Bitcoin Forum

Hugs from Argentina..
i want to know about seeds on electrum..
if a want to  safe my 12 words and keep information in future for my children, how should i store them.

https://i.ibb.co/WKr6rpM/20210404-115221.jpg

derivation path in electrum is 141, because is bip32?
89 would be if it were bip39?

my seeds are bip 32.. native segwit.

BIP141 is the Segwit specification, most wallets actually use 84 as the index for Segwit. Electrum uses the derivation path as stated, though saving the seed should generally be enough. Only Electrum will be able to restore the seeds and given that it has a version byte, the derivation path wouldn't matter all that much.

No. BIP39 is the mnemonic standards for some wallets, Electrum doesn't use BIP39.

Since your address type is P2WPKH (ie. native SegWit) the derivation path that Electrum uses is m/0'/0/ for your main addresses so for example the first address in your wallet is at m/0'/0/0. This path for change addresses is m/0'/1/ which means your first change address is at m/0'/1/0.

Is your Seed BIP39 or created in Electrum? (the wallet info in the screenshot is showing "watching-only").

If it's Electrum seed, I'd not bother including the derivation path because Electrum will automatically select the correct derivation path during the wallet restoration process.
The path is already defined in the seed in the form of "version": https://electrum.readthedocs.io/en/latest/seedphrase.html (https://electrum.readthedocs.io/en/latest/seedphrase.html)

In case it's BIP39, I'd put the derivation path that's displayed in the "Script type Derivation path" window
and a short list of selections like "Standard->I already have a seed->Options->BIP39 seed" in order for the backup to be "ELI5".
https://i.imgur.com/fq4nZVT.png

Don't change your derivation path in case you're planning to do so unless you're also writing it down next to the mnemonic phrase. They are even harder to memorize than mnemonics.

Thanks, guys.. as I understood:

Segwit type:

codification BIP 32 in electrum: derivation path BIP141

codification bip 39 in others: derivation path BIP84

I did two things:

I bought two cryptoSteel Capsule

1: XPRV (111 characters)
2: 12 words, (BIP32), Electrum.

just to be sure  ;D

The XPRV(111 characters) is the master private key, to be able to get the master private key you need to type this command below


After the wallet creation on Electrum, you can open the console and type that command and you will get the xprv or mater private key.

Actually, the seed phrase is enough as your backup, but it's your choice if you want both of them.

There really is no need to back up your xprv. The xprv is derived from the seed phrase, so if you have the seed phrase, then you can easily obtain the xprv. Further, backing up an xprv is far more prone to error and if you do make an error, far more difficult to detect and correct compared to a seed phrase. If it were me, I would simply use both devices to back up the seed phrase so you have two back ups.

In terms of the derivation path, as long as you leave it as the default then I wouldn't worry too much about backing it up. Electrum will automatically detect the seed phrase type and restore to the correct path, and in the highly unlikely event that all copies of Electrum have been scrubbed from the internet in the future along with all information about what derivation paths it used, m/0'/0 isn't exactly super difficult to brute force.

Electrum is a unique seed (segwit as default), it works for electrum wallet only, you don't need to keep the derivation path also, it could make you confusing in the future. Just keep the 12 seeds.

cryptosteel capsule - It's able to keep full letter 12-word mnemonic seed, if you hold 24 seed, it will keep 4 letter front because of not enough space.
My point here is you don't have enough space to keep XPRV also on cryptosteel.

An xprv encoded in Base58Check will be either 111 or 112 characters in length. The cryptosteel capsule can hold up to 123 tiles, so should be able to hold an xprv provided OP gets enough tiles. As I understand it, each cryptosteel only comes with enough tiles to guarantee ASCII strings up to 55 characters.

I still think it's unnecessary though, and duplicating his seed phrase across two capsules is the better option.

In the event that Electrum disappears from the face of the earth one day, it can no longer connect to any servers, and for some reason can't even be ran offline to export anything from it, an Electrum-native seed can be restored in Blue Wallet. The only requirement is that the wallet is not empty when being recovered. An empty wallet results in an error message that the seed is wrong/invalid.   

The thing about Electrum seed phrases is that their major difference is in how the seed phrase itself is generated, and not in how the seed phrase is used to generate private keys. Just like BIP39 phrases, they still get paired with a salt using any additional passphrase (if one is set), they still go through 2048 rounds of HMAC-SHA512, they still generate a 512 bit seed number, and they still derive private and public keys in the same hierarchical manner. Literally the only difference is they use the word "electrum" instead of the word "mnemonic" in the salt, and they use a different derivation path. Therefore, any open source BIP39 wallet or code (such as Ian Coleman's site) can be changed pretty trivially to accept Electrum phrases and generate the same addresses as Electrum itself would.

