Reddit Posts
Change BIP32 Path (derivation path) for nunchuck key (Ledger S)
Recover btc multisig wallet including signers with passphrases without using sparrow wallet
Receive Lightning payments while offline (BIP 119 CTV)
Can anybody recommend a wallet that supports importing zPUB extended public addresses?
Seed Phrase Generation Using IanColeman BIP39 Tool & Entropy Question
The BIP39 Passphrase, and how even the best hardware wallets let us down
The BIP39 Passphrase, and how even the best hardware wallets let us down
Could I use the BIP85 child seeds and Nostr keys, both derived directly from my ₿ seed on my Blockstream Jade, as the Passport Foundation wallet has done? (or something similar)
My Dream Hardware Wallet (it doesn't exist yet)
Who knows of any HWWs that can create BIP85 child seeds and Nostr keys, both derived directly from my ₿ seed on an HWW, as the Passport Foundation wallet has done?
Don't rush straight to another hardware signing device, learn the basics of Bitcoin self custody first [Serious]
Trezor security vulnerabilities - Clear up what is actually possible
Misconceptions about Trezor vulnerabilities when using the BIP39 25th Word
Comparison of Hardware Wallets (Conclusions After My 5 Hour Evaluation)
[Devs] Criterion for choosing private keys in a 2-of-3 Multisignature scheme
Is Ladger hiding something? They banned my post.
Why can't we perform an intelligent search of the correct order of a randomly ordered 24-word seedphrase if brute force is impractical?
BIP85: Segregated Bitcoin Accounts From One Seed (UNCLE JIM MODE)
Your seed phrase is not a chicken - so don't butcher it!
Want a hardware wallet but don't want to buy one?
EU greenlights Travel Rule 🕵️, Bitcoin's anti-censorship BIP 🛠️, Trezor and Wasabi team up but concerns linger 🫤 - Issue #4 of the Bitcoin Breakdown Newsletter
How I created a distributed backup for my seed phrase
Create stronger passphrases with diceware! Roll dice to generate more memorable and secure passphrases
This Upgrade Could Make It Harder for Governments to Censor Bitcoin
best hardware wallet ever? also the most secure PC ever? amazing
Running a BIP 324 Bitcoin Node Can Help Make You and The Network More Private
Bitcoin is stupidly complicated - much more than any other crypto (Rant)
How I protected my Ledger recovery seed phrase
How I protected my recovery seed phrases
CoinLegacy Recovery Kit: protect your recovery seed phrases against loss, damages, theft and death
CoinLegacy Recovery Kit: protect your recovery seed phrases against loss, damages, theft and death
Friendly Reminder: If You Use Smartphone Crypto Wallet Apps, Clear Your Text Prediction Cache, Your Smartphone Never Forgets.
Another way of writing down your seed phrases
What’s a good BIP39 wallet to transfer my bitcoin and ethereum to?
$100 in ETH if you guess the order of my seed phrase (24 words)
Help me understand this BIP32 path of my Bitcoin IRA I am setting up
A worry for the future? Supercomputers and the Guessing Game
Technical Tuesday | BIP 324 | Enabling Encrypted Transport Between Bitcoin Nodes
What do you guys think about BIP 300 and BIP 301? Security budget issue with BTC?
BIP 329 sets a new standard that will make it easy for #bitcoin wallets to allow users to back up various types of wallet labels and import them into other compatible wallets.
Idea for an indestructible physical seed phrase back up
BITCOIN MONTHLY 23 - Samourai adds back stealth mode, BIP329, Luke DashJr coin loss and data breaches LastPass and Twitter
Any suggestions for an easy bitcoin wallet to introduce bitcoin to my wife (complete beginner)?
Do you know any blog or news site to follow technical developments in Bitcoin and next BIPs?
Trying to test LN, turning into a small, time consuming failure
I’m currently in the process of building a Safu Ninja metal seed storage and have a question about BIP 39.
Seedshift - steganographically encrypt your seed words
Seedshift - steganographically encrypt your seed words
How is it able to track BIP Bitcoins to the main wallet if i will never use that BIP adress again?
Do yourself a favor and keep up with Bitcoin development and news
Is BIP-119 or also called C(C)TV still a thing?
Bitcoin be zero before 2030s! forked to multiple quantum-resistant chains, lead to collapse of consensus, as per White House NSM10 have called whole-of-state for migration to PQC quantum secure. but all digital signature algos, even in future 20 years, are bigger sizes in either pubkey or signature
Any problem with this seed mnemonic technique?
Any problem with this seed mnemonic technique?
