0
I reading that 'humans are bad at randomness' and one should always let an algorithm choose your seed for you.
While I agree that maybe it's not advised to make my brain wallet 'zoo' x 23 + checksum as an easy to remember phrase, but besides the obvious, what real risks are there to choosing your own seed?
I've also read that if you use the date as your seed's seed (akward phrase, the seed of the random function that my nmemonic seed is created from) then if that is known by an attacker they can use that to crack my wallet really easily.
What else could go wrong? for instance if i decide to use all the food words out the list, but change 1 of those to an easy to remember alternative, then I've a bunch of food words and one randomly out of place non-food word (seams ok to me). Are there brute force algorithms that could take advantage of that?
I get the reduction in entropy, but in the 'food items' example, obviously an already extreme example, but even in that case, the attacker would have to have the knowledge that I've chosen food items, which they presumably do not, but working on the presumption that that knowledge will never become available, what are the risks? Great answer but still kinda not the answer i was looking for. – Ninjanoel – 2019-10-29T13:40:14.670
2@Ninjanoel The answer is that you simply cannot reason about how secure or insecure it is. You should assume an attacker has knowledge of the process you used to come up with the phrase; not because they certainly will, but because you need to protect against the worst case. You cannot eatimate how random something is you came up with yourself Nobody can; humans are just terrible at this. – Pieter Wuille – 2019-10-29T16:28:01.810
Ahhhh, I know what you saying but huge parts of me still wanna argue!! lol. Like, if I told you my process was the same as rolling a die three times and choosing the word that best "continues the story", so I'm left with a random but human readable "cards against humanity" style story that's easy to remember. Ignoring the risk of someone else seeing my phrase, have I got something that is easier to brute force than computer randomness? Again, I agree with most of your answer – Ninjanoel – 2019-10-29T19:57:53.440
You have something that is absolutely massively easier to guess than brute force. Whether it is so much easier as to make attacking easy I cannot tell you. – Pieter Wuille – 2019-10-31T00:10:43.557