Entropy

Entropy is a measure of unpredictability. "256 bits of entropy" means a secret is drawn from 2²⁵⁶ equally likely values — too many for any conceivable adversary to brute-force.

In Bitcoin, entropy is the raw material every key flows from. A private key is just 256 bits sampled from a cryptographically secure random source. A [BIP-39](/glossary/bip39) mnemonic encodes 128 or 256 bits of entropy as 12 or 24 words; the seed and every derived key inherits exactly that much randomness — no more, no matter how complex the derivation tree looks.

Bad entropy is the source of nearly every real-world wallet compromise:

- Predictable RNGs — early Android wallets and at least one hardware-wallet bug shipped with broken SecureRandom implementations, allowing attackers to enumerate the small set of keys those wallets could possibly produce.
- User-chosen "random" data — humans are spectacularly bad at randomness. Brain wallets (hash a passphrase, treat the result as a key) have been drained at scale because attackers precompute hashes of common phrases.
- Insufficient entropy from a constrained source — using only timestamps, only mouse jitter, or only one source of jitter narrows the space dramatically.

The practical rule: derive every Bitcoin key from a CSPRNG (crypto.getRandomValues in the browser, /dev/urandom on Linux, SecRandomCopyBytes on macOS, etc.) seeded by the OS. Never make up your own seed.