Interview: Paul Sztorc on Baltic Honeybadger 2022 & BIP 300
Another fake version of Ian Coleman's BIP 39 tool is being promoted via a sponsored Google Search result. Beware!
In July 2015, the largest-sized Bitcoin transactions were made. They each consisted of 1000s of UTXOs and took up 99.9% of their blocks, but cost only $0-15 in fees.
[SERIOUS] In July 2015, the largest-sized Bitcoin transactions were made. They each consisted of 1000s of UTXOs and took up 99.9% of their blocks, but cost only $0-15 in fees. In Bitcoin culture, this was considered a dick move.
[SERIOUS] In July 2015, the largest-sized Bitcoin transactions were made. They each consisted of 1000s of UTXOs and took up 99.9% of their blocks, but cost only $0-15 in fees. In Bitcoin culture, this was considered a dick move.
Controversial update of core Bitcoin 24.0 and the effects of Zero-confirmation transactions on scaling and security.
CRYPTO WALLETS 101: PART-2: Difference between private-key and seed-phrase, and explaining the statement 'Your Seed-Phrase is your wallet'
Is BIP39 the new standard? Should I expect it to be supported long-term?
Am I fine with a multi-sig setup utilizing seed XOR for maximizing ease of use and security?
[SERIOUS] How i found a solution to store my crypto in self-custody!
[SERIOUS] Reminder for new hardware wallet owners - Use a passphrase!
SLP433 v2 P2P Transport Protocol for Bitcoin Core (BIP324)
A brain/hash wallet is the best form of crypto storage.
Handy One Page BIP39 WORDLIST Printout (PDF) I've made - or 2 pages if you want it bigger. Maybe it'll be useful to some of you
Mentions
Yes BIP39 has serious issues. Only storing the entropy and not the derivation path etc. Descriptors are much better. Personally I like the simplicity of "write this down and don't lose it". I can easily keep a piece of paper with instructions to recover my whole stack. I can do that process on a new machine and be confident of finding all my addresses given entropy and derivation path. Having a descriptor wallet with a digital backup. Something I have to maintain versions of myself. Seems harder and more risky. I think this is one of the great problems left to solve for self-custody. I really like the approach muun wallet has taken: [https://blog.muun.com/why-not-just-a-mnemonic/](https://blog.muun.com/why-not-just-a-mnemonic/)
> BIP 39 was actually Nack'ed by the code reviewers I believe no code was written. The "Unanimously Discourage" tag was applied before any BIP39 work was attempted for the Core wallet As I recall, the timeline doesn't work for Core anyway. BIP39 creates a binary seed for BIP32 HD wallets. Core didn't get a HD wallet until after the BIP39 spec was written > descriptor wallets These will allow flexibility - different derivation paths for different keys, including the option of a custom script for any key->address derivation The price of adopting this flexibility is the requirement to have an up-to-date backup of all the wallet's descriptors Recovery mnemonics (BIP39 and its predecessors) are a hack which responds to the near-universal failure of users to make wallet backups Descriptors are a great improvement, but I'm not convinced that it's possible to educate the masses to make frequent backups of their descriptors
> BIP 39 was actually Nack'ed by **the** code reviewers. That is misleading. "...by *some of the* code reviewers."
[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) BIP: 39 Layer: Applications Title: Mnemonic code for generating deterministic keys Author: Marek Palatinus <slush@satoshilabs.com> Pavol Rusnak <stick@satoshilabs.com> Aaron Voisine <voisine@gmail.com> Sean Bowe <ewillbefull@gmail.com> Comments-Summary: Unanimously Discourage for implementation Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0039 Status: Proposed Type: Standards Track Created: 2013-09-10 Just so this is highlighted, I repeat: "Comments-Summary: Unanimously Discourage for implementation"
> BIP 39 was actually Nack'ed by the code reviewers. Misleading. *Some* code reviewers.
If it's the Bitcoin only edition it can be a good choice. It's open source but if you can't verify code yourself just don't update firmware or at least not as long not necessary. You can protect the seed from the start using a BIP39 passphrase account against physical as well firmware attacks. Learn about this very well before you start. All and all buy directly from the company can be the best choice.
It's not about multiple hardware wallets, use a Bitcoin only open source HW to generate the seed offline, protect the seed with the BIP39 passphrase. If this becomes a problem for you or anyone, Bitcoin only becomes more valueable.
