Changing a word of a seed. Will it break safety?

[coinkidda]

Hello!

I have a question regarding the creation of the seed. I already have a seed of 24 words. From this one I would like to change one of the words using a dice or coin to make it random, and thus create a new seed, in doing so it will also change the 24th word checksum.
My doubt is, will that change break dangerously the randomness and security of the process? Is this as safe as creating a new seed completely? Would it be safe to create different seeds just by changing one particular word?
I appreciate your comments.


K.

[1714976195]

1714976195

[1714976195]

1714976195

[bitmover]

Hello!

I have a question regarding the creation of the seed. I already have a seed of 24 words. From this one I would like to change one of the words using a dice or coin to make it random, and thus create a new seed, in doing so it will also change the 24th word checksum.
My doubt is, will that change break dangerously the randomness and security of the process? Is this as safe as creating a new seed completely? Would it be safe to create different seeds just by changing one particular word?
I appreciate your comments.


K.

This is will not make your seed safer. You cannot "add randomness" like this. You are probably adding more risk.
I wouldn't do it.

Changing one word randomly will probably not validate, as there is  a checksum (not all combinations are valid).

You can make a few tests here (https://iancoleman.io/bip39/).

I don't think this will add any particular risk to randomness, but I think that just following basic procedures is always safer.

If you wanna be safer, buy a hardware wallet and use the seed generation from the device.

my 2sats.

[coinkidda]

This is will not make your seed safer. You cannot "add randomness" like this. You are probably adding more risk.
I wouldn't do it.

Changing one word randomly will probably not validate, as there is  a checksum (not all combinations are valid).

You can make a few tests here (https://iancoleman.io/bip39/).

I don't think this will add any particular risk to randomness, but I think that just following basic procedures is always safer.

If you wanna be safer, buy a hardware wallet and use the seed generation from the device.

my 2sats.

Thanks for the answer.
The idea would be to avoid trusting the hardware wallet seed.

After changing that one word I could use a tool like Seed Savior (https://3rditeration.github.io/mnemonic-recovery/src/index.html) to get the cheksum, and thus a valid a seed.
I could use the same method to generate different seeds just by changing one word and the checksum.
Does it seem crazy? Is it unsafe?

Thanks again!

K

[hosseinimr93]

I already have a seed of 24 words. From this one I would like to change one of the words using a dice or coin to make it random, and thus create a new seed, in doing so it will also change the 24th word checksum.

If your seed phrase has been generated randomly using a secure tool, there is no need to make any change.
If your seed phrase hasn't been generated randomly or it has been generated using an unsafe tool, you don't make it safe just with changing a word.

The idea would be to avoid trusting the hardware wallet seed.

What makes you not trust your hardware wallet? If your hardware wallet isn't secure enough for any reason, don't use it.

I could use the same method to generate different seeds just by changing one word and the checksum.

Instead of that, you can have different wallets using a single seed phrase with adding different passphrases to your seed phrase.

[NeuroticFish]

I have a question regarding the creation of the seed. I already have a seed of 24 words. From this one I would like to change one of the words using a dice or coin to make it random, and thus create a new seed, in doing so it will also change the 24th word checksum.
My doubt is, will that change break dangerously the randomness and security of the process? Is this as safe as creating a new seed completely? Would it be safe to create different seeds just by changing one particular word?
I appreciate your comments.

As said, you cannot change like that one of the words. What you can do is to add passphrase to the wallet = one or more words separately from what the hardware wallet gives.
But I think that the hardware wallet has to support that. My Ledger HW supports it.

However:
1. The common procedure is that the passphrase should be stored differently from the seed.
2. Because of (1) there's a high chance you'll lose or forget about the passphrase and since the wallet from only the seed is also valid (but with different addresses) you may think at some point in the future that either your coins got stolen, either you wrote down the wrong seed.

All in all there are benefits and risks too in using it, however, it can help you if you thing that the seed provided by the HW is - for some odd reason - not safe enough.

[Stalker22]

The idea would be to avoid trusting the hardware wallet seed.

