Manually generate a mnemonic for ledger nano s

[reddon]

Hi,

i will shorty receive my ledger nano s and i am try to be as much paranoid as possible. 

So, i don't fully understand the details about the mnemonic generation on the device, but it must somehow interact with my computer to collect any kind of entropy for the mnemonic words. Being paranoid means, i don't trust this approach and i would like to generate the mnemonic myself. Should be a little work, but not impossible. I just print out the full 2048 words list and flip coins to get a word from the list. Should be 11 coin flips each word times 23 = 253 coin flips. Totally doable.

Problem is, the 24th word is a checksum. Can anyone help me how to get this checksum manually? Is that even possible? I don't want to use any electronics at all...

Thanks in advance.

[1714918927]

1714918927

[1714918927]

1714918927

[1714918927]

1714918927

[HCP]

That's not generally how the checksum is created, you don't pick the first 23 words and then work out the checksum. The checksum is calculated from the SHA256 of the original "seed"...

As per BIP39 (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic) we start with our Entropy (ENT) which is between 128 and 256 bits... 24 word mnemonic sentence uses 256 bits. The checksum is calculated by generating the SHA256 of our original ENT and then taking the first ENT/32 bits (in the case of 256bits => 256/32 = 8 bit checksum)...

So we now have 256bits ENT + 8bits Checksum giving us 264 bits in total... This is simply broken down in groups of 11 bits => number between 0-2047 => index of word in the wordlist.

You could, flip a coin 256 times, Heads=0, Tails=1... to get your 256bits of "ENT" and then follow the rest of the method... Although, calculating a SHA256 by hand is going to be mighty difficult. It took this guy 16 minutes and 45 seconds to do 1x round of the SHA256 algorithm, and you need to do 64 rounds to generate the final SHA256. You can see the video here: https://www.youtube.com/watch?v=y3dqhixzGVo

You might need to rethink the "don't want to use any electronics at all" approach, unless you're good with Binary, Hex and have a lot of spare time

[reddon]

Thank you very much for the clarification.
Expected something like that. The fact that i found no tutorial for such approach should have it made clear in first place. ;-)

[achow101]

So, i don't fully understand the details about the mnemonic generation on the device, but it must somehow interact with my computer to collect any kind of entropy for the mnemonic words.

The Ledger Nano S does not communicate with your computer or retrieve any data from it during the setup phase, which includes seed generation. The secure element on the Ledger (an url=http://www.st.com/en/secure-mcus/st31h320.html]STMicroelectronics ST31H320[/url] chip) has its own AIS-31 Class PTG.2 compliant true random number generator (you can look up what the spec for that is). This TRNG has its own entropy source(s) and does not need anything from your computer except power. You should be able to just connect your Ledger Nano S to your computer using a power-only USB cable and it will still work.

[Albert_Jr]

If you need to generate mnemonic recover phrase, then this might be the tool you need.

[Zellko]

Hello everyone,

Sorry to dig out this topic, but I'm in more or less the same situation than the OP and I'm not able to find a clear, step by step guide how to create a 24 words BIP39 seed.

So, I have a Ledger Nano S, and:

• I don't want to trust Ledger seed generation. Let's assume that the Ledger could be pre-seeded
  
• I also don't want to use seed generator as https://iancoleman.io/bip39 for the same reason

So, I create my Entropy by doing my 256 coins flips, what I have to do next to end-up with a valid 24 words mnemonic ?

Thanks!

[HCP]

So, I create my Entropy by doing my 256 coins flips, what I have to do next to end-up with a valid 24 words mnemonic ?

Try reading and following the process as described in BIP39:

First, an initial entropy of ENT bits is generated. A checksum is generated by taking the first

ENT / 32
bits of its SHA256 hash. This checksum is appended to the end of the initial entropy. Next, these concatenated bits are split into groups of 11 bits, each encoding a number from 0-2047, serving as an index into a wordlist. Finally, we convert these numbers into words and use the joined words as a mnemonic sentence.

So the process would be:
1. Take your 256 bits of ENT (your coin fips), calculate the SHA256 hash, and then calculate the checksum which is the first 8 bits (256/32) from the hash.
2. Add those 8 bits to the END of your 256 flips, you now have a total of 264 bits
3. Divide into 11 bit chunks, you'll get 24x 11 bit sequences
4. Convert each 11 bit sequence into a decimal number. ie. 10011101101 => 1261
5. Lookup the number in the 2048 word list. NOTE: The list as displayed on GitHub is indexed from 1-2048, but the numbers you are generating are from 0-2047, so you need to add one to your converted decimal number to match the github list... so, 1261 + 1 = 1262 => oval
6. Repeat Steps 4. and 5. until you have converted all 24 chunks into words.

Congrats, you now have a 24 word seed mnemonic generated from coin flips.

[Stonetium]

Hi,

i will shorty receive my ledger nano s and i am try to be as much paranoid as possible. 

So, i don't fully understand the details about the mnemonic generation on the device, but it must somehow interact with my computer to collect any kind of entropy for the mnemonic words. Being paranoid means, i don't trust this approach and i would like to generate the mnemonic myself. Should be a little work, but not impossible. I just print out the full 2048 words list and flip coins to get a word from the list. Should be 11 coin flips each word times 23 = 253 coin flips. Totally doable.

Problem is, the 24th word is a checksum. Can anyone help me how to get this checksum manually? Is that even possible? I don't want to use any electronics at all...

Thanks in advance.

In case you didnt, make sure you get it straight from the website. Careful of 3rd party buyers

[Zellko]

So the process would be:
1. Take your 256 bits of ENT (your coin fips), calculate the SHA256 hash, and then calculate the checksum which is the first 8 bits (256/32) from the hash.
2. Add those 8 bits to the END of your 256 flips, you now have a total of 264 bits
3. Divide into 11 bit chunks, you'll get 24x 11 bit sequences
4. Convert each 11 bit sequence into a decimal number. ie. 10011101101 => 1261
5. Lookup the number in the 2048 word list. NOTE: The list as displayed on GitHub is indexed from 1-2048, but the numbers you are generating are from 0-2047, so you need to add one to your converted decimal number to match the github list... so, 1261 + 1 = 1262 => oval
6. Repeat Steps 4. and 5. until you have converted all 24 chunks into words.

Congrats, you now have a 24 word seed mnemonic generated from coin flips.

Hi again,

Thanks a lot for your clear explanation, it's easier than what I expected. I tried it with an online generated ENT and I was able to generate a valid seed 

Now let's do it for real with coin flip!