I got a deal on 2 jade devices. I used one to generate a primary seed phrase for my KYC Bitcoin. And I use BIP-85 seed phrases from that device for a few other instances where I want new keys. (This basically uses info from the first keys to generate the second keys, but isn’t backwards compatible to figure out the first keys) The other device I use for non-KYC Bitcoin. This makes it easier to be more careful about making sure I don’t mix anything. My stack o’ sats isn’t big enough to consider anything more sophisticated yet. But eventually I’ll set up a multi-signature wallet that requires more signing devices/keys to authenticate a transaction. Right now that just feels like overkill for my humble stack. But assuming that grows in quantity and value in the future, I’ll want to secure it for my family in a more substantial way.
EDIT: I've just reread what you wrote, you are confused and I might be causing confusion by saying 25th word when I mean passphrase which is part of BIP39, every wallets seedphrase uses either 12, 18 or 24 words made from a list of more than 3,000 that derive pretty independently from each other. You can choose a 25th word as a pssphrase which in itself derives a different wallet. Any manufacturer of hardware wallet that claims they support bip 39 has to support a 25th word designed as a passphrase because bip 39 is a standard. This is nothing to do with trezor hardware security, all wallets allow this, its a bitcoin improvement protocol. Trezor either generates 24 words itself or you can generate your own if you choose not to trust their entropy. Those words will be stored on the trezor and in another devices a secure element. This isn't 2FA.
EDIT: I've just reread what you wrote, you are confused and I might be causing confusion by saying 25th word when I mean passphrase which is part of BIP39, every wallets seedphrase uses either 12, 18 or 24 words made from a list of more than 3,000 that derive pretty independently from each other. You can choose a 25th word as a pssphrase which in itself derives a different wallet. Any manufacturer of hardware wallet that claims they support bip 39 has to support a 25th word designed as a passphrase because bip 39 is a standard. This is nothing to do with trezor hardware security, all wallets allow this, its a bitcoin improvement protocol. Trezor either generates 24 words itself or you can generate your own if you choose not to trust their entropy. Those words will be stored on the trezor and in another devices a secure element. This isn't 2FA.
don't know if this is sarcasm. an encrypted android device without any radio modules and purged by unrelevant apk is a quite safe method to store seeds. considering you can also encrypt with keepass using password + keyfile, usb storage is also secure. of course provided you have the seeds also properly engraved somewhere else (without BIP39 passphrase), to avoid any possible corruption of electronics.
It's just probability. The address space for BIP-39 (2^132) is way bigger than the number of quarks in the universe (2^80).
>Wait until OP finds out all hardware wallets have the same vulnerability to extract seed phrases through a firmware update. That's not true. [ColdCard docs > BIP-39 Passphrase > Optional Feature: Lock Down Seed](https://coldcard.com/docs/passphrase): > Locking down the seed creates a BIP-32 wallet by removing BIP-39 traits (seed words and passphrase), leaving BIP-32 hierarchical features and the rest of your COLDCARD's functions intact. After using Lock Down Seed on a ColdCard, even a firmware update can't extract the seed from the device **because it no longer exists on the device**. A firmware update (signed using Coinkite's private key) could still extract the extended master private key, but that's not the same thing as extracting the **seed** / recovery phrase. If you have one and only one wallet the distinction is moot, but if, like me, you use multiple, passphrase-specific wallets derived from a common seed, it's significant.
Not sure, if I understood the first part correctly. Are the below two statements correct: 1) Unreliable altcoin X has a private key Y, and a flaw in its design (either intentionally or not) can allow it reverse-engineer private key Y to obtain master seed Z 2) With non-hardened key derivation and BIP44 multi-account hierarchy, it can find my other cryptocurrencies and thereby steal those funds (by knowing my master seed Z)? Isn't the above problem also present on hardware ledgers as its also a multi coin wallet? And on the last part, how would a interaction with ETH for example lead to a exposure in bitcoin? I would to understand more and take appropriate measures.
Yeah, in terms of tech, some Chinese wallets defeat Ledger. Ngrave Zero is pretty much the most advanced wallet, and it is not Chinese (alongside the Coldcard Q1), but Ngrave is closed source and uses a different standard than BIP44 + they aren't long time in the game. Also, it is expensive AF. The upcoming Tropic Square Trezor (probs end of 2023 or early-mid 2024) will slap any wallet in the market. It will have an OPEN SOURCE secure element (Tropic Square chip), something that no other hardware wallet or smartphone with secure element have.
Multicoin wallets use non-hardened key derivation and BIP44 multi-account hierarchy. You also expose your bitcoin to unnecessary risks of potential exploits from interactions on unsecure altcoin chains which entail all sorts of approvals to third party contracts.