Why? Changing just one word in your hardware wallet's seed phrase won't make much difference if you already don't trust the security of your wallet and believe that the seed phrase can be compromised, as hosseinimr93 has pointed out. A better solution is to use the BIP39 passphrase, which is the industry standard, but be aware of the potential negatives.

[bitmover]

The idea would be to avoid trusting the hardware wallet seed.

Is there any reason for that?

Considering ledger or trezor, both have been widely tested over the last decade.

They are safe and you can trust them. Theoretically,  it is safer to use them than to use them + 1 word changed as you suggested.

They are already random enough and you may risk messing things up when adding a word.

You should use a passphrase for extra security

this os the correct way to add one more word
https://support.ledger.com/hc/en-us/articles/115005214529-How-to-set-up-a-passphrase-?docs=true

[nc50lc]

The idea would be to avoid trusting the hardware wallet seed.

Your hardware wallet's seed is generated randomly in the device itself, not by the manufacturer.
The only trust issue is if the hardware's RNG is bad or rigged which is never the case in genuine famous hardware wallets.

If your hardware wallet came with a pre-generated wallet or seed phrase, avoid using that device entirely.

[coinkidda]

Thanks for all your answers, I am learning a lot from you.

As I am learning about bitcoin I decided that I don't want to trust my hardware wallet, and I prefer to create my own seeds doing variations of a randomly generated seed, like here:

• https://shiftcrypto.ch/blog/roll-the-dice-generate-your-own-seed/
  https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it-yourself/

I know I can add a passphrase but even that I would like to add an extra safety layer with my own seeds.
The question is still unclear from me. Will it be less safe to change a word and the checksum of a randomly generated seed (by myself or by hardware wallet), or it won't make a difference?
Thanks!

[hosseinimr93]

The question is still unclear from me. Will it be less safe to change a word and the checksum of a randomly generated seed (by myself or by hardware wallet), or it won't make a difference?

You don't really change anything.
In the case you generate your seed phrase by yourself (if you do the steps correctly and assuming your dice is balanced and all the numbers have the same probability to be chosen), your seed phrase would be completely random and there's nothing to worry about.

[LoyceV]

As I am learning about bitcoin I decided that I don't want to trust my hardware wallet,

That's easy: then don't use it!
What if your hardware wallet still communicates your seed with the server? You can't verify that, so if you don't trust the seed generation to be random, why would you trust the hardware wallet not to leak your seed?

Anyway, changing one word doesn't matter much.

For consideration: you're probably much more likely to lose your funds by trying to create your own encryption system, than by using a standard hardware wallet.
If you don't trust a piece of hardware, don't use it. You can for instance use Electrum offline, that way you don't have to trust anyone. But it's much less convenient to do correctly than using a hardware wallet.

[nc50lc]

The question is still unclear from me. Will it be less safe to change a word and the checksum of a randomly generated seed (by myself or by hardware wallet), or it won't make a difference?
Thanks!

It's less safer in terms of RNG.
Because you basically reduced it from 256-bit.
One word is approximately 11-bit so if you've replaced one word, you've reduced the number of randomized portion of the seed by that amount.

But changing only one word out of 24, IMO isn't much of a safety issue, I'm not recommending it though.

[LoyceV]

Because you basically reduced it from 256-bit.
One word is approximately 11-bit so if you've replaced one word, you've reduced the number of randomized portion of the seed by that amount.

Since 12 words are enough too, I wouldn't worry about changing some words. You can even base 12 words on one random generator, and the other 12 words on another random input. The tricky part is not making any mistakes.

[PrivacyG]

If you do not trust your Hardware Wallet.  Then you need to stop using it completely.  Because you do not want to insert your randomly generated Seed in an unsafe device, do you.

This is not bad at all.  But make sure you have a secure computer to access your Bitcoin from.  Also.  Try not to complicate things too much or to reinvent the wheel.  You may start forgetting where things belong and what your initial thought was setting up your Wallets or generating your Seeds.

-
Regards,
PrivacyG

[nc50lc]

-snip-

My reply isn't about the overall security but the difference between the randomly generated seed phrase and the one with edited word
as a response to his follow-up question.

