Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
Bluewallet will automatically detect your derivation path and pick the right one based on activity/transactions. On rare occasions, it will get finicky with older wallet types (addresses starting with "3" or "1"). Just delete the wallet and import it again. It needs to re-scan; do it three times. If that somehow doesn't work, then import it in Electrum (desktop version; also make sure you go to Options > BIP39 seed checked) and follow its steps. First, try its auto-detect feature. IIRC after import, you'll get "detect accounts". If that doesn't work, you can delete it again and manually pick. Do that until you find the right one and get the funds into a new, fresh standard wallet. I'm assuming you don't have a passphrase because if you do and you don't remember, then you're done. Also, I'm assuming that you don't see any sort of activity or transactions in the wallet you imported. Your post is way too vague, and you haven't responded to almost anyone, so I can't help you much besides the common issues people run into.
Trezor isn't that useful if you just plan to let it ride without making transactions. If he's tech savvy, he'd be much better off with a live Tails USB stick with no internet connection, creating a 24 words BIP39 seed, saving the words and its private/public keys, moving the coins there and forget about it. If he isn't tech savvy but he invests, he'd be much better off buying a ETN/ETC. If he isn't tech savvy and he isn't an investor, just leave them on WealthSimple - chances are he might screw something while transferring on-chain to the Trezor-generated wallet.
I really don't think about it at all. A hardware wallet is a signing tool (and seed phrase generating tool). If it fails, I get another. No biggie. It's really that simple, and I do fear too many think of their hardware wallets logically more like wallets than signers. That is unfortunate naming. Your seed phrase backup strategy really should be everything you're depending on. You can add a passphrase (BIP-39, part of the Bitcoin spec, not to be confused with a password or PIN number) for security to your strategy.
You can use laser etching technology to imprint the BIP38 encryption key QR code onto a metal material. Tungsten steel is a recommended material due to its high durability, water resistance, fire resistance, and scratch resistance. If you want to embed Bitcoin in gold and cost is not a concern, please refer to the following link: https://goldphysicalbitcoin.com
Armory wallet doesn't use standard BIP39 seedphrases so iancolemam tool won't work in this case.
Seed phrases didn't even back in the first 2-3 years of Mt.Gox, let alone hardware wallets. Electrum wallet started using seed phrases in 2011 and then BIP-39 was introduced in September 2013. The first hardware wallet, the Trezor Model One, was released on July 29, 2014. Before that, paper wallets were a popular cold storage method. A less common cold storage method was to just use a lightweight SPV wallet like Electrum and MultiBit on an offline air-gapped computer. Some people trusted Mt.Gox but there a glaring red flag popped up in mid to late 2013 when Mt.Gox began having withdrawal problems. [Roger Ver even flew to Tokyo, met with the CEO of Mt.Gox and looked at bank statements and then Roger released a video telling everyone that he was "sure that all of the current withdrawal problems at Mt.Gox are being caused by the traditional banking system and not because of lack of liquidity at Mt.Gox"](https://www.youtube.com/watch?v=UP1YsMlrfF0). He released that video a half year before Mt.Gox collapsed. But a whole lot of people were day trading on Mt.Gox, the majority of Mt.Gox users were trading, and you couldn't trade bitcoin when your coins are not on the exchange.
Appreciate the response! Full transparency: I work at BitBox, which is why I know how hardware wallets generally work. Not all hardware wallets trust the secure chip, Trezors newer devices, as well as our BitBox02 don't trust the secure element, but instead use multiple sources of entropy to create the seed on the MCU, which itself runs open source firmware. The secure element assists with entropy, but it's not the sole provider of entropy. If I use a compromised app with your HWW, which instead of sending "Slot 1, send 500 to Addr A" to the HWW, sends "Slot 1, sent 10000 to Addr B", how can the user protect themselves from this attack? The HWW creates the tx and knows the UTXO, sure - but it can't verify what address or amount is correct. "the receiver knows the sender cant hand the same signed tx to multiple people and race to see who broadcasts first." How does he know that though? He can't verify your hardware or what's running on your hardware wallet. He has to trust you that your HWW has this feature. Great that you have a BIP39 compatible backup option for the recovery! For small payments it's an acceptable trade-off not to have a recovery. I think a child seed with a known derivation path could work well here!
hey thanks for taking the time to dig into this, appreciate the critical eye on the SE trust thing - yeah you're right that we're trusting the chip, but thats true for every hardware wallet that uses a secure element. we went with the NXP SE050 which is EAL6+ certified (same level as banking chips). ledger and trezor safe use similar trust models. the difference is our firmware is fully open source so you can actually audit what the chip is running about the screen - fair point. what we showed is still a prototype, the production version will have a display for confirming recipient and amount before signing. also worth noting our architecture is a bit different than traditional wallets - the hardware actually builds the transaction internally from stored UTXO data rather than just signing whatever hash the app sends. so even without a screen, a compromised app cant make the hardware sign something it didnt construct itself the monotonic counter thing - it actually protects both sides. the sender cant be tricked into double-signing the same slot, and more importantly for offline payments, the receiver knows the sender cant hand the same signed tx to multiple people and race to see who broadcasts first. its basically anti-double-spend protection that works offline about point 4, agreed.. we use proven patterns (BIP-143, secp256k1) on the backup issue - we actually have two modes. your savings wallet uses standard BIP-39 with full seed recovery, nothing weird there. the offline payment slots are intentionally non-recoverable, kind of like cash in your pocket. if you lose the device you lose whats loaded in those slots, not your whole vault. its a design choice for daily spending amounts, not a limitation anyway thanks again for the feedback, always good to clarify these things
Only for current elliptic curves. There're thought of quntum-proofing cryptocraphy. Mining is already pretty quantum-proof, for signatures - BIP360 on BTC's and Qunatumroot on BCH's are worth tracking
It is currently a gimmick, because Bitcoin does not yet support PQC. They’re just saying it’s “quantum ready”, but it’s entirely possible that existing hardware wallets will also be able to compute the future PQ signatures that Bitcoin may eventually use, and it’s also entirely possible that new hardware will be needed, including this Trezor product if it is unable to support whatever PQC is settled on for Bitcoin eventually. It’s best to wait until Bitcoin has consensus on a BIP that actually brings PQC to bitcoin, and then at that point decide if you need new hardware or not.
