Bitcoin Forum
November 18, 2024, 02:31:03 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BIP39 12 and 24 seed words  (Read 352 times)
Picard78 (OP)
Member
**
Offline Offline

Activity: 68
Merit: 23


View Profile
November 13, 2020, 08:35:33 AM
 #1

Hello BitcoinTalk,

I am confused why BIP39 includes both 12 and 24 seed Phrases.  Shouldn't there be a separate BIP for each as I assume they are not compatible?  This question came to mind today because my friend asked me which wallets support 12 word phrases.

The below list outlines wallets that use BIP39.  However, there is no description which wallet uses 12 or 24 words (Why is that?)  My understanding is that Ledger uses 24 words.  Hence I assume you cannot use 12 words on the Ledger?

https://www.blockplate.com/blogs/blockplate/list-of-bip39-wallets-mnemonic-seed

Thank you
NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7389


Top Crypto Casino


View Profile WWW
November 13, 2020, 08:56:41 AM
Merited by hugeblack (2), ABCbits (1), nc50lc (1), hosseinimr93 (1)
 #2

That is because BIP39 seed phrases can carry from 128 to 256 bits of randomness (by multiples of 32 bits) internally, plus enough bits of checksum at the end to make the length divisible by 11, and every 11 bits constitutes a word (as 2^11 = 2048 possible words). Depending on the number of bits of randomness you can use, you can make 12, 15, 18, 21 or 24 word seed phrases.

I never used Ledger so you’ll have to wait for someone more knowledgeable to answer your second question.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
nc50lc
Legendary
*
Offline Offline

Activity: 2604
Merit: 6420


Self-proclaimed Genius


View Profile
November 13, 2020, 10:07:29 AM
 #3

I am confused why BIP39 includes both 12 and 24 seed Phrases.  Shouldn't there be a separate BIP for each as I assume they are not compatible?
They are compatible, as explained above, the number of words is based form the entropy size.

Quote from: Picard78
The below list outlines wallets that use BIP39.  However, there is no description which wallet uses 12 or 24 words (Why is that?)  My understanding is that Ledger uses 24 words.  Hence I assume you cannot use 12 words on the Ledger?
Ledger creates 24 words by default (IDK for older models).
But during "restore from recovery phrase", there should be an option to select how many words your recovery phrase is.
It will take any seed phrase from BIP39-supported wallets that generate BIP39 seed.

Maybe you're confused with Electrum's seed phrase which isn't BIP39 compatible.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Picard78 (OP)
Member
**
Offline Offline

Activity: 68
Merit: 23


View Profile
November 14, 2020, 06:50:13 AM
 #4

Quote
But during "restore from recovery phrase", there should be an option to select how many words your recovery phrase is.
It will take any seed phrase from BIP39-supported wallets that generate BIP39 seed.

I see that makes sense now.

Thank you for both responses.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
November 15, 2020, 09:43:43 AM
 #5

That is because BIP39 seed phrases can carry from 128 to 256 bits of randomness (by multiples of 32 bits) internally, plus enough bits of checksum at the end to make the length divisible by 11, and every 11 bits constitutes a word (as 2^11 = 2048 possible words). Depending on the number of bits of randomness you can use, you can make 12, 15, 18, 21 or 24 word seed phrases.


Afaik you can have any multiple of 3 greater than 0 and less than or equal to 24...

3 word seed phrases aren't secure but @op some wallets (electrum used to even if it's a different structure) select phrases of different lengths so you may have anywhere from 100 or so bits to 256 bits when generating a normal seed under normal circumstances (it was just averaged to the 12 words) and I think that way of doing it made it even longer to be able to bruteforce a seed if it ever became possible.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
November 15, 2020, 11:08:58 AM
 #6

3 word seed phrases aren't secure but @op some wallets (electrum used to even if it's a different structure) select phrases of different lengths
You can still do this on Electrum by using a custom wordlist. The number of bits each word represents depends on the number of words in your wordlist. Technically it is possible to use a wordlist with as few as two words, but your "seed phrase" would then be 132 words long since each word can only represent 1 bit. The length of your seed phrase becomes increasingly shorter for the same amount of entropy as your wordlist increases.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
November 15, 2020, 11:13:21 PM
Last edit: November 17, 2020, 10:46:56 AM by HCP
 #7

Afaik you can have any multiple of 3 greater than 0 and less than or equal to 24...
No. You can't have whatever you want if you want to strictly comply with BIP39.

The BIP states:
The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.

Therefore only mnemonics with 12,15,18,21 or 24 words are "strictly" BIP39 compatible as they are they only seed lengths that comply with the ENT restrictions. Anything with ENT outside of that range does not technically adhere to BIP39.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
November 16, 2020, 03:47:26 AM
Merited by aliashraf (1)
 #8

Afaik you can have any multiple of 3 greater than 0 and less than or equal to 24...

