Mnemonic phrase generation

[Charles-Tim]

Introduction
Mnemonic (seed) phrase are words that varies from 12 to 24 used in hierarchical determistic wallets as backup for wallet recovery. Normally, HD wallets automatically generate this words, but for the sake of knowing, some people will like to know how the words are generated. You can even make use of iancoleman converter to generate seed phrase and in the process, the converter also generate seed, private key and the public keys that make up a wallet, you can make use of it offline which is safer. Using iancoleman converter.

use iancoleman converter only if you have an air-gaped computer to run it on. If you plan on using the online version, only use it to verify that the process we have described above works as advertised. We do not advise inputting any mnemonic phrase you intend on actually using to back up coins into any site.

But in this case, we will generate the seed phrase ourselves which is also how wallets generate seed phrase. But this is just for the sake of knowing and not a recommended way of generating seed phrase. Seed phrase generated by hd wallet is perfect while iancoleman converter can be used by professionals.


These are the steps to generating of seed phrase.

Entropy generation
The entropy that will be generated depends on the bits used, the mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.It is allowed to be 128–256 bits to generate 12–24 phrases.

CS = ENT / 32
MS = (ENT + CS) / 11

|  ENT  | CS | ENT+CS |  MS  |
+---------+----+---------------+--------+
|   128   |  4 |      132     |  12  |
|   160   |  5 |      165     |  15  |
|   192   |  6 |      198     |  18  |
|   224   |  7 |      231     |  21  |
|   256   |  8 |      264     |  24  |

ENT= Entropy
CS= Checksum
MS= Mnemonic sentence in words

If SHA256 hash function is used, 256 bits will be produced, this is called the entropy and will be produced in hexadecimal. An example is the use of SHA256 generator.

https://passwordsgenerator.net/sha256-hash-generator/

Let us assume this entropy generated using SHA256 hash function is:
B1B826D5946769D7985A0059A294CEA2FEB47AEC28B94D0EAB2E08F4357F3A5D


The entropy generated in hexadecimal is converted to binary, this link below can be used to convert hexadecimal to binary:
https://www.mathsisfun.com/binary-decimal-hexadecimal-converter.html

Input in hexadecimal: B1B826D5946769D7985A0059A294CEA2FEB47AEC28B94D0EAB2E08F4357F3A5D

Code:

B.   1011
1.   0001
B.   1011
8.   1000
2.   0010
6.   0110
D.   1101
5.   0101
9.   1001
4.   0100
6.   0110
7.   0111
6.   0110
9.   1001
D.   1101
7.   0111
9.   1001
8.   1000
5.   0101
A.  1010
0.   0000
0.   0000
5.   0101
9.   1001
A.   1010
2.   0010
9.   1001
4.   0100
C.   1100
E.   1110
A.   1010
2.   0010
F.    1111
E.   1110
B.   1011
4.   0100
7.   0111
A.   1010
E.   1110
C.   1100
2.   0010
8.   1000
B.   1011       
9.   1001
4.   0100
D.   1101
0.   0000
E.   1110
A.   1010
B.   1011
2.   0010
E.   1110
0.   0000
8.   1000
F.   1111
4.   0100
3.   0011
5.   0101
7.   0111
F.    1111
3.    0011
A.   1010
5.    0101
D.   1101

Output in binary
1011000110111000001001101101010110010100011001110110100111010111100110000101101 0000000000101100110100010100101001100111010100010111111101011010001111010111011 0000101000101110010100110100001110101010110010111000001000111101000011010101111 1110011101001011101


Checksum generation
The hexadecimal output is inputted into this converter to get your SHA256 binary output:
https://www.fileformat.info/tool/hash.htm?hex=B1B826D5946769D7985A0059A294CEA2FEB47AEC28B94D0EAB2E08F4357F3A5D



After that, scroll down, you will see a list of outputs, among the list is the SHA256. Copy just the first two digits of that hash.
SHA-256:  2d216ce0647f35edd9f5ad6b2ba4a30ee4c9f85ce3336c4254a2c2e8a6e65633



Take the first two digit and find the binary using the converter:

Code:

2. 0010
d. 1101

Hexadecimal input: 2d
Binary output: 00101101

Append First 8 bits From the Hash to the Original 256 Bits to Get 264 Bits (entropy+checksum)
1011000110111000001001101101010110010100011001110110100111010111100110000101101 0000000000101100110100010100101001100111010100010111111101011010001111010111011 0000101000101110010100110100001110101010110010111000001000111101000011010101111 1110011101001011101 + 00101101


Divide the 264 Bits Into 24 Groups of 11 Bits

Code:

