Bitcoin Forum
November 09, 2024, 03:47:33 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: What is BIP39  (Read 475 times)
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7372


Top Crypto Casino


View Profile WWW
March 09, 2023, 06:34:15 AM
 #21

Electrum's seed doesn't actually need a fixed wordlist, you can even edit the english.txt with your own set of words
and it will produce a valid seed (given that there's enough to produce a valid one).
e.g. (SegWit - Can be imported to Electrum):
Code:
banana110206 banana110312 banana021413 banana061112 banana030713 banana130608 banana020311 banana010311 banana010306 banana101112 banana020705 banana091106

I imagine, for the purpose of privacy, you could replace the wordlist to one which contains alphanumeric gibberish or even grammatically-correct text but with the wordlist in a scrambled order, so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.

It cannot be changed at runtime though, right?

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
March 09, 2023, 03:32:25 PM
 #22

so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.
You do not need to have access to the original wordlist in order to recover an Electrum seed phrase. You can take the bunch of bananas (pun intended Tongue) nc50lc has posted above and use them to recover the original wallet in your Electrum client, without ever knowing the original wordlist he used. The same is true for alphanumeric gibberish or any other wordlist. If an attacker attempts to import it in to any recent version of Electrum, it will work just fine.
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6356


Self-proclaimed Genius


View Profile
March 10, 2023, 08:13:51 AM
 #23

I imagine, for the purpose of privacy, you could replace the wordlist to one which contains alphanumeric gibberish or even grammatically-correct text but with the wordlist in a scrambled order, so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.
o_e_l_e_o is correct.
If fact, as I noted, you can import that phrase to Electrum without issues.

You can take the bunch of bananas (pun intended Tongue) nc50lc has posted above
As the standard unit of scale, I used "banana" to count the number of words in my custom word list.

To newbie readers: do not use it, it's only for testing purposes.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Saint-loup
Legendary
*
Offline Offline

Activity: 2786
Merit: 2428



View Profile
March 10, 2023, 10:45:53 PM
Last edit: March 10, 2023, 10:57:26 PM by Saint-loup
 #24

Actually before BIP39 there was BIP32 https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
BIP32 has been created in February 2012 while BIP39 has been created in September 2013 precisely. And it's BIP32 which introduced/standardized Hierarchical Deterministic Wallets, BIP39 only allowed them to be more easily usable and memorizable by humans. But Bitcoin Core still doesn't use BIP39 seeds for example, only BIP32 ones in WIF format.
is BIP39 is a development from BIP32?, if yes, why they don't continue their development about vulnerability or weakness which was shown by electrum?.

Quote
A fixed wordlist is still required. Following our recommendation, BIP39 authors decided to derive keys and addresses in a way that does not depend on the wordlist. However, BIP39 still requires the wordlist in order to compute its checksum, which is plainly inconsistent, and defeats the purpose of our recommendation. This problem is exacerbated by the fact that BIP39 proposes to create one wordlist per language. This threatens the portability of BIP39 seed phrases.

BIP39 seed phrases do not include a version number. This means that software should always know how to generate keys and addresses. BIP43 suggests that wallet software will try various existing derivation schemes within the BIP32 framework. This is extremely inefficient and rests on the assumption that future wallets will support all previously accepted derivation methods. If, in the future, a wallet developer decides not to implement a particular derivation method because it is deprecated, then the software will not be able to detect that the corresponding seed phrases are not supported, and it will return an empty wallet instead. This threatens users funds.

https://electrum.readthedocs.io/en/latest/seedphrase.html
Calling that weakness or vulnerability is just a point of view. Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
So what's the problem? The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed. Electrum still only supports english language for seeds currently (except by doing some hacks as told above), while being localizable in many languages, that's neither consistent nor convenient for those users.  
For the version number, each time a new format is created like Taproot now, they have to update their system and to hope it wont make bugs when new seeds will be used on older wallets. So I'm not sure it's more safe and convenient.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
March 11, 2023, 12:10:02 PM
 #25

Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.

The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed.
Not at all. I don't speak Portuguese, but if I had a Portuguese seed phrase with one or two character errors in it, then it is trivial for me to start looking up words in a Portuguese dictionary to see which one might be spelt incorrectly. I can't do that with raw hex.
Saint-loup
Legendary
*
Offline Offline

Activity: 2786
Merit: 2428



View Profile
March 11, 2023, 10:26:16 PM
 #26

Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.
If the wallet doesn't generate any wrong key/address, I don't call that a weakness, I call that a matter of unavailability. It would be more user-friendly if wallets were clearly indicating which languages they are supporting for seeds, but I don't think it's a big deal though.