Not that trivially because even though it may not like it but there are two major differences between the two algorithms. BIP39 simply uses a single SHA256 as its checksum which it will append to the end of the 128-bit entropy (assuming 12 word only) while Electrum uses an actual 132-bit entropy and increments it until it finds one that has a HMACSHA512 that starts with a certain bits.
That's not even the biggest difference, the biggest is in string normalization. BIP39 uses a simple KD normalization while Electrum significantly modifies the strings if they aren't plain English words (that includes the passphrase).

I think perhaps you misread my previous comment. While everything you say is correct, it is not relevant to OP's case where he has already generated an English Electrum seed phrase and is simply looking at alternative ways to recover it. The differing checksum and version bit requirements are only relevant in generating the seed phrase as I said above, and are not relevant when it comes to turning an already generated seed phrase in to private keys and addresses.

You can take Ian Coleman's tool for example, tell it to ignore the BIP39 checksum check and swap the word "mnemonic" for the word "electrum", and it will recover standard English Electrum seed phrases just fine.

Yeah, you're right. I guess I'm just too strict about the code I write/use and "ignore" doesn't work for me. I have to have every little details about the algorithm implemented correctly and fully tested before I can use it.

look at this.
i found


https://github.com/FarCanary/ElectrumSeedTester

just llike iancoleman bip39 but it works for electrum specifically

That project is based on the original Ian Coleman BIP39 tool. There haven't been any commits in the last 2-3 years, but it should still be working. You can use it to check if your Electrum seed is correct and if it's generating the correct addresses. Just make sure to download and run it offline like you would do with Ian Coleman's tool as well.

Rather than use a tool which is 3 years out of date and forked from a version of Ian Coleman which is also 3 years out of date, better just to do it yourself with the latest version of the software, so you know you are not risking being subjected to any bugs or vulnerabilities. It takes 2 minutes to do.

Go to Ian Coleman's site and download the zip of the latest version. Extract and navigate to \src\js, and then open the file jsbip39.js with a text editor.

Navigate to line 118:
Change this line to the following:

Navigate to line 146:
Change this line to the following:

The first change tells it to ignore the checksum since you are using an Electrum seed phrase and not a BIP39 seed phrase. The second change fixes the salt that Electrum uses when turning seed phrases in to private keys. That's all you need to do. Then just go back in to the \src\ folder and run index.html, and you'll have a working Electrum seed checker.

Edit: Typo fixed, thanks.

Are you sure that this is correct? Have you tried it?

If you want to ignore the checksum it should always return true, so it should be:

In your message, it'll most likely return false if not an error. Judging from the source code, h is a string variable, not a boolean.

Judging by a post written by HCP in 2018 (https://bitcointalk.org/index.php?topic=4595261.msg41815678#msg41815678) that I bookmarked but totally forgot about, BlackHatCoiner is right and the correct function really is "return true;" According to HCP, the change makes the software accept any entered recovery phrase as a correct entry by ignoring the checksum. 

Nice attention for details BlackHatCoiner.

Another thing which wasn't mentioned above.  Even if Electrum disappeared from the internet you will always be able to download/find signed and verified Electrum versions, which will allow you to convert your SEED to something useable.

e.g. Using Electrum offline (air gap for safety) you can build a wallet easily from SEED.  Now you can open that air gap wallet and get the full PRIVATE key for any address you want to work with.  Once you have the full private key to any address you can literally move the coins using too many methods to comprehensively mention here.  No fears at all!!

An easier method (specially if you have a lot of used addresses) is to first recover the wallet from the seed phrase then go to the console and enter "getmasterprivate()" to get the master private key (xprv) with a quick search you can find the derivation path and you already know your address type.
This master key can be used in any other deterministic wallet to get the same addresses since there is no mnemonic to BIP32 seed conversion method that is specific to Electrum anymore.

Why do either of those and expose yourself to the risk of handling your raw private keys, potentially restoring them to a hot wallet, and therefore potentially exposing them to the internet and external attacks.

If you have Electrum running as an airgapped cold wallet, then better to just export the addresses you're interested in or your master public key, use something like coinb.in to create an unsigned transaction, and move it to your airgapped wallet to sign it.

All of these last few posts are simply a method of making newer users "comfortable"  knowing that should Electrum disappear (and I am betting it never will) their coins will not be stuck in the blockchain.  It takes a while for new users to realize that there are not Electrum coins or Trezor coins, or whatever.  Once they spend some time reading and learning they will figure out how easy it is to move coins many different ways.