I’m now close to reaching **80 million BIP-39 seeds verified per second**; in just **12 hours**, I managed to scan **2 trillion keys**. https://i.redd.it/fsm45mevcneg1.gif
In BIP-39 the checksum filter reduces the search space by approximately 16 times (2048 for 128 alternatives for the last word). The Electrum checksum filter reduces your search space by 4096 times (1 word for every 4096 words generated).
USB stick + Tails OS + Ian Coleman BIP-39 files + Sparrow Wallet. After testing everything, get another USB Stick and clone your Tails.
No one knows current roadmaps indicate that in the early/mid 2030s it will be possible to crack ECDSA - it’s Not a softfork which is needed, this would still leave like 4-5mn coins vulnerable (old Satoshis era coins - estimation by Hunter Beast from BIP360). To implement a hardfork estimations go 3-5y
There are several streams - most and best material has BIP30 by Hunter Beast imho, just check out their Website or talks available on YouTube
It will be a hard fork - just check out BIP360, around 4mn coins sitting in vulnerable wallets, including Satoshis - to make them quantum Secure you‘ll have to move them
I don‘t think quantum computing will destroy crypto, I think cq is forcing crypto to develop further. What I miss currently is an open minded willingness to discuss potential migration timelines in the crypto community. Take BTC, BIP360 is now more than a year in discussion, I see several controversal points in the discussion, but we‘ll never come to a point to perform a post quantum Migration for BTC if people are not willing to discuss how this can be acchieved. All this in the whole knowing that we don‘t know when a potential threat will become real-life.
Tell me how BTC will face it - people always answer like that. Have you checked out the current proposals - I take BIP360 because I know best about it and like Hunter Beast in his neutral, unhectical way talking about it. After consensus is reached (and I wonder how it should reached in a Short Hand discussion) it will take 3-4 years (own estimation by BIP360 team) to migrate the chain. This would involve burning Satoshis coins which will be discussed controversal. Man, we have to take this more serious and stop talk about FUDing and generic phrases like „we solve it when it’s needed“
For me it’s not shit, I see it as serious threat for the whole crypto market. I‘m really worried how people in the crypto community - esp. BTC - are handling this without looking at the potential burdens for a migration. I don‘t know if Q-day is 5, 10 or even 15 years away. What I see that all the major quantum player have delivered their roadmaps in the last 3-4 years. Current roadmap would suggest that ECDSA will fall in the early-mid 2030s. And currently a lot of money is invested in the field. A potential migration of BTC (if consensus is reached) to a quantum Secure encryption would take 3-4 years based on the current discussion (just check BIP360 for example) and would involve burning Satoshis coins (what the hell!!!)
Hard fork will be needed imho, not sure how you will handle this threat with a softfork and ensure Satoshis wallets are secure (just check out BIP360)
The most mature imho is BIP360, they have a webpage https://bip360.org also several talks available on YouTube, I‘d recommend to start with the YouTube Talks first and then start the Reading.
Actually it‘s like that - I hold a decent amount of BTC and I‘m really worried how the BTC Community handles the discussion on the quantum threat - looking at the current proposals to make BTC quantum Secure like BIP360, it is obvious that it’s not an easy Journey. It will be a multi-year migration story with controverse discussions (burning Satoshis coins and similar) - for me a Must to take this serious and start taking Action on it Right now
Even Michael Saylor just Said that we have to migrate BTC in a quantum threat scenario - he handled it as a Minor issue, I think the migration path will be quite hard. Current discussion (e.g BIP360 by Hunter Beast) involve a multi-year migration including a burn of Satoshis wallet….
Not sure if it’s just Hype - I think we have to take this more serious. BIP360 with hourglass approach will take several years to migrate BTC to quantum secure chain. Considering that „only“ 2k logical qbits needed to Crack BTC encryption O think we should start discussing more serious on quantum threat. According to Hunter Beast (author of BIP360) to ghly 4-5 million BTC are vulnerable
Sure, but you cannot handle Satoshis coins with that - I‘m long in BTC but think we have to take the quantum threat more serious, like BIP360 by Hunter Beast
Any idea how many scripts would have to be run ultimately? There must be some reductions from the BIP39 checksum, right? I'm no programmer, myself, so a little in the dark about all the technicalities.