Correct, BIP 39 mention the entropy must be multiplication of 32-bits (before generate checksum and divide the entropy+cheksum by 11).
But 12 and 24 word length are the standard and there are very few wallet which can generate neither 12/24 word length mnemonic.
a bit OT but this made me thinking that if we modify BIP39 a little we can come up with some cool things. for instance we can increase the "padding" (checksum size) to not be the minimal but be the similar size as what we add to a WIF for instance (32 bits). for example for 128-bit entropy instead of padding with 4 bits we can pad with 26 bits which adds 2 more words but makes recovery A LOT faster due to far less collision. eg. recovering missing 2 words takes about an hour but with a bigger checksum it takes less than a minute.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
November 16, 2020, 09:23:38 AM
 #9

Afaik you can have any multiple of 3 greater than 0 and less than or equal to 24...

Correct, BIP 39 mention the entropy must be multiplication of 32-bits (before generate checksum and divide the entropy+cheksum by 11).
But 12 and 24 word length are the standard and there are very few wallet which can generate neither 12/24 word length mnemonic.
a bit OT but this made me thinking that if we modify BIP39 a little we can come up with some cool things. for instance we can increase the "padding" (checksum size) to not be the minimal but be the similar size as what we add to a WIF for instance (32 bits). for example for 128-bit entropy instead of padding with 4 bits we can pad with 26 bits which adds 2 more words but makes recovery A LOT faster due to far less collision. eg. recovering missing 2 words takes about an hour but with a bigger checksum it takes less than a minute.

Interesting idea, but in the end it's trade-off between security and recovery. Additionally, it's only useful when some words meant to be checksum are intact.

Yeah I can't decide if the checksum is for recovery explicitly or if it's to check you've typed the mnemonic in correctly.

It could always be offered as a way to increase the recoverability of a seed but I'm not sure how you'd lose 2 words of your phrase and still have 10 (unless you wrote it down wrong...)
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
November 16, 2020, 10:12:17 AM
 #10

Yeah I can't decide if the checksum is for recovery explicitly or if it's to check you've typed the mnemonic in correctly.
the checksum is always for error detection not recovery. recovery is like a side effect of it but it is not needed, having a checksum makes the recovery faster since it is only computation of a hash rather than 4000-8000 hashes + EC point multiplication that comes afterwards.

Quote
It could always be offered as a way to increase the recoverability of a seed but I'm not sure how you'd lose 2 words of your phrase and still have 10 (unless you wrote it down wrong...)
it is easy to damage the physical backups, for example a piece of paper that was torn or the ink faded over the years, ... it could also be bad handwriting, or simply writing the word wrong (eg. writing 11 words out of 12).

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7389


Top Crypto Casino


View Profile WWW
November 16, 2020, 11:29:07 AM
 #11

Yeah I can't decide if the checksum is for recovery explicitly or if it's to check you've typed the mnemonic in correctly.
the checksum is always for error detection not recovery. recovery is like a side effect of it but it is not needed, having a checksum makes the recovery faster since it is only computation of a hash rather than 4000-8000 hashes + EC point multiplication that comes afterwards.

Wallets are free not to verify the seed for checksum validity since it's optional in BIP39, the only thing that's preventing such a scenario is the scarcity of wallet software and that all of the existing software do this check.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
November 16, 2020, 01:16:18 PM
Merited by pooya87 (1)
 #12

Wallets are free not to verify the seed for checksum validity since it's optional in BIP39
Sure, but the checksum is still included when turning your seed phrase in to your seed number and then in to your master private keys, individual private keys, and addresses. If your wallet does not verify the checksum and lets you proceed with an incorrect checksum, then it will generate a different wallet than the same seed with the correct checksum.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
November 16, 2020, 08:20:13 PM
 #13

Sure, but the checksum is still included when turning your seed phrase in to your seed number and then in to your master private keys, individual private keys, and addresses. If your wallet does not verify the checksum and lets you proceed with an incorrect checksum, then it will generate a different wallet than the same seed with the correct checksum.
Exactly... a lot of people don't seem to understand that the bits encoded in the BIP39 mnemonic are not actually your "seed" as such... it's just "entropy"...

So, you don't generate a seed and then encode it into a mnemonic. You randomly generate the entropy and then encode that entropy into the mnemonic... then you derive the actual seed by using the PBKDF2 function, using the mnemonic and BIP39 passphrase as the "password" and "salt" parameters respectively.