Thank You For Your Service Cypherpunks. Keep Writing Code. BIP 42 is one of my favorites :) https://github.com/bitcoin/bips/blob/master/bip-0042.mediawiki
>The person will still have to come up with a BIP and no matter how much coins they mined or bought. That's how Bitcoin works. haha, yeh, I get that, which is the reason for the question still.
> No significant wallets that mined in the early days to accumulate any amount of a % significant enough who could then possibly claim the creation for their own and change the path of direction by their views The person will still have to come up with a BIP and no matter how much coins they mined or bought. That's how Bitcoin works. > So clear now and obvious and now have zero questions about btc and about to transfer all wealth into said asset. Don't do that, please.
Options -> BIP39 Passphrase Connect to an app and click jade and you’ll be prompted for pin
If Bitcoin ever trades on the open market for $10 again, it’s because it has some critical vulnerability that destroys it’s value proposition and likely can’t be BIP’ed out. So I would think it would be dead.
> Did you check out Jade’s Wordlist passphrase method? Yes, but it's still too slow for every-time use unless one is using just a word or two, which means the passphrase would be easily brute force attacked, not to mention that if an attacker knows the person has a Jade and thus might be likely to use the Wordlist passphrase method, they could do a simple BIP39 wordlist attack to guess the passphrase. I'm not saying such an attack is likely. I'm saying the passphrase wordlist feature is good, but choosing a unique passphrase that is around 40 characters is better. So, what's needed is a fast way to enter a long and secure passphrase.
What about a way to generate the BIP39 seed words from biometrics, or from contents of a USB drive, or from a set of house keys? A dial where you choose several numbers like a dial combo, plus you insert a USB drive & you hash the files on it… or you read one or more “Kwikset” or “Schlage” house keys (plus the dial numbers). This is designed in such a way that if you insert the keys in the same order & choose the same number, you always get the same BIP39 words.
actual BIP39 mnemonic seed phrase is already a nice useful method to remember the actual seed example (randomly generated seed): mnemonic: transfer alcohol diesel person rain fiber pistol lava music crowd soldier warrior seed: 7bd2fe10ecb4732ceca9e0eb48a5fbd02f101f9b1e4f7f8a3aab3866feca4189e578201438a9c2cfa7fc9504e3a32e4266309e5b2bb12a67f64651202923d524 it's much easier to remember a mnemonic, when you are suggesting to remember the seed.
The BIP39 mnemonic code was introduced _just because_ words are easier to remember, written down or otherwise communicated than a series of random numbers.
No. Here's my routine: 1) Write down seed phrase. Take note of first receive address. 2) Wipe and attempt to recover from written seed, verify receive address matches. 3) Replicate paper seed into long-term medium (whatever you decide - verify again). 4) Optionally add a BIP-39 passphrase (or multiple, for different wallets derived from the same seed). ​ If I'm doing something a little more complex such as multisig, I always opt to use something designed for this like Specter or Nunchuk. It's really hard to mess up, these tools hand-hold you and make sure you know what to backup (all xpubs, all seedphrases, and resulting multisig xpub).
Yes, a zero conf double spend, or mempool replacement. *mempoolfullrbf* would work, as would setting the BIP125 opt-in RBF on the first transaction But the OP isn't running his own node, and is attempting to code a wallet with insufficient basic knowledge I suspect the answer comes from OP realizing that the UTXOs sent in tx1 should be marked as spent and not used in tx2. But his lack of basic knowledge has him asking for a coding tweak to let him submit the same UTXOs to a foreign node
Omg, every wallet has a different problem. Nunchuck can import the multisig file using a descriptor or bsms file, which indicates the correct BIP32 paths. If I want to import the keys individually without using a file, nunchuck does not let me enter the BIP32 path manually and does not produce the correct mutlisig wallet because of it (wrong derivation paths used). I cant find how I can specifiy derivation paths manually in nunchuck. What I found is that in theory I can write the bsms file myself on a texteditor whenever i need it and back it up by writing it down.
Not sure why exactly 2048, but words are chosen careful so that they are easily distinguishable, this is to make it as human readable/friendly as possible. Other languages can/do have their own wordlists also, but I guess it all comes down to implementation. You can read more about the original proposal here: [BIP39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki)
> Memorizing is cool until you forget words, confuse the order, or add words that were not part of the seed phrase. If they werent meant to be memorized, they would have used base32 or base64 for the root secret. BIP39 and similar specs were designed to be memorized, using mnemonic techniques. Memorization is the safest backup mechanism for root secrets. When used correctly, you are more likely to forget what bitcoin is or where you hid your backup than to forget your encoded mnenmonics. There is really no reason to use more than 12 words in any case, regardless of memorization. And never, ever, split your key like op suggests, not matter how long it is. If you need to make splits, use a secure splitting system like SSSS. Even better: use multisig.
