| Virtually everybody is using the BIP-39 / BIP-44 protocols to derive addresses from a 256 bit (or 128 bit) key. If you have a way to generate 256 bit, you have a way to generate a Bitcoin (or Ethereum or whatever) wallet. Some people trust their hardware wallet to generate a random 256 bit / 24 words (each word is 11 bit as the dictionary contains 2048 words: 24 words is 264 bits, 256 bit + 8 bit of checksum). But others do it manually, in an analog way. One way to do it to throw a 16-sided dice repeatedly: that's a good source of entropy. That's entirely analog. BIP-39 has a checksum (4 bit for 128 bit keys and 8 bit for 256 bit keys), so you'll need some code to either find or verify the checksum. To do that people are typically going to use a fully offline/airgapped computer: for example an old desktop, without any Wifi capability, booted without any harddisk, from a Linux Live CD (I know, I know: you'll read their key from the electrical activity by tapping the electrical circuit outside their house or by firing a laser at their window, so it's not "fully airgapped": bla bla bla). From that single 256 bit number you can derive wallets for all the coins you want. Once people have generated their key by throwing dice, they'll typically store their key behind a HSM, on a hardware wallet. And the private key never leaves the hardware wallet (but can be used to sign transactions). And a "paper" copy of the key typically also lives in the analog world (and listen to Gandalf: "keep it safe", "keep it secure"). The video is definitely cool but creating a key in the real (non digital) world is something quite common. |
I would take 256 quarters (sometimes fewer and accept that some might be tossed more than once) and toss them to get ones and zeroes. Tedious, and somewhat error prone (see below). Then do the calculations by hand, also somewhat tedious and error prone.
There is plenty of research that demonstrates that humans are poor at tossing coins in an unbiased way. People cheat (especially if money hangs on the outcome) and people are also lazy, so that the first toss is vigorous and diligent, and so the coin tumbles end-over-end many times before coming to rest for a result (heads or tails), but after several hundred tosses, the vigor and diligence are gone and the coin barely leaves their hand.
Part of my motivation in building the Satoshi9000 was to automate this manual process and at the same time take out human bias. Which is to say, automate away the human part and automate the math of key generation. But at the same time, make it secure by having the machine air-gapped (that is, no connection to the outside world beyond a power cord) with the ability to walk-away with anything that might leave a clue as to how, why and when the machine was last used; what I refer to as "walk-away randomness" in the video. After removing the coins, SD cards (OS and user programs) and printout, what is left is little more than a motor and some wires. An adversary looking to recover your keys would have no clue as to whether the machine had ever been used, yet alone what for. Maybe it was simply used to generate a quick-pick for tomorrow's drawing of Powerball. You would have now way of knowing.
(As an aside, you could even walk away with the remaining paper roll from the printer, so an adversary would not even know how much had been printed! Also, the printer uses no ink and has no buffer/memory, which was a deliberate choice in the design.)