The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed.
Not at all. I don't speak Portuguese, but if I had a Portuguese seed phrase with one or two character errors in it, then it is trivial for me to start looking up words in a Portuguese dictionary to see which one might be spelt incorrectly. I can't do that with raw hex.
So finally you think using a wordlist is a good thing? If this wordlist exists in english, why it couldn't exist in other languages? And if only one language should be used for the seeds why it should be the english language? You really think that poor Salvadorians have no other things to do than trying to decipher their mnemonic seed in order to be able to use BTC? BTC is not enough difficult to use for the average Jose, he needs to learn english on top of that? A child of 4 years can spend fiat money, Bitcoin is far away from that.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
March 12, 2023, 08:38:59 AM
 #27

It would be more user-friendly if wallets were clearly indicating which languages they are supporting for seeds, but I don't think it's a big deal though.
I agree, but there are plenty of bad wallets out there which do all kinds of weird and non-standard things with seed phrases, derivation paths, and so on.

So finally you think using a wordlist is a good thing? If this wordlist exists in english, why it couldn't exist in other languages?
Of course a wordlist is a good thing. I've never said otherwise.

The difference is in how that wordlist is used. With BIP39, if you use a non-English wordlist, then most wallets have no idea if your seed phrase is valid or not, many will not yet you import it, and if they do import it will have no idea which script type or derivation path to use to generate a wallet. With Electrum, if you use an non-English wordlist, then Electrum will verify it just fine, import it just fine, and generate the exactly correct script type and derivation path without any further input from you. This is clearly a superior system.

Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5669



View Profile
March 12, 2023, 10:13:27 AM
 #28

Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.
It seems that, there's something I don't understand here.
BIP39 seed phrase is created using a known algorithm and anyone can make any change to the algorithm and the wordlist. Electrum is also open-source and and anyone can change the source code.
I can use my own wordlist in electrum as I can use my own wordlist when creating a BIP39 seed phrase.
Are you saying the possibility of having your own wordlist in electrum is an advantage while that's a disadvantage in BIP39?


Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
Doesn't BIP39 also have its standard wordlists for some languages?
If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.

That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.

Is there anything I am missing?

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
March 12, 2023, 10:21:11 AM
Merited by hosseinimr93 (10)
 #29

Are you saying the possibility of having your own wordlist in electrum is an advantage while that's a disadvantage in BIP39?
The difference comes from how that wordlist is used.

With BIP39, the wallet must know your wordlist in order to verify your checksum. If it does not know your wordlist, then it does not know what bits the words represent, so it cannot calculate the checksum, nor compare it to the bit string to see if it is correct.
With Electrum, the wallet does not need to know your wordlist at all. The versioning system is based on a hash of the words, not the original entropy that those words encode, so even without knowing the wordlist Electrum can hash your seed phrase, check the version number, and tell you if that seed phrase is valid (as well as whether it is a legacy or a segwit wallet).

If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.
It depends on your software. Electrum will import it just fine, but many wallets will only accept English words.

That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.
It's not. Electrum will quite happily restore a seed phrase generated using any wordlist, even one it does not know.

Here's a post I made several years ago, in which I share an Electrum seed phrase using a non-standard wordlist which I have long deleted, on a much older version of Electrum. You can still import that seed phrase without any issues in to your version of Electrum and arrive at the same address I did back then.
Saint-loup
Legendary
*
Offline Offline

Activity: 2786
Merit: 2428



View Profile
March 12, 2023, 09:54:03 PM
Last edit: March 12, 2023, 10:11:06 PM by Saint-loup
 #30

Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
Doesn't BIP39 also have its standard wordlists for some languages?
If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.

That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.

Is there anything I am missing?
Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed. And if you use the BIP39 import feature, you won't even need to make any hack. Because Electrum accepts so-called BIP39 seeds from any language real or unreal, even from one word languages  Roll Eyes.
Your wordlist will only be needed if some characters or words are missing from your seed actually.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5669



View Profile
March 12, 2023, 10:17:35 PM
Merited by Saint-loup (1)
 #31

Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed.
But according to the post made by o_e_l_e_o before, you don't even need to add the words to your wordlist file.
I could generate a wallet successfully with the seed phrase posted by o_e_l_e_o  in that post, while I didn't have any of the words in my wordlist.
As you see in the following image, the next button is clickable.



▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Saint-loup
Legendary
*
Offline Offline

Activity: 2786
Merit: 2428



View Profile
March 12, 2023, 11:05:26 PM
 #32

Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed.
But according to the post made by o_e_l_e_o before, you don't even need to add the words to your wordlist file.
I could generate a wallet successfully with the seed phrase posted by o_e_l_e_o  in that post, while I didn't have any of the words in my wordlist.
As you see in the following image, the next button is clickable.



You're right I thought Electrum was checking if words belonged to the dictionary before trying to generate the wallet because Electrum uses a completion feature when you enter each word. But you just need to modify the wordlist for generating an Electrum seed with your own words in reality. My bad.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!