From: https://river.com/learn/terms/h/hd-wallet: A Hierarchical Deterministic (HD) wallet is the term used to describe a wallet which **uses a seed to derive public and private keys**. HD wallets were implemented as a Bitcoin standard with BIP 32. Before this, most wallets generated unrelated keys each time a user required a new address. ------------------------------------------ ------------------------------------------ From https://vault12.com/securemycrypto/crypto-security-basics/what-is-bip39/: The BIP39 standard describes how a seed phrase is constructed. Related to BIP39, the most prominent wallet standards include BIP32 and BIP44: BIP32 ("Hierarchical deterministic wallets") lays out a framework for Hierarchical Deterministic wallets (HD Wallets) for Bitcoin so that the wallet software can control multiple separate Bitcoin accounts using a single seed phrase. Furthermore, BIP44 ("Multi-account hierarchy for deterministic wallets") defines the same organizational hierarchy for managing multiple accounts in deterministic wallets for all other than Bitcoin cryptocurrencies, like Ethereum, Dogecoin, etc. BIP32 and BIP44 work together to add flexibility, privacy, and interoperability to HD Wallets. HD Wallets extend the capabilities of deterministic wallets, allowing for the management of a huge number of keys, all of which are derived from the original BIP39 mnemonic sentence (seed phrase).
You could even use something like a coldcard that supports BIP85 and have each wallet as a separate account or derivation path. I think two stacks is the way as well
My problem is I cant even import the seed + passphrase that I created in sparrow into electrum. When importing a wallet, and entering all 24 seed words, I choose the option BIP39 and try to add the passphrase as the 25th word, but all i get is the seed without passphrase imported.
Electrum wallet is OG of has probably been around 11+ years, well before Trezor and BIP39 were invented. Older versions of Electrum did not support non-hardware wallet BIP39 mnemonic seeds, you were forced to use the Electrum mnemonic seeds which were a different dictionary of words. I think non-hardware-wallet BIP39 support was subsequently added, but I'm not sure.
I am making another scavenger hunt. You are supposed to find the seed phrase of a BIP39 wallet. Here is the first clue: >!it's 12 words!<. I will give you more clues when I reach 200M karma. /s I am just surprised you expected people to solve it with virtually no clues. And now you're complaining people try to brute force lol
If you created the passphrase the same way a wallet creates a 12-word seed, with 128 bits of random entropy, its brute-force resistance is 2^256 , the same as a 24-word seed > offline method to create a 24 word seed Download the Coleman BIP39 tool, and install it locally. Use that to make a 24-word recovery mnemonic
>knows your wallet address. This is not the case. That's the condition for the most trivial seed recovery, but you can easily use a database with all known addresses, and it doesn't even sacrifice speed once you build the db. >knows this is a scrambled key to that wallet and knows to descramble it In fact this will be self-evident to any attacker because the words are clearly from the BIP-39 word list, but the checksum is invalid. So the only thing that's left is the protection from the password manager. The scrambling itself doesn't add any protection at all.
Metal backup of a not encrypted seed phase is ok if you store your coins in "child" wallets which are recalculated from a master seed with the bip-85 standard. So all you have to remember is an index of your child wallet and a passphrase. You can get your child seeds at [https://iancoleman.io/bip39/](https://iancoleman.io/bip39/). Generate a new seed and click "Show BIP85".
I had to prove this to myself. I wrote a program that generates random BIP32 phrases and checks the wallets. I've run it for weeks. It's checked millions of wallets, and I haven't found a single one that is in use.
Not exactly. The 24 words are not random words, but chosen from BIP39 standard word list ([https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt)). If you used one of these words as a passphrase then it would be trivial to hack by a simple brute force method. The passhrase is an additional password you can add to your wallet. And better make it at least 20-30 characters long plus all the regular password suggestions.
i could argue it was already an issue those devices were 'trusted' without being able to verify anything, in a space where 'don't trust but verify' is an important concept. That was nothing more than trusting a pinky-promise. recent events were just a wake up call for most newbies and long time users not going deeper into details, or trusting the device because there are no available proofs of previous faults/leaks. it's also not completely true that any HW requires trust. a disconnected device signing txs with QR codes or PSBT is almost trustless. some HW devices also allows you to generate seeds using dice, and you are able to verify using BIP39 standard that they are dealing legit seeds. and you can also verify raw data you are signing, it's a matter of a click to decode hex data into text. the only weak point for any wallet, hardware or software might be the True Random Number Generator, extremely important for generating quality entrophy and also unverifiable in most cases. a weak or malicious TRNG could generate bad or weak seeds, but also tx nonces that could leak your seed after some spending (covert nonce channel attack). some vendors anyway are giving access to Secure Element design and firmware sources (including TRNG) after signing NonDisclosure agreement.
