I actually hate the term "mnemonic", and prefer to use term "seed phrase" whenever possible. Mnemonics are memory aids for things you should memorize, and the last thing you should do with your seed phrase is rely on your memory as a back up. Using the term "mnemonic" is very misleading to newbies.

Your numbers are the wrong way round. It's 2048^12 combinations.

I'm not entirely sure what you mean here. Why 5 hours?

The Electrum slider has three settings - ETA, mempool, and static. With the slider all the way to the left, these give the options of within 25 blocks, 10 MB from the tip, or 1 sat/byte. If you want the cheapest possible fee, then choose static and select 1 sat/byte.

I don't follow the logic of putting these files in the USB drive. If you put your wallet on the USB and then move the USB back and forth between your two devices, including the one which has internet access, then you have completely negated the whole point of an airgapped setup.

For transferring transactions back and forth, the most preferable solution is to use QR codes and a webcam, to eliminate the possibility of accidentally transferring malware or your private keys on the USB drive. You can buy a Raspberry Pi camera module for $25.

Not the first time I've linked to this post: Breaking Mixing Services

The thesis included in the post is a great read, not just from the breaking mixers point of view, but also as a general education about how most mixing services work. The TL;DR is that every mixer except ChipMixer can be broken to various degrees.

They very well might. And they can quite easily prevent an exchange from operating in your country unless they cough up the information, which will be more than enough for most exchanges to roll over and hand over all your details. Even if this never happens, the fact remains that it could happen at any time. There is no good reason to use a log keeping exchange to inadequately mix coins when you can do so more privately and cheaper by using a good mixer.

Fair points. It's not just the vulnerability itself which makes me wary of Trezor products, though, but also their response to it. They have very much tried to down play it, saying that everyone should be using a passphrase anyway and so the attack doesn't matter, when they know full well that only a minority of advanced users use passphrases, and only a minority of them use a passphrase which is long and complex enough to match the security of a seed phrase. Nowhere on their main website does it tell people they should be using a passphrase, and nowhere in their new user set up guide does it tell people to use a passphrase. That doesn't reassure me that they would be open and honest about other critical vulnerabilities.

If your use case of a hardware wallets is as cold storage which you only ever use in the privacy of your own home, then sure, this attack vector is incredibly unlikely. But if your use case is carrying it with you everywhere you go and frequently using it in public to buy goods and make transactions, then this attack vector potential makes them more risky than a simple mobile wallet.

The issue is that hardware wallets are not the panacea that they are marketed as. They are marketed as this perfect balance between security and ease of use, as being as secure or even more secure than airgapped cold storage, and certainly as being far easier to use, especially for newbies. While I'll admit they are easier to use, in many cases their security is vastly inferior. Trezor devices have an unfixable vulnerability which allows the seed phrase to be extracted. Ledger leaked a database of full names and addresses of 270,000 customers. We can not (and should not) rely on these third party wallet manufacturers for our security.

The remaining options are unsatisfactory for newbies, however. Software wallets are easy to use, but not very secure. Airgapped cold storage and paper wallets are very secure, but not easy to use.

Other.

I'll keep regularly buying bitcoin, I'll keep regularly spending and using bitcoin, and I'll keep regularly putting some of what I buy in to long term cold storage. Bitcoin wasn't designed just to be held long term or as a medium to buy and trade altcoins - it was a designed as a currency, and I'll keep using it as a currency regardless of what its fiat price is.

Dash is not anonymous by any stretch of the imagination.

Monero is a good intermediary coin, but converting from Bitcoin to Monero and straight back again achieves very little. If you use the same exchange or swap service to do that, then it is entirely obvious to them what you have done, and they will keep logs of these transactions. If you want something approaching actual anonymity using this method, then you need to swap Bitcoin for Monero, move the Monero in multiple transactions of different amounts with intermediary hops (as many as possible over as long as possible) to a new wallet, and then swap it back for Bitcoin again in multiple transactions of different amounts, and do all of that over Tor.

While this is a very good method, it is also time consuming and complicated, and so most people will use a mixer or coinjoin instead.

Instructions unclear. Now have enemies with benefits.

Wait. Is the advice "Keep your enemies closer" not literal? Next you'll be telling me I don't need to eat an apple every day!

For a 24 word phrase, there is 8 bits of checksum. 8 bits is 256 different combinations. So for any specific 8 bits, only 1 in every 256 words will produce a matching checksum. If we take 1 in every 256 words, then for 2048 words there will be 8 possibilities.