No one has ever lost Bitcoin as a result of "the chain gets hacked". The blockchain has never been hacked. Flaws have been found^1 (and long ago mitigated) in Bitcoin's consensus rules and software bugs have led to unexpected forks^2, but the blockchain itself has never been "hacked". ^1 [CVE-2010-5139: Bitcoin Value Overflow](https://en.bitcoin.it/wiki/Value_overflow_incident) ^2 [CVE-2013-3220: Bitcoin’s Migration From BerkeleyDB to LevelDB](https://en.bitcoin.it/wiki/BIP_0050)
What you describe is technically possible, but there are a few important points to clarify. If both wallets derived the *same first receiving address*, that strongly suggests the **seed phrase itself is correct**. In that case, the most common failure points are: an **incorrect or slightly different passphrase** (even one extra space or character changes everything), a **different derivation path** (Electrum vs SeedSigner configuration), or restoring the seed under a different script type (legacy / segwit / native segwit). BIP-39 passphrases are not checksummed, so a typo won’t be detected automatically — the wallet will still load, just into a different empty account. Recovery is usually approached by systematically validating: the exact derivation path, script type, and controlled passphrase variations **offline**. This isn’t something that should be experimented with casually or online. If you still have the seed and know roughly how the passphrase was constructed, there *may* be a way to verify this safely.
Hi. From your description this looks more like a **non-standard mnemonic / early paper wallet format**, not a classic BIP-39 seed phrase. The QR codes are likely irrelevant here — in many older setups they simply duplicated the same text. The key part is the **link between that phrase, the derived address, and the specific implementation used at that time** (year, service, generation method). An 11-word phrase is uncommon today, but it did exist in older solutions. If there was an outgoing transaction from that address, the private component must have been valid at some point — the issue is usually missing parameters rather than the phrase being “wrong”. This is not something I’d recommend continuing to analyze publicly. If you want, feel free to DM me and I can explain **how to approach checking this case safely without exposing sensitive data**.
It's more nuanced than that. If you run a fresh OS on a PC with radios (Wifi/BT) disabled or removed, you've essentially created a hardware wallet. A hardware wallet does not fundamentally need a secure chip. In fact using any wallet in stateless mode (not storing the mnemonics on the device at all) is safer than storing on any secure chip. The primary purpose of a hardware wallet isn't to store mnemonics, it is to generate keys and sign transactions. Mnemonics are ideally stored on metal plates. Finally you can generate BIP32 hierarchical deterministic wallets on PCs just as well, allowing you to have an infinity of addresses and preventing address reuse. You can use Sparrow for this.
I'm going crazy!! Does this seems correct?import hashlib import itertools # BIP39 wordlist with open("bip39.txt", "r") as f: wordlist = [w.strip() for w in f.readlines()] word_index = {word: i for i, word in enumerate(wordlist)} # known seed words known = { 1: "thank", 2: "suspect", 3: "identify", 4: "embrace", 5: "balcony", 6: "board", 7: "inspire", 8: "always", 9: "brand", 10: "banana", 11: "swap", 12: "blood", 18: "battle", 19: "armed", 20: "rival", 21: "ceiling", 22: "believe", 23: "give", 24: "access" } unknown_positions = [13, 14, 15, 16, 17] def check_mnemonic(words): # Convert words to indices indices = [word_index[w] for w in words] # Concatenate 11-bit indices binary = ''.join([format(i, '011b') for i in indices]) # 264 bits entropy + 8 checksum = 272 bits entropy_hex = hex(int(binary[:264], 2))[2:].zfill(66) checksum = binary[264:] # Compute SHA256 of entropy import hashlib entropy_bytes = bytes.fromhex(entropy_hex) hash_bytes = hashlib.sha256(entropy_bytes).digest() hash_bits = ''.join([format(b, '08b') for b in hash_bytes]) computed_cs = hash_bits[:8] return computed_cs == checksum # Brute force import time start = time.time() count = 0 valid = [] for w13 in wordlist: for w14 in wordlist: for w15 in wordlist: for w16 in wordlist: for w17 in wordlist: # Build full word list words = [known.get(i) for i in range(1, 25)] words[12] = w13 # index 12 for seed13 words[13] = w14 words[14] = w15 words[15] = w16 words[16] = w17 if None in words: continue if check_mnemonic(words): valid.append(words) count += 1 # print progress if count % 1000000 == 0: print(f"Tried {count} combos...") print(f"Found {len(valid)} valid mnemonics") for v in valid: print(' '.join(v)) print(f"Time: {time.time() - start}") The thing is it's running but it would take approx 10 years in my PC to try all combinations. Did I missed something!? The oral word is guessable by analyzing any of your posts or comments? Can you give a little hint?🙏🙏🙏
It's a 24 wordphrase to access 0.01 BTC directly on the blockchain, but there's a few words missing. All of them is included in the BIP39 protocol, so its just a matter of deciphering those blanks. The unredacted version is toppost here : r/thegreekchain
You need to check out the Specter Shield (Lite)! \- Huge Touch Display \- Bitcoin only \- Air Gapped \- BIP85 \- Switch Secure Chip \- Manage multiple Seeds ...
yeah there weren't secret words back then. That came in 2013 with BIP39. Genesis block in 2009, Bitcoin used a simple wallet format where private keys were stored directly in a file called wallet.dat. Each address had its own private key. So that's about 22 000 keys you'd need to find. Even if you found them all you would have 0 powers over anything else. Bitcoin operates on a decentralized consensus model, meaning no single entity, not even the creator, can unilaterally change the protocol, alter transaction history, or influence network rules.