No, what I’m saying is there is no seed, they do not use BIP39 technology. There is a key that is created when you install the wallet. That key never is exposed to you. Tangem, or anybody else. In this wallet, you never see the key. It’s only on the three cards.
Right now only BIP85 has been release. It’s awesome, enjoy!
low available storage on Nano S is incompatible with Ledger Recover enabled firmware, that means it will probably never get it. this doesn't change that you still need to trust Ledger to not access your seed, because there is no way to verify closed sources firmware and data sent using USB connection to the online device. a valid workaround for Bitcoin (a good practice already valid before Ledger Recover annnouncement) would be to use your Ledger Nano to sign transactions on a offline airgapped machine (a computer without network connection). Partially Signed Bitcoin Transactions standard (BIP174) allows you to create a transaction on online watch-only machine, save PSBT on a USB drive, sign with Ledger on offline machine, save signed transactions on same USB drive and broadcast it with online machine. Ditch proprietary Ledger Live application and use Electrum, Sparrow or Specter (all wallets support PSBT) to get an almost trustless experience with Ledger Nano: you'll only need to check what you are signing.
Hi Crypto-Guide, I have been watching a lot of your content on your YouTube channel and it's impressive. I have learnt so much. As per this thread, I am very concerned about the recent Ledger situation and was considering to follow one of your DIY tutorials on seed creation. The video I am referring to is: "https://www.youtube.com/watch?v=j5nejoEGWFw". I have a question regarding the use of IanColemans BIP39 tool. You mention using multiple dice for randomness to get entropy to create the 24 word seed. In your video, you use 100 rolls to make up 256bits of entropy using Base6 values. From what I understand the result converts to binary to create the seed. What do you think if I were to roll a dice 256 times and enter the results as binary. An example of this would be if I was to roll a 1, 2, or 3, the binary result is "0". If I get 4, 5, or 6, then the binary gets reported as "1". Would this get the same entropy as your Base6 method? Also, would it make any difference to the overall entropy if I did the following: Words to generate (1 - 8): 1,2,3="0" and 4,5,6="1" Words to generate (9 - 16): 2,3,6="0" and 1,4,5="1" Words to generate (17 - 24): 3,4,5="0" and 1,2,6="1" What do you think? Your help is appreciated. Regards Darryl PS. Keep up the good work and awesome videos!
I understand. Interesting… https://github.com/lnpass/lnpass-web (A key manager for Lightning and nostr - BIP85: Deterministic Entropy From BIP32 Keychains)
I can't speak for the others, but since you've successfully implemented BIP85, to improve the security of the master seed phrase, for IRL security reasons, I'd appreciate the Seed XOR feature.
its a deposit on BIP324 ;) dammit, I should have tipped 324 sats
That all went down a few years ago, and it has been fixed the latest firmware. My previous rebuttal to this old FUD since I don't really want to type it all out again... *** > Trezor is simply an inferior product. I suppose everyone has an opinion. Since you are (properly) addressing some of the Ledger FUD, let me address some of the Trezor FUD that Trezor is trivial to hack with physical access. First off, there seems to be the impression that the 2020 `wallet.fail` presentation went unpatched since Ledger claimed it's unpatchable. This is patently false. After the original `wallet.fail` presentation Trezor firmware rolled three updates. 1. AES256 bit encryption on Trezor-T NAND (`sd-protect`) 2. Support for insanely long PINs on all products 3. Glitch exposure greatly reduced First, as Ledger states, this whole attack assumes there is no BIP39-passphrase enabled, or the passphrase is something stupid like "passphrase". With that out of the way, onto the updates. ## NAND Copy The `wallet.fail` attack requires the part receive a voltage glitch while it is in "flash mode". This unlocks the protected memory to allow the NAND copy. On the older firmware this only required a few days to hit, but with the updates the amount of time the part was left in flash mode was reduced to the actual time the part was being programed instead of the original "fingerprint display" where most of the attacks took place. The reduced window makes hitting the glitch incredibly difficult, simply as a statistical problem. Expect most attackers to spend months trying to glitch the part. ## NAND Encryption Normally, the NAND is encrypted with the PIN, but for Trezor-T it can be encrypted with a 256bit salt file `sd-protect`. This makes PIN brute forcing impossible. No... no one is able to brute force 256bit AES encryption. This is just FUD. ## PIN Weakness EVERY exploit I've seen is performed on a 4-digit PIN since that is the smallest allowed by firmware. And even those take 15 seconds. From a computation point of view that is slow as molasses. The reason it is so slow is two fold. First, the NAND uses ChaCha20 encryption which is designed to be slow to hinder brute force attacks. Second, the ChaCha20 encryption requires the full 1.5MB part to be decrypted before it can be tested. You should see that this is not going to scale well for the attacker. If 10,000 cycles takes 15 seconds, 1,000,000,000 (9 digits) cycles will take over two weeks and 10 or 11 digits will require months or years. ## Conclusion Simply get a $10 sd-card and your Trezor becomes immune to all these exploits. The idea of requiring "something you know" (aka PIN) and "something you have" (aka sd-card) to unlock a secret is a very old and common concept of data security. We all know it is two-factor authentication, but rarely stop to think about it.
