confirm it on the device .
  • The BitBox02 will show a “Recovery words valid” message. You can now set your device password.

The BitBox02 is now fully set up and will calculate all keys and addresses based on your very own seed.

Validate your wallet backup

As of now, your backup card is the only backup you have of your new wallet. To make sure it’s 100% correct, you need to validate it.

  • In the BitBoxApp, choose “Manage device” > “Show recovery words”
  • Confirm the security precautions in the BitBoxApp
  • Enter your device password on the BitBox02
  • Your 24 words are now shown on the BitBox02. You can quickly race through all of them (just tap “>” repeatedly) and then tap “Continue”
  • The BitBox02 now challenges you for each recovery word to pick the right option

If you get everything right, your backup is accurate.

Backup redundancy

You can now also create a backup on the microSD card.

If this wallet will hold your life savings, think about securing the backup with additional redundancy and resilience. Maybe our proven backup accessories like the ageing-resistant Backup card, our apocalypse-proof Steelwallet, or the tamper-evident security bags come in handy?

Check out our Backup solutions page for more details.


Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!


Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.