Bitcoin Forum
March 29, 2024, 06:50:17 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Does this kind of wallet generated by electrum word seeds have any flaw?  (Read 119 times)
Saltius (OP)
Member
**
Offline Offline

Activity: 166
Merit: 16


View Profile
April 13, 2021, 03:29:09 AM
Merited by hugeblack (2), o_e_l_e_o (2)
 #1

I have setuped an offline electrum standard wallet years before(Lagacy one, segwit not supported). I have written down the 12 word seeds as backup.
Days ago, I tried to generate a bipxx standard wallet on electrum by these seeds.
Of coz these electrum 12 word seeds won't match the checksum required by bip39.
So I picked the first 11 words then added another word picked randomly by myself from the bip39 2048 word list. I picked that last word about 20+ times to pick up one just meet the checksum with the first 11 words.
Then I choose 84/0/0 path to generate a bip84 native segwit supported wallet.

So my question is does this wallet generated by above steps have any flaw? (Say, its randomicity or anything else.)
1711695017
Hero Member
*
Offline Offline

Posts: 1711695017

View Profile Personal Message (Offline)

Ignore
1711695017
Reply with quote  #2

1711695017
Report to moderator
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711695017
Hero Member
*
Offline Offline

Posts: 1711695017

View Profile Personal Message (Offline)

Ignore
1711695017
Reply with quote  #2

1711695017
Report to moderator
1711695017
Hero Member
*
Offline Offline

Posts: 1711695017

View Profile Personal Message (Offline)

Ignore
1711695017
Reply with quote  #2

1711695017
Report to moderator
1711695017
Hero Member
*
Offline Offline

Posts: 1711695017

View Profile Personal Message (Offline)

Ignore
1711695017
Reply with quote  #2

1711695017
Report to moderator
pooya87
Legendary
*
Offline Offline

Activity: 3402
Merit: 10434



View Profile
April 13, 2021, 04:08:52 AM
Merited by hugeblack (2), o_e_l_e_o (2), Saltius (1)
 #2

I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4315

<insert witty quote here>


View Profile
April 13, 2021, 04:36:16 AM
 #3

Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh Did you specifically require a BIP39 compatible seed for some reason? Huh

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Saltius (OP)
Member
**
Offline Offline

Activity: 166
Merit: 16


View Profile
April 13, 2021, 06:03:57 AM
 #4

I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.

Good explaination about the entropy and randomicity. Thanks!



Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh Did you specifically require a BIP39 compatible seed for some reason? Huh

I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.
Charles-Tim
Legendary
*
Offline Offline

Activity: 1498
Merit: 4779



View Profile
April 13, 2021, 07:51:47 AM
 #5

I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.
Still, the best way is to generate a new wallet or update the old one, Electrum now even support segwit by default, and you will need to transfer your funds from the old wallet (legacy) to new wallet which is segwit.

And hope you update the latest version of Electrum from electrum.org, and verify the signature. Hope you are not using the old version that did popup scam update? Do not click on any update pop up. If the signature is verified, then install it. Better to run the latest version.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
April 13, 2021, 08:06:13 PM
Merited by Saltius (1)
 #6

I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.
Saltius (OP)
Member
**
Offline Offline

Activity: 166
Merit: 16


View Profile
April 14, 2021, 01:37:21 AM
 #7

I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.

I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.

My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.
Pmalek
Legendary
*
Offline Offline

Activity: 2716
Merit: 7031


Farewell, Leo. You will be missed!


View Profile
April 14, 2021, 08:31:09 AM
Last edit: November 12, 2023, 09:57:28 AM by Pmalek
 #8

My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.
You can restore a BIP-39 recovery phrase on Electrum mobile as well. You are probably using an old version of the Electrum app on your offline device. I just downloaded the newest version to try it out. When you click on the gear icon to enter the options menu, you have the possibility to extend your seed by entering a passphrase or restoring a BIP-39 seed.

Take a look:


..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
April 14, 2021, 08:59:59 AM
Merited by Pmalek (1)
 #9

I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.
It's not a perfect solution, but it is much better than just picking words yourself and probably good enough provided the other 121 bits of your entropy remain completely secure.

You can restore a BIP-39 recovery phrase on Electrum mobile as well.
But you cannot restore a BIP39 phrase with an invalid checksum on mobile, which is why OP needed to change the last word of his Electrum seed phrase to give a BIP39 seed phrase with a valid checksum. You can proceed with an invalid checksum on desktop, but not on mobile.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!