10110001101
11000001001
10110101011
00101000110
01110110100
11101011110
01100001011
01000000000
01011001101
00010100101
00110011101
01000101111
11101011010
00111101011
10110000101
00010111001
01001101000
01110101010
11001011100
00010001111
01000011010
10111111100
11101001011
10100101101

Convert binary (Base 2) to decimal (Base 10)

Code:

10110001101     1421
11000001001     1545
10110101011     1451
00101000110      326
01110110100      948
11101011110     1886
01100001011      779
01000000000      512
01011001101      717
00010100101      165
00110011101      413
01000101111       559
11101011010     1882
00111101011      491
10110000101     1413
00010111001     185
01001101000      616
01110101010      938
11001011100     1628
00010001111      143
01000011010      538
10111111100     1532
11101001011     1867
10100101101     1325

Finding out words, the words are listed numerically which are in decimal (base), then you will use the individual numbers to find out the words using BIP39 word lists.

                                          The MS in words
10110001101     1421        ranch
11000001001     1545        scissors
10110101011     1451        relief
00101000110       326        chunk
01110110100       948        island
11101011110      1886       two
01100001011        779       genuine
01000000000        512       divide
01011001101        717       flower
00010100101        165       behind
00110011101        413       crime
01000101111        559       easy
11101011010       1882       twenty
00111101011        491       diary
10110000101      1413       rack
00010111001        185       blade
01001101000        616       erupt
01110101010        938       inside
11001011100      1628       slice
00010001111        143       balcony
01000011010        538       drip
10111111100      1532      satoshi
11101001011      1867       true
10100101101      1325       pitch

Warning: This is just an example for educational purposes so you can understand what your wallet is doing. It is better to let your wallet software randomly choose your seed phrase. Do not use these websites that I have used to generate your seedphrase.


Conclusion
This is a way seed phrase are generated but just for the sake of knowing, it is not the perfect way, to generate seed phrase perfectly in a way private keys and addresses are generated with it, using normal wallet is recommended but professionals can make use of iancoleman converter, but this method option should not be used.

https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
https://privacypros.io/wallets/mnemonic-phrase##
https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
https://www.blockplate.com/blogs/blockplate/list-of-bip39-wallets-mnemonic-seed
https://privacypros.io/wallets/mnemonic-phrase##
https://medium.com/coinmonks/mnemonic-generation-bip39-simply-explained-e9ac18db9477

[1714837575]

1714837575

[1714837575]

1714837575

[1714837575]

1714837575

[1714837575]

1714837575

[1714837575]

1714837575

[Chikito]

Entropy generation

For advance user should tick Show entropy details to use that feature.

Introduction
Mnemonic (seed) phrase are words that varies from 12 to 24 used in hierarchical determistic wallets as backup for wallet recovery. Normally, HD wallets automatically generate this words,

I am using Iancoleman just for checking phrase back up from hardware wallet, that tool has passphrase also when using that option we can check the wallet address for sure. people also will like this tool because had a hundred cryptocurrencies listed, we can create a hundred coins only 1x generated.

If you plan on using the online version,

If forced to be online, just tick Hide all private info below Show entropy details.


This formula hexadecimal to Binary

Code:

0	0000
1	0001
2	0010
3	0011
4	0100
5	0101
6	0110
7	0111
8	1000
9	1001
A	1010
B	1011
C	1100
D	1101
E	1110
F	1111

Or using excel or spreadsheet offline using this formula

Binary to hexadecimal

Code:

=BIN2HEX(number)

Hexadecimal to Binary

Code:

=HEX2BIN (number)

Decimal to Binary

Code:

=DEC2BIN (number)

Hexadecimal to Binary

Code:

=HEX2DEC (number)

etc..

[o_e_l_e_o]

I definitely wouldn't use a hash function to generate your entropy. Doing so means your wallet is only secure as whatever word, phrase, or string you use as the input to said hash function. If I hash the word "hello" and use the output to generate a seed phrase, it doesn't magically become secure with 256 bits of entropy. The maximum entropy is the entropy of my input - in this case about 23.5 bits - which is very insecure.

Also, when matching binary numbers to the wordlist, you have to add one. This is because the binary numbers start at 00000000000, which is obviously 0 in decimal, whereas the wordlist starts at 1. For example, 1421 encodes "random", not "ranch".

[odolvlobo]

...
If SHA256 hash function is used, 256 bits will be produced, this is called the entropy and will be produced in hexadecimal. An example is the use of SHA256 generator.

https://passwordsgenerator.net/sha256-hash-generator/

Let us assume this entropy generated using SHA256 hash function is:
B1B826D5946769D7985A0059A294CEA2FEB47AEC28B94D0EAB2E08F4357F3A5D

Sorry for being pedantic, but SHA-256 doesn't generate entropy. Entropy is generated from a random source.

