Understanding BIP 39 as a layperson - offline seed generation

[edk1988]

Take 8 coins and number them.

Then you can roll all 8 and record the results in binary in chunks of 1 byte

Once you roll 32x you have a 256 bit binary number.

Each "word" is 11 bits so you break your 256 bit number into 23 chunks of 11 bits plus remainder (23x11 = 253, remainder is 3 bits)

The remainder must be padded with "the checksum" (8 bits or 1 byte) to make it 11 bits long just like the others.

You have to perform the checksum operation by hashing the original 256 bits thru 1 round of sha 256 (binary).  This part was hard for me to figure out the best way to to this offline.  If the computer requires hex input then you must convert your number to hex.  If the computer accepts binary input then you have to type it correctly.  If you have the typical hex output then the first 2 char's constitute 1 byte and must be converted to binary, and appended to the end of the 24th word.  I guess you can just do a sh256 in linux.  Like I said, I wasn't able to do this without an online tool (not ideal).

You can do sha256 by hand if you are a genius.

Now you have 24 chunks of 11 bits.  Convert from binary to decimal, and index the wordlist (word 1 = 0).

[digaran]

How do you perform sha256 by hand? That's not called being genius but rather stupid, because you could just use a script to do that for you. Also there is no need to generate seeds manually, just use a standard and secure wallet to do all of that. Manipulating things like that is bound for disaster.

[edk1988]

How do you perform sha256 by hand? That's not called being genius but rather stupid, because you could just use a script to do that for you. Also there is no need to generate seeds manually, just use a standard and secure wallet to do all of that. Manipulating things like that is bound for disaster.

Hello.

Nothing has been manipulated here.  This is how the BIP 39 seed phrase is derived from a 256 bit random number.

Thanks for your input - the subject was "understanding BIP 39 as a layperson" so yes, it may or may not be important to any given individual, not sure, if BIP 39 will remain as an important protocol in bitcoin, or if bitcoin is important to the world in general.

[digaran]

Don't get me wrong, I'm all about educating people, but important things such as seeds should be taught by experts with detailed and perfect technicalities. A layperson is better off generating their seeds by using trusted wallets. So this should not be recommended for anyone to use and store any real coins, maybe just for testing with testnet coins.
Which then would require you to provide a layperson tutorial on how to acquire testnet coins etc. 🤭

[apogio]

The easiest way to explain BIP39 to a layperson would be to simply tell them that those 12 words is their password without which they would lose their money.

If they wanted to know how it works technically, you should show them this picture:

[edk1988]

If they wanted to know how it works technically, you should show them this picture:

Great pic,

the rolling coins procedure falls broadly under "generate entropy" and yeah shannon information entropy is a whole separate business, that's why this demo is described using coins because rolling coins provides a binary output no modulation is needed.

It's not difficult, I think it's reasonable to give people the benefit of the doubt and have an expectation that if they're going to use btc they should know the fundamentals,

I know this issue is discussed at length in the literature but I don't care for 128 bit seed phrases the whole system is based of sha256