Like Seedsigner to calculate checksum

It would be great if it has a checksum calculation feature like in seedsignee, so during wallet init setup, user can:

  1. Choose to generate its own seed (using dice/input bip39 words)
  2. Then trezor will show the checksum last word
  3. And confirm the user all the seed phrases as usual.

Then user can have a choice to have a real offline true random seed generation without running script on a computer to calculate checksum

you can generate seed with dice without Trezor, there is no real advantage in doing this.

see this topic: Can I set my own private key with Trezor T?

nothing is running on computer, the seed is generated entirely on the device.

If you are talking about rolling your dice to create your own entropy, and input them and calculate the last checksum using that (offline) web app/python/wtever in your (air gapped) computer, it means you must need to ensure your computer is really secure and you didn’t do anything wrong(no malware, not online, downloaded a correct script/app), which is very hard to a normal user.

Instead, if user can just input the entropy in trezor hardware and generate the seed with last checksum word, then user no need “trust” their skills and their airgapped computer.

This is what Trezor does, offline, and on the device.

The creation of the recovery seed and master binary seed is as follows.

First, the 256-bit random number is generated in the Trezor device on its Microcontroller by the RNG (Random Number Generator). This number has 256 zeros or ones, so the entropy, or randomness, of this number is 2 ^ 256. This equals approximately 10 ^ 77. For comparison, it is estimated that there are 10 ^ 78 to 10 ^ 82 atoms in the known universe.

See also How secure is 256-bit security?

A random number of the same length is then generated in the connected computer and sent to the Trezor device. These two numbers are now together hashed by the SHA-256 algorithm - this number, which is again 256-bit, is the basis for the creation of the recovery seed, let’s call it initial entropy.

Before splitting the number - our initial entropy - to recovery seed words, we need to add a checksum. This checksum is created by hashing the initial entropy number by the SHA-256 algorithm, taking the first 8 numbers of this hash and putting them on the end of the initial entropy - so now we have a 264-bit number. A checksum is a way to let you know if you got the right sequence of numbers.

The 264-bit number is now divided into 24 numbers, and every number now has 11-bits. An 11-bit number is a number from 0 to 2047 in the decimal system. That’s 24 numbers from 0-2047, e.g., 745, 15, 2012, etc.

These numbers are assigned to the English words that are a part of BIP-39 standard.

Yes, but I guess my point is, many people want to generate and use your own seed, not just purely trusting trezor’s random generation because of whatever reason.

Now, for the people who wants to generate their entropy, they need:

  1. Get the roll dice instructions from an unknown website
  2. Get the script/web app from unknown sources, download it to a USB or something
  3. Get/download a livecd or something to boot a clear OS without internet connection.
  4. Then run the script/app, input dice entropy, return bip39 seed phrase with checksum

Every step needs high technical knowledge and security knowledge and needed to be performed carefully, otherwise you might leak you key.

Instead, Trezor can help to make it much easier and secure (again, it’s for the people want their entropy, not purely trusting trezor random generator)

  1. Plug in Trezor
  2. Input dice results/entropy to trezor, it returns all bip39 seed phrase words

You don’t need to go to a random website read random instructions download insecure app/script and don’t need to prepare an air gap computer yourself, all you need is just dice and trezor. It’s easy and secure, you don’t need to be a tech and security expert.

I really don’t think that adds any more security, but @matejcik will tell you more :slight_smile:

I answered this in the second half of this response: Air Gapped-ing Worth It? - #2 by matejcik

The takeaway is, by rolling your own dice, you are not gaining any meaningful security over just trusting the device. Which you then proceed to trust with keeping the seed secure anyway.

I understand the “feels” angle of something one can physically do to (seemingly) improve the security of your setup. But in the overall scheme of things, implementing this feature is very low on the list of priorities.