Extending a seed with custom words

[mr angry]

When generating a seed in 2.7.x there is now an option to "extend this seed with custom words".

Is there a maximum allowable length of characters for the entire string of "custom words"?

Can I use special characters in the "custom words"?

Does it matter if I input special characters in other encodings besides UTF-8?

I believe electrum uses BIP39 for the seed generation and found this about its spec.

From mnemonic to seed

A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

[1715298462]

1715298462

[1715298462]

1715298462

[1715298462]

1715298462

[1715298462]

1715298462

[NorrisK]

I wouldn't go too much overboard trying to make it more difficult.

The normal electrum seed is already uncrackable at the moment, so if you would just add one word or string of characters at the end of the seed that is not part of the electrum seed word library (and nobody knows what word you would've used, e.g. if you are german, use a french word) it would be enough to nullify any bruteforcing using the electrum words library.

[Cereberus]

When generating a seed in 2.7.x there is now an option to "extend this seed with custom words".

Is there a maximum allowable length of characters for the entire string of "custom words"?

Can I use special characters in the "custom words"?

Does it matter if I input special characters in other encodings besides UTF-8?

I believe electrum uses BIP39 for the seed generation and found this about its spec.

From mnemonic to seed

A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

If you are generating the new wallet in a safe OS, keep your seeds safe in different places there's no need to experiment with adding custom words. Electrum is very strong as it is now and probably I never heard a hack story about it, only user forgetting their seeds. So I would say Electrum is at the top of the security in the desktop wallets area.