Exactly, for BTC there is a discussion ongoing (BIP360), same for other major projects
Sure - every Technology will have issues, centralized banks as well as decentralized blockchains. I think BTC has a good migration path with BIP360, tricky part will be to come to consensus on what to do with Satoshis/lost coins, interesting to follow the discussions on that in the next months
Important that we Take this topic more serious, I‘m holding some BTC, like the BIP360 concept, but migration with the proposal will Take several years…
I expect a 5-10y Range until quantum Computer are able to solve ecdsa - the Challenge imho is that we don’t know when it will happen (could also Take longer), but it‘s too late when it happens. Take BTC for example - Migration like suggested by BIP360 takes 3-4 years (estimation by author Hunter Beast), this is the reason why the quantum threat is relevant today, I think a lot of people are underestimating the time needed for migration which is really risky
Only once, if he used the most popular paper wallet generator See https://www.bitaddress.org/ Select the "Wallet Details" tab Check the "BIP38 encrypt" checkbox The "Enter BIP38 Passphrase" box is only there once
No BIP39 in this story The OP refers to a BIP38 password, which is a technique for using AES to encrypt a single secret key for a paper wallet Long before 2017, single-key paper wallets and BIP38 were not recommended. The OP's error was that he ignored that advice
Did you know if you encrypt the word oranges with BIP38 it encrypts as the word gullible?
Do you even know anything about Bitcoin? He even states explicitly in the post BIP38 paper wallet. Have you ever made one?
f the wallet uses a standard like BIP-39 for the seed (most do), you can import those words into another compatible wallet. That’s the whole idea: the phrase belongs to you, not the app. Always worth checking what standard they use before you commit big funds
> The last word in BIP39 is a checksum of the first 11 The last 8 bits of the 264 is a checksum of the random 256 bits (first 8 bits of the SHA256 hash of the 256 bits) So the last word is the last 3 bits of the random and the checksum Your brute force count is 2^47
I created a BIP39 wallet. Then in Tools, I see Sweep Private Key but it's greyed out. I don't see how to un-grey it.
What type of wallet is it? BIP38 paper wallet, Electrum, Bitcoin Core? And do you remember anything about the password? Happy to take a look if you want.
1950 MKeys is 1.9 millions per second, so it should be BIP39 in PBKDF HMACSHA512 (is very good for 3080gpu) I achieved 1 billion per second, but it was directly on the private keys, without the extra encoding of BIP39T. [https://github.com/ipsbruno3/secp256k1-gpu-accelerator/tree/main/nafs](https://github.com/ipsbruno3/secp256k1-gpu-accelerator/tree/main/nafs) NAF windows allowed me to further optimize the code.
It's worth remembering that BIP39 uses PBKDF HMACSHA512, which is designed to prevent brute force attacks. This means you won't be able to reach more than 5 million seeds per second... BIP39 is shielded against brute force attacks, which makes it difficult for me to recover my Bitcoins. That's why the idea of the FPGA is to reduce long-term energy costs.
Wow, that's incredible! 2 billion on a modest GPU is absurd. What tool were you using? My secpk accelerator is doing 1 billion per second using point\_add; the trick here is that it doesn't need to keep redoing multiplication on big ints all the time, just add a point on the curve, incrementing and summing. Regarding my seed, you're partially correct. The last 5 are 2048\^4\*128 and not 2048\^5. The last word in BIP39 is a checksum of the first 11. This is the trick that will allow me to recover my Bitcoins in 3 years and not 40 years.
This is one of the reasons why it's hard to recommend passphrases (even for "modern" BIP39 wallets). Other methods have built-in redundancy checks to ensure that a typo won't ruin you. For instance, with multisig, you store your seeds as multiple mnemonics. If you somehow mistype one of the words in your backup, it can be easily corrected by looking up the wordlist. Even before the BIP39 days, mistyping a private key directly could be somewhat avoided using the built-in checksum. The problem with passphrases is that they allow completely arbitrary content, making it very easy for transcription errors to slip in.
Largely agree with everything you said, you're obviously well versed in Bitcoin, except this part: > You literally print all 2048 words from the BIP 39 list and cut them into small individual words and pick them randomly to generate your seed phrase. While this is better than using an online wallet to generate the seed (and honestly even a Ledger), it's still not ideal, as mixing/picking words in a truly random way is quite hard to do, and picking from a cut up list means that each word can only be selected once, limiting the total entropy. Unless you put the words back in after each pick, but then you're back to the mixing problem. This is not to say that mixing pieces of paper in a way that results in high entropy picks is not possible, it can be achieved with specific techniques, but you'll need to ensure that every piece is the exact same size, there are no folds, a hexagonal or octagonal mechanical tumbler is used, the tumbler is made of metal to avoid static electricity, etc. The better/easier analog option is to use dice or coins and match your throws to a printed wordlist. This is best done with octahedral dice (D8), although it can be done with regular cubic dice.