We don't know which 8 words are the ones you want. What you do is replace your missing word with each word of the possible 2048 words and calculate the checksum. If the checksum does not match, then you can discard that word. For the 8 words which do producing a matching checksum, you run through the process of PBKDF2, HMAC-SHA512, etc. as I outlined above.

Without a checksum, you would have to run through this lengthy process of PBKDF2, HMAC-SHA512, etc. for all 2048 words.

I plead the fifth.

This is not correct. Coinbase monitor all withdrawals from their exchange and employ advanced blockchain analysis technology to track these coins and the people who bought them. If OP bought from Coinbase and wants privacy, then he absolutely must take action here.

This is also not correct. All exchanges, be they KYC or non-KYC, keep logs of deposits, trades, withdrawals, etc., and can be forced at any time to hand that over to governments, law enforcement, three letter agencies, or anyone else who comes knocking or offers to pay. Using exchanges to "mix" coins is probably making your privacy worse, not better. Using real mixers is also for anyone who wants privacy - it has nothing to do with whether the coins were obtained legally or not.

---

The best advice given in this thread is from ranochigo. If you want to break the link between your coins and your real identity, then you need to use a service which is designed for doing just that, such as ChipMixer to mix your coins, or Wasabi Wallet to CoinJoin them.

Buy Bitcoin BTC

Nobody is trying to brute force wallets by coming up with random combinations of 256 bits and then turning them in to seed phrases, which is essentially just creating endless numbers of new wallets and checking for a collision. Or at least if they are, then they are idiots who are completely wasting their time. The reason people talk about brute forcing seed phrases is because that is generally the format in which people back up their wallets, and so that is generally the format in which we end up with incomplete back ups or partially compromised back ups which require brute forcing.

Let's say I am missing 1 word but I haven't used a checksum. For each of the 2048 possibilities, I have to insert the possible word, run through 2048 rounds of PBKDF2, various rounds of HMAC-SHA512 as dictated by the derivation path to reach the relevant private key, elliptic curve multiplication to derive the public key, and then SHA256, RIPEMD-160, and another two SHA256s to find the address, and then look the address up to check for balance.

Now let's say I am missing 1 word out of a 24 word seed phrase, and I have used a checksum. Out of the 2048 possible words, 2040 will not produce the correct checksum, and so can be immediately discarded. Therefore I only have to perform all the above operations 8 times rather than 2048 times.

The more words you are missing, the large the disparity between checksum and no checksum.

Have you two finally achieved flux capacitor synchrony? I've not been waiting for this moment!

---

Furthermore, I would like to file a complaint. I have been cycling all year and I still do not have thighs which can crush my enemies' heads a watermelon. Please advise.

Since we are talking about an Electrum seed phrase, then restoring the wrong derivation path, wrong address type, 2FA, etc. are all non-issues, since Electrum seed phrases have their specifications built in.

Restore your wallet with the seed phrase and check the addresses tab. If the addresses are correct and match the addresses in your watch-only wallet but are not showing any balance, then it's simply a sync issue. If the addresses are incorrect, then you have restored the wrong wallet. In that case the issue is either you chose to "Extend this seed with custom words" and have forgotten to enter them, or are restoring the wrong seed phrase altogether.

A full public key is 130 hexadecimal characters, which corresponds to 520 bits. This is composed of the following three things concatenated (joined) together:


A compressed public key is 66 hexadecimal characters, which corresponds to 264 bits. This is composed of the following two things concatenated together:


Because of the nature of the elliptic curve that bitcoin uses, each x coordinate can produce two valid y coordinates, one of which will be even and one of which will be odd. Knowing the x coordinate and whether y is even or odd allows you to calculate the correct y coordinate.

---

If you don't care about the steps and just want the final result, then the link BlackHatCoiner shared above - https://iancoleman.io/bitcoin-key-compression/ - might be better, since it will automatically compress or uncompress your public key and provide both addresses.

I see from a blockexplorer that you are now managing to consolidate your inputs. Be aware that although 1 sat/vbyte transactions are currently being mined, there is a back log of 38 MB of 1 sat/vbyte transactions sitting in the mempool, so your most recent transaction might take a long time to confirm. Not a problem if you are not in hurry, but if you are then since you have enabled RBF you can bump the fee up to 2 sat/vbyte which at time of writing would get you in to the next block.

I also see you were still receiving inputs on that address up until a few months ago. I don't know which mining pool you were/are mining with, but you should see if you can decrease the frequency of payouts. Paying 0.001 BTC several times a week, and sometimes several times a day, is an incredibly inefficient way to use bitcoin, as you are now finding out. A couple of payments a month of 0.01 BTC instead would have saved you 90% of the fees you are going to end up paying here.