Obviously, if your mnemonic is "different" because the last word changes (ie. your mnemonic still encodes the same entropy, but has a wrong checksum), the output of the PBKDF2 function will also be different (as the input changed), and you'll end up with a different seed and therefore a different wallet.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
November 17, 2020, 05:12:34 AM
Merited by bob123 (2), ABCbits (1)
 #14

Exactly... a lot of people don't seem to understand that the bits encoded in the BIP39 mnemonic are not actually your "seed" as such... it's just "entropy"...
technically in cryptography the term "seed" is referred to the random string of bits that is used as the input to a deterministic function to derive keys. so in this context the "entropy" used at the very beginning of BIP39 is indeed the "seed". then we derive what we can refer to as "BIP32 seed" or maybe a "derived seed".

for example this is how NIST defines seed for pseudo-random RNGs which is similar to what we do in BIP32/39 which are deterministic RNGs:
Noun: A string of bits that is used as input to a DRBG [Deterministic Random Bit Generator] mechanism. The seed will determine a portion of the internal state of the DRBG, and its entropy must be sufficient to support the security strength of the DRBG.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7563


Playgram - The Telegram Casino


View Profile
November 17, 2020, 09:35:28 AM
 #15

Therefore only mnemonics with 12,15,28,21 or 24 words are "strictly" BIP39 compatible...
I assume this is just a typo and you were trying to write 18, not 28.
There is also a standard with 20 seed words, I forgot what it is called. But it might not be "strictly" BIP39 compatible (as you said) so it's not mentioned that often.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
November 17, 2020, 09:47:06 AM
Merited by pooya87 (1)
 #16

-snip-
I think this is part of the problem. People use the word "seed" to refer to too many different things. Some people call the initial entropy your seed (both with and without the appended checksum), lots of people call your 12 or 24 words your seed, and some people call the 512 bit output from PBKDF2 your seed. I think it's better to use the terms entropy, seed phrase, and maybe root seed or BIP32 seed respectively for these things.

Although as you say the entropy is technically a seed for PBKDF2, it is the output of this function (the BIP32 seed) which is the seed for the function to derive your master private key, and therefore your wallet.
NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7389


Top Crypto Casino


View Profile WWW
November 17, 2020, 11:51:19 AM
 #17

So these are the terms we have so far. I'm collecting them in one place.

When someone says "seed phase" or "seed" they actually mean:

If they're talking about...They mean
List of 12 or 24 wordsMnemonic phrase
Bits encoded in the wordsEntropy
Input to a RNGEntropy
Output of PBKDF2Correct use of the word seed

(that table did not come out nicely  Huh)

I think this is part of the problem. People use the word "seed" to refer to too many different things. Some people call the initial entropy your seed (both with and without the appended checksum), lots of people call your 12 or 24 words your seed, and some people call the 512 bit output from PBKDF2 your seed. I think it's better to use the terms entropy, seed phrase, and maybe root seed or BIP32 seed respectively for these things.

We can't come up with new terms for a concept if people aren't going to use these new terms, so the best we can do is guess what they mean based on the context. If talking to someone about bitcoin, they almost always mean the mnemonic phrase, but to someone in the cryptography community, they are referring to entropy. Most bitcoiners aren't technical people and don't understand what entropy is anyway.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
November 17, 2020, 11:59:50 AM
 #18

Some people call the initial entropy your seed (both with and without the appended checksum)

Which, technically, is absolutely correct.



lots of people call your 12 or 24 words your seed

The 12/24 words (= Mnemonic Code) technically are a representation of the seed which makes it much easier for humans to write it down.
The information of the mnemonic code is the same as the information from the seed, but the data (= representation of information) is different.

This is the only statement which is wrong. The mnemonic code (or just: mnemonic) is not the same as "the" (doesn't matter which) seed.



and some people call the 512 bit output from PBKDF2 your seed.

Which, technically, is also correct since it is an pseudo-random input used for a deterministic key derivation.


o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
November 17, 2020, 12:25:10 PM
Last edit: November 17, 2020, 03:15:45 PM by o_e_l_e_o
Merited by NotATether (1)
 #19

-snip-
Technically, the "Bits encoded in the words" would be entropy + appended checksum, not just the entropy alone. I also have a firm dislike use of the term "mnemonic phrase", since mnemonics are something that are supposed to aid in remembering information, the last thing you should do with your seed phrase is rely on your memory as a back up, and a newbie might read the term mnemonic phrase and try to commit their phrase to memory.

(that table did not come out nicely  Huh)
You need to use some arbitrary character to set a column width. For example:

If they're talking about...They mean
__________________________________________________
List of 12 or 24 wordsMnemonic phrase
Bits encoded in the wordsEntropy
Input to a RNGEntropy
Output of PBKDF2Correct use of the word seed

-snip-
I never said using such terms was incorrect, only that it is confusing when people use the same word to refer to three different things. We should try to be more explicit in what we are talking about.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
November 17, 2020, 05:20:32 PM
 #20

It's like password and passphrase etc... without context it's not possible to know if it is:

- wallet password
- Bitcoin Coin wallet.dat "passphrase"
- BIP39 passphrase

The various wallet developers don't help either by using different terms for the same things... and/or the same terms to mean different things! Undecided

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!