Memorizing seed phrases is not advised. You open yourself to a $5 wrench attack. If your stack is worth less than 1 month of your labor, you will have bigger problems to worry about if you get a head injury and lose your seed phrase due to memory loss. If your stack is worth more than a year of your labor, consider multi-sig and make no effort to memorize multiple seed phrases. The following is my recommendation: The crucial starting point is to generate seed phrases securely. Best to use entropy that is not linked to any kind of random number generator RNG but uses an analog method, such as rolling dice, or my preferred method, which is picking words from a hat. You literally print all 2048 words from the BIP 39 list and cut them into small individual words and pick them randomly to generate your seed phrase. [https://github.com/hatgit/BIP39-wordlist-printable-en](https://github.com/hatgit/BIP39-wordlist-printable-en) After you have a highly secure and analog seed generator, you are now ready to create wallets. My preferred software wallet is the FOSS sparrowwallet.com. My preferred hardware signing device is the do it yourself and FOSS [SeedSigner project](https://github.com/SeedSigner/seedsigner). With SeedSigner, you can enter 11 words that you picked from the "hat" enter them and it will calculate the 12th as a checksum and then it will guide you through writing by hand a QR code. This QR code is your seed so protect it. With the QR code, you can then scan it with your SeedSigner and then using what's called a partially signed bitcoin transaction PSBT you can create your wallet with Sparrow and sign transactions - spend Bitcoin. This way, your seed, or private keys, have never entered an Internet connected device. Absolutely air gapped. You backup your 12 words by hammering them onto stainless steel washers using the Blockmit jig for clean strikes. Put them on a bolt and secure it. You can wrap them in paper and coat them with clear fingernail polish for a tamper evident layer. With this set up, you are ready to create extremely secure bitcoin wallets. It's also very useful for more complex multi-sig wallet set ups that require multiple seeds to sign transactions. When creating multi-sig wallets, for example, a 2 of 3, you create 3 seeds, and 2 of them are required to sign (spend). A recommended solution for storing your steel seeds is to secure each one with a separate lock box service. These are commercial establishments that provide highly secure lock-boxes similar to safety deposit boxes that some banks offer. Place each seed with a different lock box provider in separate locations, cities or even countries. Remember, your HODL wallet is not for regular transactions, but for very long term storage. An important consideration for multi-sig is that the xpubs must be preserved. xpubs (public keys) are used to set up a watch only wallet for securely depositing funds and tracking all UTXOs. They cannot be used for spending funds (private keys). xpubs should be stored carefully, but do not require the same level of security as the private keys (seed phrases). Therefore, you can store xpubs with your password manager's secure note feature. These can also be encrypted and backed up on internet connected devices. If someone gains access to your xpubs, you lose privacy, but you do NOT lose your Bitcoin. And to verify everything, you run a node preferably on GNU-Linux, and connect your Sparrow wallet to it. My node preference is Knots. Once you have your 3 lockbox locations and seeds secured, you can write up instructions as to their locations which will only be made available to the appointed executor in your will. If you have no heirs, consider willing your Bitcoin to an institution that you support or some philanthropic cause. Being your own bank requires a deep level of responsibility.
Most likely a derivation path issue. Bluewallet and Electrum use different paths depending on the address type: BIP44 (m/44'/0'/0') → Legacy addresses (1...) BIP49 (m/49'/0'/0') → SegWit wrapped (3...) BIP84 (m/84'/0'/0') → Native SegWit (bc1q...) Check which address format you're expecting and make sure your script uses the matching path. That's usually where it breaks.
That's the beauty of BIP38 - unlimited attempts, you just need patience... and a lot of GPU power 😅
Bitcoin Core no utiliza mnemónicos de semilla. Si te equivocas sobre el origen de la billetera y crees que tus seis palabras son, de hecho, la mitad de la oración mnemotécnica para una billetera Bitcoin BIP-39, puedes intentar usar [btcrecover](https://btcrecover.readthedocs.io/en/latest/) ... pero con casi 74 trillones de posibilidades, prepárate para esperar un poco.
Bitcoin core never used BIP39 so this post is just full of shit, probably written by someone looking for attention. Get yourself a life.
Pool shares using Stratum v1 have complete control over mining, and nearly all Bitcoin miners in mining pools use Stratum v1. 2013 was a temporary hard fork + a soft fork. BIP-123 defines a hard fork as "In a hard fork, structures that were invalid under the old rules become valid under the new rules." v0.8 created transactions that were invalid under 0.7.2; thus it's a hard fork. Bitcoin devs asked 2 of the largest mining pools over the bitcoin-dev IRC channel to 51% attack and reorg the chain back in 2013. The mining pools gave very little warning, and there was even a $10k double-spend on OKPay as a result of the sudden reorg.
I would never give my wife my keys to my BTC, my "ex" wife was more concerned about MY money than anything else, and now im using "ex" for a reason... First thing first, you never leave your main pile of BTC on exchange. Have a cold wallet, i for example have a trezor wallet that support BIP39. Here a step by step on a trezor 5 - Open the trezor suite - create a wallet - select 24 words Write down exactly!!! Correct order, correct spelling, number them 1 to 24 Trezor suite will ask you to renter the words. If ever you fail here: redo. Transfer the same 24 words on metal, yes on metal: engraved! Double check spelling, store paper 📃 temporarily then once the metal version is ok 👍 destroy! Never ever take pictures or screenshot of your seeds!!! NEVER Once you got that, enable the passphrase on trezor. Settings->Device->toggle passphrase ON. Choose a strong passphrase, a sentence that you'll never forget anyway unless Alzheimer. Create a standard wallet. This is your real wallet where you will store your BTC, put only 1000 satoshi on the first one. Now: put your engraved seed words ona safety box. You have the keys, your wife a copy. Passphrase: you got a copy and a backup, you give a copy to your lawyer or whatever person of trust your wife dont know/have access to. If ever someone recover your seed they will see only those 1000 satoshi (it will act as a decoy), its a "fake" wallet you dont really use it. The lawyer should receive a sealed envelope wiht clear instructions on how to recove: not digitized, not emailed, not photographed. 2 sealed copies on 2 different locations. Never give him seed, hardware wallet, pin. You clearly states in your letter thst if only 1000 satoshj appears the passphrase is missing or incorrect. So wife has no passphrase until you die, and the lawyer has no idea of the seed location. Its paramount that you test the recovery once!
