Entropy

How It Works

When you generate a new Bitcoin wallet, the process starts with a random number. For a standard 24-word BIP39 seed phrase, 256 bits of entropy are required — that's a random number so large that guessing it is computationally impossible. The security of your entire wallet depends on this randomness being truly unpredictable. If there's any pattern or bias, the search space shrinks dramatically and an attacker's job gets easier.

Hardware wallets generate entropy using dedicated hardware random number generators (HRNGs), often combining multiple sources and running health tests to verify randomness quality. The Coldcard, for example, uses a combination of hardware RNG from its secure element and a separate noise source, mixing them together so that a flaw in either one alone doesn't compromise the output. Some devices also allow you to add your own entropy through dice rolls, ensuring that even a compromised device cannot fully control the key generation.

Dice rolls are the gold standard for verifiable entropy because the randomness comes from a physical process you control. Rolling a fair die produces log2(6) ≈ 2.58 bits of entropy per roll, so roughly 100 rolls of a six-sided die produce the 256 bits needed for a secure seed. This is commonly done during key ceremonies for high-value storage. Never use brain-generated "random" numbers, song lyrics, or any human-chosen pattern — humans are terrible entropy sources, and attackers know the patterns we gravitate toward.

Key Points

• 256 bits of entropy makes a brute-force search of your seed phrase computationally impossible
• Hardware wallets combine multiple entropy sources and run health tests to verify randomness
• Dice rolls provide physically verifiable entropy that doesn't depend on trusting any device
• Flawed random number generators have caused real-world Bitcoin losses
• Never use human-generated "randomness" — our brains produce predictable patterns that attackers exploit