Adding a seed phrase to your wallet on Electrum?

[nc50lc]

How does this work? Because i guess that if i try to import a seed phrase to another wallet, -snip-

It's just a fancy term used by Electrum, but that's the same as a "BIP39 Passphrase".
There's a "standards" to that which every wallet that supports BIP39 standard should've implemented (standard=the majority is doing the exact same thing)
So you can expect every wallet that support BIP39 seed to support the passphrase unless it's badly written.

I can see that your script creates BIP39 seed, so only apply the logic above to it since Electrum doesn't follow that standard on its native seed phrase.
However, it uses BIP39 standard to restore when 'BIP39 seed' is ticked in the options.

How does that work?
When deriving the seed from the mnemonic phrase, the words are passed throught 2048 rounds of HMAC-SHA512 as 'password' and the string "mnemonic" as salt.
But if you set a "Custom Word" or BIP39 passphrase, that salt will be extended to "mnemonic<your_passphrase>".
Given that the salt is different in the latter, the computed seed will be different from the former. (as they explained in the previous replies)

Note: The "seed" isn't your 12 words, the mnemonic is your 12 words. It's the HDSeed used to create your master private key.

[Cricktor]

How does this work? Because i guess that if i try to import a seed phrase to another wallet, let's say "BitcoinCore" i don't think they will support the extension of custom words i added to my seed phrase?

Bitcoin Core is not a suitable example here as it doesn't use the concept of mnemonic recovery words. In core you could import descriptors based on a master private key (xpriv) which itself is derived from a set of mnemonic recovery words and an optional mnemonic passphrase.

Sometimes a pictures allows things to sink in better. What nc50lc is speaking of, you can find in the BIP32 Root Key Derivation


Source: https://raw.githubusercontent.com/EAWF/BTC-Toolbox/3938785f186c76598989cc0aa017ad351483d3b1/Images/KeyDerivationTechnicalOverview.png

So, wallets that do implement BIP39 without bugs should all derive the same Master Private Key from a same set of mnemonic recovery words and an optional mnemonic passphrase.

The devil may be in the details and I can't recall from the top of my head what BIP39 says about input sanitation (if any!) for the optional mnemonic passphrase. E.g. a trailing space should be perfectly valid, but what about two or more spaces? Are they sanitized to one space or not?

I did some experiments long time ago with Electrum but unfortunately can't recall the results either. What I remember was something surprises me... will need to repeat and document results better.

[Forsyth Jones]

Thanks.

I hope is not too off-topic but regarding "Custom Word extensions" to the seed phrase.

How does this work? Because i guess that if i try to import a seed phrase to another wallet, let's say "BitcoinCore" i don't think they will support the extension of custom words i added to my seed phrase?

The extension word is a password that together with the electrum seed phrase will create a new completely unique wallet that is only accessible with the seed phrase + custom word which is also known as a Passphrase, each wallet gives a name to it , but the technical term is Passphrase (salt).

Electrum generates seed phrases different from the BIP39 standard, so only Electrum and some wallets like Sparrow wallet and bluewallet provide support for the electrum seed phrase standard.

Bitcoin core works differently in relation to wallet generation, it follows the BIP32 standard which generates a seed, but the seed does not encode BIP39 words, Bitcoin core uses descriptors.

If you want, you can import the same electrum wallet or a BIP39 wallet with or without passphrase via descriptor. You must import using the wallet's xpriv, knowing xpriv it is possible to import into Bitcoin core.

[hosseinimr93]

Electrum generates seed phrases different from the BIP39 standard, so only Electrum and some wallets like Sparrow wallet and bluewallet provide support for the electrum seed phrase standard.

As far as I know, the only wallet that supports electrum seed phrase is bluewallet.
If you want to import your electrum wallet to Sparrow, you have to import the wallet file. You can't import the seed phrase that has been generated by electrum to Sparrow.

[NotATether]

You can't "add" a seed phrase to a private key because it only works the other way around, cryptographically speaking.

A seed phrase generates an extended private key which in turn can generate more private keys, and other extended private keys.

[khaled0111]

The extension word is a password that together with the electrum seed phrase will create a new completely unique wallet that is only accessible with the seed phrase + custom word which is also known as a Passphrase, each wallet gives a name to it , but the technical term is Passphrase (salt).

It's true that when extending the seed with a passphrase, we will get a completely different wallet but, technically, it's not a password. A password is used to encrypt the seed or the wallet file while the passphrase is part of the seed itself.

However, it's worth noting that extending the seed with a passphrase is not going to add much security if it's not too complex or if it's stored with the seed in the same place.

[Forsyth Jones]

As far as I know, the only wallet that supports electrum seed phrase is bluewallet.
If you want to import your electrum wallet to Sparrow, you have to import the wallet file. You can't import the seed phrase that has been generated by electrum to Sparrow.

You're right, I just did the test here, to import an electrum wallet into sparrow, only with the keystore file. Another point worth highlighting is that Sparrow does not import electrum keystore derived from a BIP39 seed (imported)

It's true that when extending the seed with a passphrase, we will get a completely different wallet but, technically, it's not a password. A password is used to encrypt the seed or the wallet file while the passphrase is part of the seed itself.