an old android mobile phone. i phisically removed all radio modules, deleted all unrelevant applications, reset and encrypted. created a keepass file containing the seedphrases and xpubs. same keepass file has been saved in a usb key marked as 'offline only' and stored somewhere else. keepass files need a relatively simple password + a 256bit hex keyfile. keyfile has QR codes backups. i also properly engraved seedphrases with a pantograph on a AISI 314 steel plate. BIP39 passphrases are stored in a different keepass file for daily use. daily automatic cloudless backups on servers i own located in different places.
BIP39 seedphrase is just a human readable mnemonic series of words to allow us humans to easily backup the cryptographic seed needed to generate all the keypairs for different derivation paths pointing to different blockchains/accounts/addresses. i don't see a better way than this: together truth typical noise neutral grocery mad safe ability club kit manual to backup this: 3671a984f4a898501cf2dacf9d665da562095e6ff42884aba9eda6df34411abcbf8040229b450c7c060f00230d9544120811a53110699fed0567c0a4e041f968 (this is a random generated seed)
Notable changes P2P and network changes Transactions of non-witness size 65 bytes and above are now allowed by mempool and relay policy. This is to better reflect the actual afforded protections against CVE-2017-12842 and open up additional use-cases of smaller transaction sizes. (#26265) New RPCs The scanblocks RPC returns the relevant blockhashes from a set of descriptors by scanning all blockfilters in the given range. It can be used in combination with the getblockheader and rescanblockchain RPCs to achieve fast wallet rescans. Note that this functionality can only be used if a compact block filter index (-blockfilterindex=1) has been constructed by the node. (#23549) Updated RPCs All JSON-RPC methods accept a new named parameter called args that can contain positional parameter values. This is a convenience to allow some parameter values to be passed by name without having to name every value. The python test framework and bitcoin-cli tool both take advantage of this, so for example: bitcoin-cli -named createwallet wallet\_name=mywallet load\_on\_startup=1 Can now be shortened to: bitcoin-cli -named createwallet mywallet load\_on\_startup=1 The verifychain RPC will now return false if the checks didn't fail, but couldn't be completed at the desired depth and level. This could be due to missing data while pruning, due to an insufficient dbcache or due to the node being shutdown before the call could finish. (#25574) sendrawtransaction has a new, optional argument, maxburnamount with a default value of 0. Any transaction containing an unspendable output with a value greater than maxburnamount will not be submitted. At present, the outputs deemed unspendable are those with scripts that begin with an OP\_RETURN code (known as 'datacarriers'), scripts that exceed the maximum script size, and scripts that contain invalid opcodes. The testmempoolaccept RPC now returns 2 additional results within the "fees" result: "effective-feerate" is the feerate including fees and sizes of transactions validated together if package validation was used, and also includes any modified fees from prioritisetransaction. The "effective-includes" result lists the wtxids of transactions whose modified fees and sizes were used in the effective-feerate (#26646). decodescript may now infer a Miniscript descriptor under P2WSH context if it is not lacking information. (#27037) finalizepsbt is now able to finalize a transaction with inputs spending Miniscript-compatible P2WSH scripts. (#24149) Changes to wallet related RPCs can be found in the Wallet section below. Build System The --enable-upnp-default and --enable-natpmp-default options have been removed. If you want to use port mapping, you can configure it using a .conf file, or by passing the relevant options at runtime. (#26896) Updated settings If the -checkblocks or -checklevel options are explicitly provided by the user, but the verification checks cannot be completed due to an insufficient dbcache, Bitcoin Core will now return an error at startup. (#25574) Ports specified in -port and -rpcport options are now validated at startup. Values that previously worked and were considered valid can now result in errors. (#22087) Setting -blocksonly will now reduce the maximum mempool memory to 5MB (users may still use -maxmempool to override). Previously, the default 300MB would be used, leading to unexpected memory usage for users running with -blocksonly expecting it to eliminate mempool memory usage. As unused mempool memory is shared with dbcache, this also reduces the dbcache size for users running with -blocksonly, potentially impacting performance. Setting -maxconnections=0 will