[o_e_l_e_o]

If you don't trust the seed being generated by your hardware wallet, then changing one (or two, if you include the checksum) words is utterly meaningless. At best, you are introducing 18.5 new bits of entropy (11 bits for the word you change, 3 bits for the checksum word, 4.5 bits for picking one of the 23 non-checksum words to change at random). 18.5 bits of entropy is trivial to brute force. If someone knew your seed phrase, which is the assumption we are working on since you do not trust it, they could break your system in a few seconds.

If you don't trust electronic seed generation, then the best alternative will be to use a physical source of entropy. A single coin is the best option here, since dice introduce a larger bias which is harder to control. Flip a coin 256 times and write down "1" for heads and "0" for tails, or vice versa. If you want to be extra safe, then use a von Neumann debiasing approach to remove any bias from your coin (although you will now end up flipping the coin on average 1024 times instead). Once you have 256 bits of entropy, use an open source tool such as this one to turn it in to a seed phrase: https://bitcointalk.org/index.php?topic=5373505

Although the question remains that if you do not trust your hardware, where and how are you going to import this seed phrase in order to generate a wallet?

[Pmalek]

If you don't trust your hardware wallet to generate your seed, why did you buy it?
If you lost trust in it in the meantime, why are you still using it?
If you don't trust it with the entire 12/24 recovery phrase, why would you trust it to randomly generate 11/23 words for you?

I like making comparisons. The first thing I thought about is this. I think my wife will poison my food so I am only going to eat 11 out of 12 meals she puts on the table in the upcoming days.

If you don't want your hardware wallet to generate your seed, you have three good choices:
- coin flips
- dice
- software on an airgapped computer

[odolvlobo]

I have a question regarding the creation of the seed. I already have a seed of 24 words. From this one I would like to change one of the words using a dice or coin to make it random, and thus create a new seed, in doing so it will also change the 24th word checksum.
My doubt is, will that change break dangerously the randomness and security of the process? Is this as safe as creating a new seed completely? Would it be safe to create different seeds just by changing one particular word?
I appreciate your comments.

All the responses here are good; however, nobody has answered your question.

The answer is that it is ok. But a more precise answer is that it can depend on the software generating the checksum for you and how the new word is chosen.

First, the 24-word phrase is an encoding of 256 random bits plus an 8-bit checksum. The last word, which contains the 8-bit checksum, also contains 3 of the 256 random bits.

If you assume that the original phrase is completely random and was generated securely, then here are the issues:

• 1. Changing a word to a different random value can lower the security by an imperceptible amount. Instead of 2048 choices, the word now only has 2047 choices. However, if the attacker has no info about which word was changed and what it was originally, then there is no reduction of security.
• 2. Replacing a word with a non-randomly chosen word lowers the security by a small amount, no more than ¹¹/₂₅₆
• 3. The software generating the last word must also generate 3 random bits. The randomness of 3 bits (out of 256) has an imperceptible effect on the security of the phrase, but for the pedantic crowd:
  
  • a. If the tool sets the bits to 0, it can lower the security of the phrase by three bits.
  • b. If the tool generates 3 new bits, then the security is affected by the randomness of those 3 bits.
  • c. If the tool keeps the original 3 bits, then the security is not affected.
• 4. Of course, if you give your recovery phrase to a tool, you must determine that the tool and the device that you run it on can be trusted to keep the phrase secure.

[o_e_l_e_o]

If you assume that the original phrase is completely random and was generated securely

If you are making this assumption, then OP's scheme adds absolutely nothing of benefit. And if you assume the opposite, that the original seed phrase was not generated securely, then as I explained above OP's scheme is grossly insufficient to make any difference and again brings no benefit.

Either way, his suggestion should not be used. If he has generated a seed phrase securely then great, use it. If he has doubts as to whether his seed phrase was generated securely, then tinkering around the edges like this is dangerous and he should instead discard it entirely and find a new method of generating a secure seed phrase from scratch, such as by flipping a coin.

[coinkidda]

Thanks everybody for all your replies and help. I am taking my time to learn from them and I will get back to you.
Meanwhile I hope that this thread was useful for all of you as well.

Thanks again!

K