Using a SHA-256 hash of a passphrase as a seed is a very bad idea and there is a good possibility that it will result in the loss of your bitcoins.

[witcher_sense]

The entropy generated in hexadecimal is converted to binary, this link below can be used to convert hexadecimal to binary:
https://www.mathsisfun.com/binary-decimal-hexadecimal-converter.html

Converting between different number systems manually is not a trivial task I know, human mistakes may take place. However, when you converting sensitive data like generated entropy using online converters, you put it at risk to be exposed, intercepted, stolen, seized, etc... All your security now depends not only on the data you used to gain 256 hash, but also on tiny online tool you used to create your most important private binary number and seed phrase.

[Lucius]

I am using Iancoleman just for checking phrase back up from hardware wallet, that tool has passphrase also when using that option we can check the wallet address for sure. people also will like this tool because had a hundred cryptocurrencies listed, we can create a hundred coins only 1x generated.

A much safer way to check your seed is to reset your hardware wallet after generating it, and to do a wallet recovery with the same seed and then compare if you get the same addresses. Ledger also has a seed check app, which means that the seed never has to physically leave the device to be verified - and all other methods, including the one you mention, carry some risk, even if the tool is used offline.

[o_e_l_e_o]

However, when you converting sensitive data like generated entropy using online converters, you put it at risk to be exposed, intercepted, stolen, seized, etc.

Agreed. If you want to do this securely, you don't need to touch hexadecimal at all. Flip a coin 256 times, call "heads" one and call "tails" zero, and you have your entropy. You should also use your airgapped operating system's hash function. Inputting your entropy in to an online website to calculate the checksum is just as bad as typing your seed in to a random website.

A much safer way to check your seed is to reset your hardware wallet after generating it, and to do a wallet recovery with the same seed and then compare if you get the same addresses.

Checking your seed phrase on the same device that generated only verifies that you have not made any errors when writing it down. It does nothing to verify that the seed phrase was generated randomly, or the addresses you are being shown are genuinely derived from the phrase you entered.

[Charles-Tim]

I definitely wouldn't use a hash function to generate your entropy

You are right, I indicated it before that the best way is to use normal wallet but for professional case that you can use iancoleman converter, that using the above method is not recommended.

But in this case, we will generate the seed phrase ourselves which is also how wallets generate seed phrase. But this is just for the sake of knowing and not a recommended way of generating seed phrase. Seed phrase generated by hd wallet is perfect while iancoleman converter can be used by professionals.

Also, when matching binary numbers to the wordlist, you have to add one. This is because the binary numbers start at 00000000000, which is obviously 0 in decimal, whereas the wordlist starts at 1. For example, 1421 encodes "random", not "ranch".

Thanks, I will include that
https://privacypros.io/wallets/mnemonic-phrase##
If it starts listing the words with number one, you need to add +1 to each number you just calculated to find the corresponding word. If your list begins with zero, you do not need to change anything

You should also use your airgapped operating system's hash function. Inputting your entropy in to an online website to calculate the checksum is just as bad as typing your seed in to a random website.

I also indicated that above.
use iancoleman converter only if you have an air-gaped computer to run it on. If you plan on using the online version, only use it to verify that the process we have described above works as advertised. We do not advise inputting any mnemonic phrase you intend on actually using to back up coins into any site.
Iancoleman converter can work offline too.

Agree, generate the 256-bit long entropy at that hash-generator is a bad (almost impracticable) idea. Providing there is an  intensive interactions between user and system the best way to do it is to pull entropy out directly from  device (/dev/urandom).

P.S. Recommended to everyone for reading:  https://hackaday.com/2017/11/02/what-is-entropy-and-how-do-i-get-more-of-it/

I get your point, although I have already indicated that before. But i am confused, did you also mean not to generate such using iancoleman converter? You can use it on airgapped device without connecting online.

[o_e_l_e_o]

The issue with using SHA256 to generate your entropy is not only that you are doing it in an online environment, but that SHA256 does not produce a random number. SHA256 produces a very specific number depending on the input, which is reproducible by anybody.

As such, your entropy is not really entropy. It is calculated exactly from whatever you input in to the hash function, which since it will be chosen by you, will not be random and therefore will not be secure. Although the result of your SHA256 hash is a 256 bit number, it is not 256 bits of entropy, and is only as secure as whatever you inputted in to the hash function. If someone else can guess or brute force your input, then they can reproduce your wallet and steal your coins.