I have thought about this. The crucial starting point is to generate seed phrases securely. Best to use entropy that is not linked to any kind of random number generator but uses an analog method, such as rolling dice, or my preferred method, which is picking words from a hat. You literally print all 2048 words from the BIP 39 list and cut them into small individual words and pick them randomly to generate your seed phrase. https://github.com/hatgit/BIP39-wordlist-printable-en After you have a highly secure and analog seed generator, you are now ready to create wallets. My preferred software wallet is the FOSS sparrowwallet.com. My preferred hardware signing device is the do it yourself and FOSS SeedSigner project. With SeedSigner, you can enter 11 words that you picked from the "hat" and it will calculate the 12th as a checsum and then it will guide you through writing by hand a QR code. This QR code is your seed so protect it. With the QR code, you can then scan it with your SeedSigner and then using what’s called a partially signed bitcoin transaction PSBT you can create your wallet with Sparrow and sign transactions. This way, your seed, or private keys, have never entered an Internet connected device. Absolutely air gapped. You backup your 12 words by hammering them onto stainless steel washers using the Blockmit jig for clean strikes. Put them on a bolt and secure it. You can wrap them in paper and coat them with clear fingernail polish for a tamper evident layer. With this set up, you are ready to create extremely secure bitcoin wallets. It’s also very useful for more complex multi-sig wallet set ups that require multiple seeds to sign transactions. Being your own bank requires a deep level of responsibility.
Next level is importing that same seed into a dedicated non-custodial wallet and leaving RH as just an on-ramp. I pulled mine into Gem Wallet after doing a couple of tiny test sends. Same BIP-39 phrase, but now it lives in an app that isn’t tied to a stock broker’s business decisions
Whether you want to create wallet gifts for babies or a secure wallet for yourself, the key is to generate seed phrases securely. My preference is to use entropy that is not linked to any kind of random number generator but uses an analog method, such as rolling dice, or my preferred method, which is picking words from the hat. you literally print all 2048 words from the BIP 39 list and cut them into small individual words and pick them randomly. https://github.com/hatgit/BIP39-wordlist-printable-en After you have a highly secure and analog seed generator, you are now ready to create wallets. My preferred software wallet is Sparrow. My preferred hardware signing device is the do it yourself SeedSigner project. With SeedSigner, you can enter 11 words that you picked from the "hat" and it will calculate the 12th as a checsum and then it will guide you through writing by hand a QR code. This QR code is your seed so protect it. with the QR code, you can then scan it with your SeedSigner and then using what’s called a partially signed bitcoin transaction PSBT you can enter the seed into sparrow and sign transactions. This way, your seed, or private keys, never enterwd an Internet connected device. Absolutely air gapped. With this set up, you are ready to create extremely secure bitcoin wallets for yourself and for important people in your life. It’s also very useful for more complex multi-sig wallet set ups that require multiple seeds to sign transactions. Being your own bank requires a deep level of responsibility. Passing this knowledge to babies, to future generations is an incredibly virtuous thing to do. Best of luck, and let me know how it goes.
Bitcoin adopts BIP-341 (Taproot) style upgrades to include Lamport signatures or other PQC methods. By the time IonQ has 8,000 qubits, the "active" Bitcoin network will likely already be using "Quantum-Safe" addresses.
Your seed phrase is your wallet. Your BIP32 root key is your wallet. You have handed over your wallet to some stranger in multiple ways.
Funny how there are over 30 comments but not a single answer to your question. I'll echo every other post and say you shouldn't be putting your seed anywhere. Now that that's out of the way.. No, the BIP32 root key does not give access to your wallet. Regardless, you should move the coins anyway, assume your seed phrase is compromised. https://rya-sge.github.io/access-denied/2025/03/27/bitcoin-keys-102/ https://bip32.tools/?lang=en
So yeah my seed phrase of 12 words is safe in that site. I'm sure. But what about the BIP32 key? If you or someone tells me that they cannot access my wallet using the BIP32 key, I'm probably safe and can be easy.
>Yes but anyone can create another version of a hard cap supply. Yes. Many have tried. The difference is that Bitcoin is decentralized. Decentralization isn't something you can program in. It's a physical process in the real world. Bitcoin had the advantage of being the first mover and had natural, grassroots decentralization as a result. This process is very difficult to replicate without a centralized entity behind it, thus making the project inherently centralized. Bitcoin's decentralization is a critical component of its value proposition. >BTC will be broken by quantum computing. And a new form of digital currency will need to exist. Bitcoin will be updated to fix the vulnerability. One proposition for how to do so is [BIP360](https://bip360.org/). >So many BTC people said gold is dead. And so many gold people are saying BTC is dead. Neither were right.
I didn't give him my seed phrase, I just have him BIP32 Root key. The only thing I did was put my 12 word seed phrase into bip39mnemonic.com to generate the BIP32 Root key. Is that site safe the bip39mnemonic.com? Because the site has my 12 word seed phrase. The guy only has the BIP32 Root key. My assets are still in my wallet about 50$
I pasted the seed phrase into bip39mnemonic.com & just generated a bip32root key. If bip39mnemonic isn't a safe site, then I can say my wallet is compromised. I just sent the bip32rootkey to the persons software. So the person has my BIP32 Root key. My question is that can he use the bip32rootkey to get to my wallet? No one has access to my 12 word seed phrase, just the root key. The 12 word phrase is just put into the site called bip39mnemonic. Unless that site is not official or has been flagged or something or made by a scammer, then I can say I'm safe. But my concern is that can he access my wallet using BIP32 Root key?? That I'm sure he has.
