Which seed should i choose?

[I_love_Crypto]

Hello everyone:)

I own some BTC that are stored ATM in an exchange (yes, i know it is bad....).
I would like to store them offline for the very very long term. My aim would be to
create a brand new wallet, with for instance Electrum, and move the funds
into it. Since the Electrum Software would be installed on a Ubuntu live session,
i only plan to carefully write the seed on a piece of paper (or better engrave
the seed on steel) before leaving. That being said, i noticed that Electrum
said that BIP39 seed might no longer be supported in the future, and, one the other hand, if i
create an Electrum seed it might not be accepted on other devices. Since my
aim is obviously to have access to my BTC later, i'm puzzled. How can i predidict the
standards in ten years?

Perhaps saving the master private key as a QR code might be a better idea...

I know that a ledger wallet might be better, but i read that the code source is not
open and i'm concerned about the data that might be collected by them (who knows
if they don't keep information about all the transactions of their users).

Any though?

Thanks a lot.

[ranochigo]

The good thing about anything open source is that it is easy for everything to be replicated and backwards compatibility is hardly an issue. Besides, it is highly unlikely that backwards compatibility would be broken with any well-defined standards. BIP39 is considered a Bitcoin standard and it is likely that it would be supported by wallets far in the future. Storing it in anything other than mnemonics is a hassle and highly unnecessary if you're concerned about compatibility; you'll be able to recover them easily even if they are not supported by Electrum in the future.

Electrum maintains compatibility with even their pre-Electrum 2.0 seeds. I doubt that Electrum would drop the support any time in the future since it doesn't hinder the development, just a nice to have. Tldr; Electrum or BIP39 seeds are both okay.

[promise444c5]

I know that a ledger wallet might be better, but i read that the code source is not
open and i'm concerned about the data that might be collected by them (who knows
if they don't keep information about all the transactions of their users).

Ledger is an HD(hardware) wallet and since you don't trust it there're other HD wallets if you want a bitcoin-only, Trezor supports it so you can try it out
Also, here's a list of HD wallets from @dkbit98  you can try....
https://bitcointalk.org/index.php?topic=5288971.msg55583288#msg55583288

[Zaguru12]

i only plan to carefully write the seed on a piece of paper (or better engrave
the seed on steel) before leaving. That being said, i noticed that Electrum
said that BIP39 seed might no longer be supported in the future, and, one the other hand, if i
create an Electrum seed it might not be accepted on other devices. Since my
aim is obviously to have access to my BTC later, i'm puzzled. How can i predidict the
standards in ten years?

Perhaps saving the master private key as a QR code might be a better idea...

One of the importance of seed phrase is the ease to back one’s wallets without having to store the master private key or any key at all. I get where you’re concerned about, like electrum not been in existence again, currently there is a BlueWallet that is said to support the custom seed phrase from electrum wallet.

But aside that should they stop to build/develop the wallet again, another developer could easily build it up since its source codes are open.

But also if at a time there is no wallet that supports the seed phrase, you can still generate the master private key from the seed phrase using tools because the method it uses to generate its seed is not that different from the Bip39 seed phrase. So there is nothing to worry about

[I_love_Crypto]

The good thing about anything open source is that it is easy for everything to be replicated and backwards compatibility is hardly an issue. Besides, it is highly unlikely that backwards compatibility would be broken with any well-defined standards. BIP39 is considered a Bitcoin standard and it is likely that it would be supported by wallets far in the future.

I hope so too...

Storing it in anything other than mnemonics is a hassle and highly unnecessary if you're concerned about compatibility; you'll be able to recover them easily even if they are not supported by Electrum in the future.

But, in that case you should know which derivation path the software used in order to recover the address where the funds are located, aren't you?

One of the importance of seed phrase is the ease to back one’s wallets without having to store the master private key or any key at all. I get where you’re concerned about, like electrum not been in existence again, currently there is a BlueWallet that is said to support the custom seed phrase from electrum wallet.

But aside that should they stop to build/develop the wallet again, another developer could easily build it up since its source codes are open.

But also if at a time there is no wallet that supports the seed phrase, you can still generate the master private key from the seed phrase using tools because the method it uses to generate its seed is not that different from the Bip39 seed phrase. So there is nothing to worry about

I agree, but it could be stressful. My aim is to choose the easiest and the safest solution to store BTC. Btw, is it possible to convert a Bip39 seed phrase into an Electrum seed and vice versa?

Cheers:)

[ranochigo]

But, in that case you should know which derivation path the software used in order to recover the address where the funds are located, aren't you?

It's pretty much plastered all over the internet and it is quite unbelievable for it to ever disappear, especially for something so important. If you're scared of it, just write down your derivation path.