Using a SHA256 hash of a word or phrase to generate a wallet is no better than a brain wallet. Entropy should be generated randomly, either using a random number generator or a random process such as flipping a coin or rolling dice.

[witcher_sense]

After all of that discussion above, I have been thinking about possibilities of usage of hash functions for generating entropy. What if instead of using SHA-256 function only once, we repeat hashing process as many times as we consider suitable. Does it decrease or increase the degree of randomness of entropy? Was trying to google my question, but there was too much formulas in all explanations I found, it doesn't make it easier to comprehend theory behind, especially, for non-really technical people like myself. Can someone explain things in plain English, in layman terms?

[pooya87]

no matter how much you try, SHA256 should not be used to produce entropy because whether you use it once or a hundred times in a row the input that the user enters (the data that is supposed to be hashed) is not sufficiently random in almost all cases which makes the result not-random enough. also SHA256, like all hash algorithms, is extremely fast as it should be. so computing a rainbow table of the most common inputs (passphrases) users use is going to be very easy even with high number of repeated hashing.

if the input (data you hash) is sufficiently random then there is no need to use SHA256, simply create a longer random input and use that as entropy. for example by flipping a coin 256 times or rolling a 16-sided dice 64 times.

[Charles-Tim]

After all of that discussion above, I have been thinking about possibilities of usage of hash functions for generating entropy. What if instead of using SHA-256 function only once, we repeat hashing process as many times as we consider suitable. Does it decrease or increase the degree of randomness of entropy? Was trying to google my question, but there was too much formulas in all explanations I found, it doesn't make it easier to comprehend theory behind, especially, for non-really technical people like myself. Can someone explain things in plain English, in layman terms?

I will suggest you use random number generator instead of the use of a coin. This is just to explain how seed phrase are generated, trying it is not advisable but only for knowledge sake, using SHA256 hash function is not safe.

[Charles-Tim]

pooya87, o_e_l_e_o and other other experience members, I know how to generate entropy and the use of a coin will be good but what about generating checksum? I use this converter

https://www.fileformat.info/tool/hash.htm?hex=67BC43E9A924B4E066E0A090E4D2E8F2F1E156EFD66F5517991D61FD16163F4D

It is online and I believe it is not safe that way, how can I do this offline? Or, how can I generate the checksum safely?

[pooya87]

It is online and I believe it is not safe that way, how can I do this offline? Or, how can I generate the checksum safely?

you are right about that site not being safe.
as for an offline alternative, under Linux you can use the terminal to compute SHA256 hash of the hexadecimal input then manually select the appropriate number of bits and add it to the entropy you had.
to compute hash of hexadecimal input you may have some trouble since the commands expect ASCII input.
this command should work (although you should test it since i am no Linux expert):

Code:

echo -n ENTROPY_HERE | xxd -r -p | shasum -b | awk '{print $1}'

ref: https://stackoverflow.com/questions/23030200/bash-sha1-with-hex-input
and: https://stackoverflow.com/questions/1604765/how-to-convert-hex-to-ascii-characters-in-the-linux-shell

[Charles-Tim]

It is online and I believe it is not safe that way, how can I do this offline? Or, how can I generate the checksum safely?

you are right about that site not being safe.
as for an offline alternative, under Linux you can use the terminal to compute SHA256 hash of the hexadecimal input then manually select the appropriate number of bits and add it to the entropy you had.

I just get it right now, that means even I can use throwing a coin up and using one side as 0 and other as 1 can even generate the checksum randomly.

[o_e_l_e_o]

But there is no such physical coin

If the coin is your issue, then there are other ways you can generate entropy manually. You can roll casino-grade dice, or you can shuffle a pack of cards.

can even generate the checksum randomly.

You cannot generate a checksum randomly as doing so defeats the point of the checksum. The checksum is exactly generated from the rest of the number. Did you mean to say you can generate the checksum manually or offline?

[Charles-Tim]

Did you mean to say you can generate the checksum manually or offline?

Yes, if there is a way to generate checksum offline. I will appreciate your reply.

[o_e_l_e_o]

Yes, if there is a way to generate checksum offline. I will appreciate your reply.

There are multiple options. You can use your operating system's built in hashing functions as pooya has explained above. For Windows, you can use the CertUtil command. Extract the relevant number of bits and then map to the wordlist.

If you want to keep it super simple, then you could download the Ian Coleman site, run it on an airgapped computer, key in your entropy, and it will generate the checksum for you automatically.

Any time i have done it myself, I've just used OpenSSL.