However, it's worth noting that extending the seed with a passphrase is not going to add much security if it's not too complex or if it's stored with the seed in the same place.

You may be right about the term.

[Yamane_Keto]

You're right, I just did the test here, to import an electrum wallet into sparrow, only with the keystore file. Another point worth highlighting is that Sparrow does not import electrum keystore derived from a BIP39 seed (imported)

Does anyone know why?
There are some libraries that can be used to convert electrum seed to XPRV seed and then it can be used with any BIP32 wallet.

However, it's worth noting that extending the seed with a passphrase is not going to add much security if it's not too complex or if it's stored with the seed in the same place.

The main benefit of passphrase is for physical attacks.

[Z-tight]

However, it's worth noting that extending the seed with a passphrase is not going to add much security if it's not too complex or if it's stored with the seed in the same place.

Yeah, that is true, if you set a BIP39 passphrase, it must be one that is difficult to bruteforce, it isn't recommended to set a passphrase that is easy for you to remember or memorize, as some newbies might do, because if it is easy for you to memorize, it would probably be easy for an attacker who already has your seed phrase to bruteforce. It should be a strong passphrase and then backed up in a different location from the seed phrase, that's when it can be useful in protecting ones funds.

[Cricktor]

The main benefit of passphrase is for physical attacks.

That's one option to have plausible deniability (if done right) with a sacrificial wallet for an empty mnemonic passphrase, while your main wallet(s) are hidden behind complex strong different mnemonic passphrase(s). Of course, you can't store a physical backup of your mnemonic passphrase any near your wallet or its mnemonic recovery words. Good separation is key here.

Another important option is to hide your main wallet should your separate storage location of your physical backup of your recovery words become compromised. The sacrificial wallet with the empty mnemonic passphrase could act as a canary when it's emptied by a thief.

I don't recommend to try to memorize your optional mnemonic passphrase(s). Sooner or later your memory will fail you and you'll be screwed if your wet memory was your only backup. Always have one or more physical (non-digital) backups, completely separate from your wallet's mnemonic recovery words.

[Yamane_Keto]

The main benefit of passphrase is for physical attacks.

That's one option to have plausible deniability (if done right) with a sacrificial wallet for an empty mnemonic passphrase, while your main wallet(s) are hidden behind complex strong different mnemonic passphrase(s). Of course, you can't store a physical backup of your mnemonic passphrase any near your wallet or its mnemonic recovery words. Good separation is key here.

I partially agree, 12 words are entropically secure so adding an extra passphrase won't change anything, making the passphrase complex will increase the chance of losing access your bitcoin.

creating a passphrase of 3-5 words is a compromise in case you forget it and it's also an ideal solution for physical attacks, will delay whoever manages to find the wallet seed for a short time until you can send bitcoin from another wallet.

If you forget it, the cost of brute force will not be expensive.

[satscraper]

12 words are entropically secure so adding an extra passphrase won't change anything,

unless your SEED is in the hands of stranger. Should this happen an extra passphrase would safe your life. For those who have multiple backups which at the same time are geographically distant the passphrase added to SEED may serve as a lifesaver which will assure their  sleep well at night.

[Forsyth Jones]

That's one option to have plausible deniability (if done right) with a sacrificial wallet for an empty mnemonic passphrase, while your main wallet(s) are hidden behind complex strong different mnemonic passphrase(s). Of course, you can't store a physical backup of your mnemonic passphrase any near your wallet or its mnemonic recovery words. Good separation is key here.

Another important option is to hide your main wallet should your separate storage location of your physical backup of your recovery words become compromised. The sacrificial wallet with the empty mnemonic passphrase could act as a canary when it's emptied by a thief.

I don't recommend to try to memorize your optional mnemonic passphrase(s). Sooner or later your memory will fail you and you'll be screwed if your wet memory was your only backup. Always have one or more physical (non-digital) backups, completely separate from your wallet's mnemonic recovery words.

Another point to note is that the wallet without a passphrase is a decoy wallet, a plausible deniability in cases where we are forced to provide it, but what if the attacker notices that it's a decoy wallet? He may not find it sufficient and will want you to provide another wallet.

For example, if the decoy wallet is only topped up once, this may raise suspicion, so I think it's a good strategy to keep some funds there.

[Cricktor]

I'm guilty of not providing any details to what I wrote "if done right" regarding the decoy wallet. Needless to say that you need to disconnect carefully your main stash from coins of your decoy wallet. It's imperative that you have to break the link between both wallets!

A single transaction funding the decoy wallet isn't very convincing, that's a given. Don't be like Scrooge McDuck with your decoy wallet, little "pennies" in your decoy wallet don't look convincing, too. A few transactions over time and in parallel to your "main" stash from exchanges which don't reveal your other transactions might make up a reasonable history. Just be careful to avoid linking wallets!

The amount in the decoy wallet should hurt you a bit which may help to convince the attacker that you're a small shrimp. (If you don't keep a low profile about your crypto stash, you're just stupid. Good luck then with any physical attacker...)

And I wish anybody that your decoy wallet isn't ever needed as true decoy!