>Can this BIP32 Root Key be used to get into my wallet? Who cares? The seed phrase you gave him will do that just fine.
Good points. Quantum is a long-horizon risk, but there are active proposals like BIP-360 to enable a post‑quantum migration path. BTC is mostly saved today, yet Lightning usage is growing—public capacity recently hit ~5,606 BTC. MSTR index pressure affects MSTR, not Bitcoin’s core rules.
Good for you. Having your assets in a personal wallet is not bad, and a respected phone app is a lot better than a desktop app. Next step when the amount is uncomfortably large is to move on to use a hard signing device such as Trezor. This completely protects your wallet seed from any electronic hacking, making sure the seed is secure even if your computer or phone is completely hacked. Keep in mind that the wallet seed IS your wallet. You must not ever share this with anyone/anything. Your BIP-39 mnemonic is only used for recovering access to the wallet using another wallet app or signing device If you ever get asked to.provide your seed for whatever reason then RUN AWAY. You are dealing.with scammers trying to steal your crypto. Common attack vectors include - "account validation" - "connecting your wallet to some lucrative service" - "recovering locked funds" Andany other. But they all have in common that they are trying to lure you into giving away the keys to your treasure chest. The seed phrase is NOT used in any such context and the only reason they ask for the seed phrase is to steal your assets.
Ah yes, BRD wallet and their custom HD path. To recover, input your 12 words into BlueWallet, then select custom path, and input “m/0’” into the free text field. Finally, select BIP44 P2PKH, and bosh. Wallet recovered.
Current impact…fairly small, but nonzero. Future impact…I would say will be very large. Even if the community moves forward with the BIP(s) to address it, it will be a slow and probably extremely contentious process.
Hourglass - This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses
Working on it!!! Hourglass is on the table check it out - https://github.com/cryptoquick/bips/blob/hourglass/bip-hourglass.mediawiki This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses
Look up hourglass - best one so far This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses
Yeah, and they can pay fees to move them slowly... Hourglass proposal helps this be orderly - This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses
Hourglass is a good option gaining steam. This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses
Lame - won't happen. Already working on better options like the Hourglass protocol. https://github.com/cryptoquick/bips/blob/hourglass/bip-hourglass.mediawiki "This BIP describes a new set of spending rules for Bitcoin called "Hourglass." The intent is to impose a throughput restriction on the number of P2PK spends to one per block-- to slow the inflationary impacts of potential quantum attacks on these addresses" Simple and good for everyone
Quantum threat is much more a market problem than a practical problem right now. But if AI advances as fast as some suggest, it may be that a quantum computer with sufficient capacity to find private keys will be with us sooner than expected. Supporting an appropriate BIP now is a good idea. Any Bitcoin not moved to a secure address after a certain date should be burned.
There have been BIP’s for ages on fixing quantum issues. It can be done. We just need a way to queue transactions on a layer 2 during the fix. (BIP = Bitcoin Improvement Proposal paper)
Not sure yet. He posted this on X. There is a BIP or two out there. But no where near consensus yet.
That's not true. There are plenty of fundamentals. Network activity, network hashrate, coins in circulation, how many BIP have been implemented and what they changed, node health and software, software concentration of nodes, etc. Plenty of fundamentals they just have nothing to do with watching the price chart (which is what 99% of people do).
quantum computers are real threat to crypto. they are threat to any system that uses public key cryptography. that is a fact and not some FUD gimmick. the good thing is that we have the tools to upgrade blockchains to be quantum-proof. there are already many quantum-resistant algorithms. and there are already proposals to do this, e.g., BIP360 for bitcoin. but it takes time to achieve consensus, make the technical upgrade, and move all coins to quantum-proof addresses. there is a reason why all the other industries (tech, banking, military, telcom, etc) are working on post-quantum cryptography, for example: * **Cloudflare** uses hybrid post-quantum key exchange by default across its network, which handles \~20% of all websites. In October 2025 they announced a huge milestone: the majority of human-initiated traffic with Cloudflare is using post-quantum encryption. (Source: [Cloudflare](https://blog.cloudflare.com/pq-2025/)) * **Apple** added post-quantum encryption to iMessage in 2024. (Source: [Apple](https://security.apple.com/blog/imessage-pq3/)) * **Google** has added PQC to Chrome and Android. (Source: [Google](https://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html)) * **Microsoft** has integrated PQC into Windows, Azure, and Microsoft 365. (Source: [Microsoft](https://www.microsoft.com/en-us/security/blog/2025/08/20/quantum-safe-security-progress-towards-next-generation-cryptography/)) * **IBM** is testing quantum-safe tools for mobile networks. (Source: [IBM](https://www.ibm.com/quantum/quantum-safe)) * **Amazon Web Services (AWS)** offers PQC options for cloud data protection. (Source: [Amazon](https://aws.amazon.com/security/post-quantum-cryptography/)) * **Intel** added PQC support to its software tools in 2025, enabling quantum-safe encryption for cloud applications. (Source: [Intel](https://builders.intel.com/solutionslibrary/accelerate-post-quantum-cryptography-with-intel-crypto-technologies)) It's a technical problem that we can solve if we want to. but if we do not solve it, it's going to be bad times when Q-day comes. When it comes, no one knows. it can be 5, 10, or 25 years from now, but it is pretty certain that it will come.