Btw, is it possible to convert a Bip39 seed phrase into an Electrum seed and vice versa?

No.

[Medusah]

Btw, is it possible to convert a Bip39 seed phrase into an Electrum seed and vice versa?

No, Electrum and BIP39 represent two separate mnemonic standards.  It's not feasible to input a BIP39 seed phrase into a function to generate an Electrum seed phrase that generates the exact same addresses from the BIP39 seed phrase. 

I'd opt for Electrum.  Since it's widely used for storing bitcoin by many, it's extremely likely that it will remain accessible in the future. 

[I_love_Crypto]

Ok, thanks for the answers. So, to sum-up here is my plan:

1) Generate (and carefully save) a BIP39 mnemonic code (offline) using this:
https://github.com/trezor/python-mnemonic
Indeed, Electrum wallet doesn't generate Bip39 mnemonic and i would prefer
to have one.
I tested the few lines of code and it worked.
Still there is something i don't understand:
entropy = mnemo.to_entropy(words)
I guess the aim of this line is to check the randomness of the list of words.
However, i got this:
>>> entropy = mnemo.to_entropy(words)
>>> entropy
bytearray(b'\x18\xe2\xa9=\x82\xd4$\x915D\x98....................................\xb4\x7f\x02\x90f\xdf\x8b')
>>>
How this should be understood?

P.S.: I read that a 12 words list is enough and a 24 words list do not improve safety. So i will
go for a 12 words list.

2) Create a new (offline) wallet by importing the mnemonic into Electrum. Generate a "receiving" address

3) Send the BTC from the exchanges to this address.

Am i doing something wrong?

Cheers:)

[Synchronice]

Hello everyone:)

I own some BTC that are stored ATM in an exchange (yes, i know it is bad....).
I would like to store them offline for the very very long term. My aim would be to
create a brand new wallet, with for instance Electrum, and move the funds
into it. Since the Electrum Software would be installed on a Ubuntu live session,
i only plan to carefully write the seed on a piece of paper (or better engrave
the seed on steel) before leaving. That being said, i noticed that Electrum
said that BIP39 seed might no longer be supported in the future, and, one the other hand, if i
create an Electrum seed it might not be accepted on other devices. Since my
aim is obviously to have access to my BTC later, i'm puzzled. How can i predidict the
standards in ten years?

Perhaps saving the master private key as a QR code might be a better idea...

I know that a ledger wallet might be better, but i read that the code source is not
open and i'm concerned about the data that might be collected by them (who knows
if they don't keep information about all the transactions of their users).

Any though?

Thanks a lot.

Mate, first of all, remember that Ledger wallet is the worst idea because this company is shady, they were telling us that it was impossible to get data from their secure chip but then they offered Ledger Recovery service that in fact gets data from their secure chip. I wouldn't trust them after this accident and if you are aiming for hardware wallet, you better buy Coldcard or Passport.

BIP39 and BIP39 wordlist will be supported by Electrum, at least in the next few years. I think it will be supported for almost forever because there is simply no reason to not use it, it's secure as hell and writing down some words is better than writing down 010101.

If you are still afraid of BIP 39, you can use a vanity address generator and generate a bitcoin address where you'll get address (custom if you wish) and private key that you can later import in any wallet.

P.S. My advice would be to not worry over something that you don't have to worry. Anyway, if something changes, you can always use an old version of software, create a new wallet in new software and send Bitcoins from old to new address.

[ranochigo]

1) Generate (and carefully save) a BIP39 mnemonic code (offline) using this:
https://github.com/trezor/python-mnemonic
Indeed, Electrum wallet doesn't generate Bip39 mnemonic and i would prefer
to have one.
I tested the few lines of code and it worked.
Still there is something i don't understand:
entropy = mnemo.to_entropy(words)
I guess the aim of this line is to check the randomness of the list of words.
However, i got this:
>>> entropy = mnemo.to_entropy(words)
>>> entropy
bytearray(b'\x18\xe2\xa9=\x82\xd4$\x915D\x98....................................\xb4\x7f\x02\x90f\xdf\x8b')
>>>
How this should be understood?

The entropy is the raw bytes before it was converted into your mnemonics. It is not useful to you.

Entropy is random, and you cannot exactly measure randomness, or at least to any accurate extent. Seemingly random strings can be deterministic and vice-versa. You can safely stop at generating the mnemonics without going further.

I haven't seen the code yet and I can't comment much on it. I would recommend just using another wallet that generates BIP39 instead of going with a less well-known script, or just go with Electrum. No downsides there.

[satscraper]

Any though?

Thanks a lot.

Electrum generated  SEED phrases are safe but not applicable  to other wallets. Thus, if  I were in your case I would  generate  BIP39 SEED phrase  manually without recourse to any wallet by simply using flipping coins or dice methods. Good tutorial on how to do this with dice you may find here.

[I_love_Crypto]

I haven't seen the code yet and I can't comment much on it. I would recommend just using another wallet that generates BIP39 instead of going with a less well-known script, or just go with Electrum. No downsides there.

The Python code is extremely simple and since it is from:
https://github.com/trezor/python-mnemonic
i assumed (wrongly?) that it is the way Trezor wallets generate their Bip39 mnemonic:
>>>from mnemonic import Mnemonic
>>>mnemo = Mnemonic("english")
>>>words = mnemo.generate(strength=128)
>>>print(words)

Is it safe to use?

Thanks:)

Any though?

Thanks a lot.

Electrum generated  SEED phrases are safe but not applicable  to other wallets. Thus, if  I were in your case I would  generate  BIP39 SEED phrase  manually without recourse to any wallet by simply using flipping coins or dice methods. Good tutorial on how to do this with dice you may find here.

The link is very interesting indeed. Here is a script:
import random
from datetime import datetime
random.seed(datetime.now().timestamp())
T=[]
for i in range(127):
        x=random.random()
        if x<0.5:
              T.append(0)
        else:
              T.append(1)
print(T)

Not sure if it is better than the previous method though...

[ranochigo]

The Python code is extremely simple and since it is from:
https://github.com/trezor/python-mnemonic
i assumed (wrongly?) that it is the way Trezor wallets generate their Bip39 mnemonic:
>>>from mnemonic import Mnemonic
>>>mnemo = Mnemonic("english")
>>>words = mnemo.generate(strength=128)
>>>print(words)

Is it safe to use?

Thanks:)

The code is from: https://github.com/trezor/python-mnemonic/blob/master/src/mnemonic/mnemonic.py.

Looks okay to me, but I'm not exactly a security researcher. Your code looks okay assuming that the code is working as intended.

The link is very interesting indeed. Here is a script:
import random
from datetime import datetime
random.seed(datetime.now().timestamp())
T=[]
for i in range(127):
        x=random.random()
        if x<0.5:
              T.append(0)
        else:
              T.append(1)
print(T)

Not sure if it is better than the previous method though...

Edit: Please do not use anything that can be easily determined as seed when you're trying to generate something random. Use the secrets module, and if you're unsure about how exactly CSPRNG should be implemented, don't touch it or you might inadvertently generate something insecure.

If you're unsure about the technicalities behind generating a Bitcoin address, you should also refrain from implementing your own. Any errors can result in you being unable to access your funds.

[I_love_Crypto]

Mate, first of all, remember that Ledger wallet is the worst idea because this company is shady, they were telling us that it was impossible to get data from their secure chip but then they offered Ledger Recovery service that in fact gets data from their secure chip. I wouldn't trust them after this accident and if you are aiming for hardware wallet, you better buy Coldcard or Passport.

I don't think they did it on purpose, but i agree it is unacceptable. Also, their customer details has been hacked...

The Python code is extremely simple and since it is from:
https://github.com/trezor/python-mnemonic
i assumed (wrongly?) that it is the way Trezor wallets generate their Bip39 mnemonic:
>>>from mnemonic import Mnemonic
>>>mnemo = Mnemonic("english")
>>>words = mnemo.generate(strength=128)
>>>print(words)

Is it safe to use?

Thanks:)

The code is from: https://github.com/trezor/python-mnemonic/blob/master/src/mnemonic/mnemonic.py.

Looks okay to me, but I'm not exactly a security researcher. Your code looks okay assuming that the code is working as intended.

It seems to do the job as i get a 12 words list...

Edit: Please do not use anything that can be easily determined as seed when you're trying to generate something random. Use the secrets module, and if you're unsure about how exactly CSPRNG should be implemented, don't touch it or you might inadvertently generate something insecure.

If you're unsure about the technicalities behind generating a Bitcoin address, you should also refrain from implementing your own. Any errors can result in you being unable to access your funds.

Ok, i still need to have a better understanding of this (for my knowledge). Indeed, for me a random number from a computer is always pseudo-random. I found a link that might help me:
https://docs.python.org/3.8/library/secrets.html

[satscraper]

[ for me a random number from a computer is always pseudo-random.

[xmonkeyx]

i only plan to carefully write the seed on a piece of paper (or better engrave
the seed on steel) before leaving. That being said, i noticed that Electrum
said that BIP39 seed might no longer be supported in the future, and, one the other hand, if i
create an Electrum seed it might not be accepted on other devices. Since my
aim is obviously to have access to my BTC later, i'm puzzled. How can i predidict the
standards in ten years?

Perhaps saving the master private key as a QR code might be a better idea...