OP, I don't understand this missing file you're talking about, but most comments, although tainted with negativity, are right. If you did not properly store your private key back in 2018, these bitcoins are gone. That being said, it is unclear to me under what form the private key was in electrum in 2018. Was it a seed phrase like in BIP 39 ? Was is encoded into a file like like wallet.dat in bitcoin core ? Hard to tell. Therefore, what I suggest is for you to download a 2018 old version of electrum on your daily laptop and to try to create a new wallet with it. This way you will probably redo the steps you did back in 2018 with your windows 7 laptop, which will help you understand under what form the private key was encoded. Then only two possibilities : - You indeed saved the private key back then and can therefore access your bitcoins - You didn't save the private key and the bitcoins are forever inaccessible. In that case, just move on and don't dwell on that loss
its just like the internet where it sounds complicated unless you use it. you can just buy it on an exchange and theres these digital wallets you can make from apps or order a cold wallet from a trusted company. They are called BIP-39 wallets and once you make them they give you a 12 word passcode which is important to remember when sending bitcoin to those addresses. any trusted exchange will give you 500 dollars worth of bitcoin which right now is like 450,000 satoshis and theres 100 million satoshis in one bitcoin.
BIP39 wasn't active back then. Good luck finding that 64-digit hexadecimal string!
1) If I remember correctly, the banana split sheets let you break down 24 words into a list such that always 2/3 sheets recover the full seed. 2) What is SeedXOR? 3) Mh, multisig is less convenient because it would require me to travel to 2/3 locations and I'd probably need to buy 2 additional devices to create the signatures? 4) Haven't thought about it. I just followed the recommendation in the video I linked. You're suggesting to roll for words in BIP39 list?
A couple things in no particular order - what is a banana split sheet? - are you aware of SeedXOR? I think it's a better option for what you're doing - if you are this advanced/paranoid, why not do multisig? - why not use BIP39 words for your passphrase?
Been wondering this too honestly. Maybe they're just sticking with what works and don't want to deal with the added complexity of supporting multiple standards? Could also be a security thing where they'd rather focus on perfecting BIP39 implementation instead of spreading resources thin
I‘m long in some of the quantum projects because I think this sector will rocket when the major projects start the Migration process. Spend some time on the BIP360 approach for BTC and it will not be that easy to come to an consensus as several philosophical questions have to be answered (what to do with Satoshis coins?). Nevertheless a lot of bullshit projects out there in the quantum secure area
BIP47 public payment code / PayNym
Yeah, problem is that news like that will keep gaining attention. That's why it would be far better to say there is a BIP that has enough consensus and is being developed. But the topic has been around a long time and people are programmed to fight it rather than address it.
Of course computers can generate keys themselves, but RNG logic is the hardest part to test and verify on a device. That's why generating from dice is so compelling. As long as your dice are reasonably fair, you're a few throws away from making sure nobody's handing you mnemonics from a preselected pool. Takes 15 minutes at most. Plus, you really only need to do this a few times in your life. Using BIP85, you can generate a single master seed, from which you can derive a near-infinity of mnemonics (from which you can derive a near-infinity of wallets)
> so when that company shuts down, then your coin still gone right? So pretty much every modern wallet supports what's called "BIP39". This is a wallet standard which means the wallet generates 12 or 24 random words (the "seed phrase") from a standard list which are in turn used to create your keys & addresses. These words can be used to recover your wallet completely to any compatible device or app. The words need to be carefully written down (some even stamp them into metal plates) and stored securely *offline*. These words are far more important than the device or app itself. When you hear about scammers stealing someone's bitcoin, it's usually by *tricking* them into typing their seed words into a website, or finding a photo of them on a hacked device or account. You need to protect those words at all costs and never reveal them to the multitude of scammers who are trying to fool you with DMs or spam emails.
You can use your recovery phrase with any wallet compatible with BIP39. The 24 word recovery phrase isn't ledger specific, its universal and will backup your wallet if something like that happened, and would be able to transfer your wallet onto another cold wallet. All of this is possible because you hold your own coins, so even if ledger goes bust, you still have the physical copy of your recovery phrase, along with your private keys (the most important part) Now compare that to if an exchange went bust with your coins on it...
This is not entirely true. Adding a password (BIP-38) just adds more entropy to the seed phrases entropy. Even it its leaked, you don't know the HMAC of the first n words anyway. BIP38 phrase can be full random, not like BIP-39, meaning you better back it up or remember it. Can be possible to brute force if you have the seed phrase in a disaster recovery. Also, you can create a "muggers wallet" on the ledger without the BIP-39 passphrase. Put a small amount of coins there, then use the password for the real holding. The attacker still needs the seed phrase (and the device), which wouldn't show anyway.
I disagree with the OP. Adding a password (BIP-38) just adds more entropy to the seed phrases entropy. Even it its leaked, you don't know the HMAC of the first n words anyway. BIP38 phrase can be full random, not like BIP-39, meaning you better back it up or remember it. Can be possible to brute force if you have the seed phrase in a disaster recovery. Also, you can create a "muggers wallet" on the ledger without the BIP-39 passphrase. Put a small amount of coins there, then use the password for the real holdings.
Great project! Bitcoin implementations from scratch are excellent learning tools. For your collective blockchain storage idea, you're essentially describing a form of "pruned nodes" but with distributed responsibility. Check out BIP 157/158 (compact block filters) and "Neutrino" light clients which handle similar challenges of partial blockchain validation. The challenge with your random block storage idea is reliability - how do you ensure enough redundancy for less-accessed blocks? What happens during network partitions? You might want to look into erasure coding techniques from distributed systems. For educational value, absolutely! Your project reminds me of Jimmy Song's approach in "Programming Bitcoin" but with Zig's memory safety benefits. Consider adding explan