One of the importance of seed phrase is the ease to back one’s wallets without having to store the master private key or any key at all. I get where you’re concerned about, like electrum not been in existence again, currently there is a BlueWallet that is said to support the custom seed phrase from electrum wallet.

But aside that should they stop to build/develop the wallet again, another developer could easily build it up since its source codes are open.

But also if at a time there is no wallet that supports the seed phrase, you can still generate the master private key from the seed phrase using tools because the method it uses to generate its seed is not that different from the Bip39 seed phrase. So there is nothing to worry about

In choosing the right crypto wallet, the seed phrase is a very important factor. For what reason? therefore making it easier to support wallets without the need to store secret keys. With the open source code, other developers can take over or rebuild the wallet, although there are concerns if the wallet stops being developed.
Don't worry if there are wallets that don't support seed phrases. With other tools, you can still generate secret seed phrases. This method is the same as using a Bip39 seed phrase, so you don't need to worry about the availability of wallet support because the seed phrase is easy to use and secure.

[btc78]

Hello everyone:)

I own some BTC that are stored ATM in an exchange (yes, i know it is bad....).
I would like to store them offline for the very very long term. My aim would be to
create a brand new wallet, with for instance Electrum, and move the funds
into it.

That seems very ambitious. We can revisit your idea some other time but this might not be as easily done as you might think so it is really better if you move your bitcoin some place else for now as you try and navigate through the things you need to do in order to make the said wallet.

All the technicalities, complexities and then the actual application might take too long that you might not be able to address what you wanted to in the first place.

[bSpend]

Hello everyone:)

I own some BTC that are stored ATM in an exchange (yes, i know it is bad....).
I would like to store them offline for the very very long term. My aim would be to
create a brand new wallet, with for instance Electrum, and move the funds
into it. Since the Electrum Software would be installed on a Ubuntu live session,
i only plan to carefully write the seed on a piece of paper (or better engrave
the seed on steel) before leaving. That being said, i noticed that Electrum
said that BIP39 seed might no longer be supported in the future, and, one the other hand, if i
create an Electrum seed it might not be accepted on other devices. Since my
aim is obviously to have access to my BTC later, i'm puzzled. How can i predidict the
standards in ten years?

Perhaps saving the master private key as a QR code might be a better idea...

I know that a ledger wallet might be better, but i read that the code source is not
open and i'm concerned about the data that might be collected by them (who knows
if they don't keep information about all the transactions of their users).

Any though?

Thanks a lot.

BIP39 is the normal standard when it comes to bitcoin wallet seed phrase, and this currently supported by many other non - custodial bitcoin wallets out there aside including electrum as you mentioned, I am not saying you are wrong; but I've actually not come across the news stating that electrum will drop support for BIP39 mnemonic or seed type of phrase for bitcoin wallet, but even if this is true that they end up dropping support for this in the future, i am 100 percent certain that there will be other hundreds (if not thousands) of good bitcoin wallets that will still support the BIP39 seed phrase, you can easily use any of this wallets (used and trusted ones) to recover your bitcoins back when ever you want or need them back.

[Forsyth Jones]

The choice between the two seed formats will depend on your needs, all 2 options are safe and great, but I will mention some points from each mnemonic to help you with your choice:

1 - Electrum seeds don't have checksum as BIP39, instead, it's carrying a version number, this version number will determine whether the wallet is old (legacy) or segwit.

2 - Electrum seeds don't support nested-segwit addresses (p2sh-segwit starting with 3), however this type of address is falling into disuse, due to the bech32 standard already being well matured in terms of adoption. So this won't be a problem for you (I believe).

3 - Electrum seeds only have 12 words, while in BIP39 you can choose between 12, 15, 18, 21, 24 words (I think even more).

4 - Both electrum and BIP39 seeds provide support for passphrase, a function that derives hidden wallets based on your passphrase, this additional password becomes an extension of your seed. It's therefore crucial not to lose both items, otherwise you will lose access to your funds.

5 - Electrum seeds don't support BIP-85.

6 - Electrum seeds are recreated and recognized only on Electrum and Bluewallet, I won't go into depth because others have already answered this.

My opinion: I use both standards, the electrum standard is criticized because it has not been adopted by the industry like BIP39, so people can't import an electrum wallet into other apps, but this exposes your seed to risk, electrum is a wallet for desktop, this is the company's proposal (although it has a mobile app, but I haven't used it in years).

BIP39 mnemonic is accepted by all HW and wallets in general, so if you want to use your seed in other wallets (remembering that the more you restore in other wallets, the more your seed will be exposed), I like BIP-39 more because you can create accounts, this way you can use a wallet for each occasion, all protected by the same seed, whereas if it were on Electrum, you must create another wallet (seed) for each occasion.