now disable -dnsseed and -listen (users may still set them to override). Changes to GUI or wallet related settings can be found in the GUI or Wallet section below. New settings The shutdownnotify option is used to specify a command to execute synchronously before Bitcoin Core has begun its shutdown sequence. (#23395) Wallet The minconf option, which allows a user to specify the minimum number of confirmations a UTXO being spent has, and the maxconf option, which allows specifying the maximum number of confirmations, have been added to the following RPCs in #25375: fundrawtransaction send walletcreatefundedpsbt sendall Added a new next\_index field in the response in listdescriptors to have the same format as importdescriptors (#26194) RPC listunspent now has a new argument include\_immature\_coinbase to include coinbase UTXOs that don't meet the minimum spendability depth requirement (which before were silently skipped). (#25730) Rescans for descriptor wallets are now significantly faster if compact block filters (BIP158) are available. Since those are not constructed by default, the configuration option "-blockfilterindex=1" has to be provided to take advantage of the optimization. This improves the performance of the RPC calls rescanblockchain, importdescriptors and restorewallet. (#25957) RPC unloadwallet now fails if a rescan is in progress. (#26618) Wallet passphrases may now contain null characters. Prior to this change, only characters up to the first null character were recognized and accepted. (#27068) Address Purposes strings are now restricted to the currently known values of "send", "receive", and "refund". Wallets that have unrecognized purpose strings will have loading warnings, and the listlabels RPC will raise an error if an unrecognized purpose is requested. (#27217) In the createwallet, loadwallet, unloadwallet, and restorewallet RPCs, the "warning" string field is deprecated in favor of a "warnings" field that returns a JSON array of strings to better handle multiple warning messages and for consistency with other wallet RPCs. The "warning" field will be fully removed from these RPCs in v26. It can be temporarily re-enabled during the deprecation period by launching bitcoind with the configuration option -deprecatedrpc=walletwarningfield. (#27279) Descriptor wallets can now spend coins sent to P2WSH Miniscript descriptors. (#24149) GUI changes The "Mask values" is a persistent option now. (gui#701) The "Mask values" option affects the "Transaction" view now, in addition to the "Overview" one. (gui#708) REST A new /rest/deploymentinfo endpoint has been added for fetching various state info regarding deployments of consensus changes. (#25412) Binary verification The binary verification script has been updated. In previous releases it would verify that the binaries had been signed with a single "release key". In this release and moving forward it will verify that the binaries are signed by a threshold of trusted keys. For more details and examples, see: https://github.com/bitcoin/bitcoin/blob/master/contrib/verify-binaries/README.md (#27358)
I’m not mixing anything up. Each new public key my wallet uses as change addresses, or gives me as an address to provide someone else for payment, is generated from a BIP39 seed phrase.
1. Not really, you still need the PIN to use the funds, otherwise its useless. 2. Yes, exactly. But in some way, it keeps the spirit of crypto by being a bearer asset type (such as cash). In a way, keeping a seed safe, is transferring the problem elsewhere. But i agree its scary! 3. Less of a problem, the client is open source, you can build it, use it, and transfer the funds elsewhere, this isn't such a big issue. 4. That's the entire point, no portability also equals more security, exactly like smart cards, and fido2 security tokens. BIP39 is a standard, and that's the key, its a standard, and from there its gets its value. But in essence its just a human readable representation of the private key, nothing more nothing less. The main issue that tangem isn't a standard, so you cannot use 3rd party clients with it... yet...
I'd be terrified using Tangem tbh: 1. Anyone with access can use the funds 2. You lose it, you lose your coins 3. Company goes bankrupt 4. No seed phrase - low portability And much much more. BIP39 is a standard for a reason - and it's a peace of mind to always be able to change providers, for example with hardware malfunctions after a company stops selling the product or stops existing.
Apparently, i was wrong, and such a crypto wallet already exists: [https://tangem.com/en/](https://tangem.com/en/) However as is always in life, there are tradeoffs: * No screen, so client needs to be trusted (its open source but still) * Seed is locked within the device, so while it does allow physical backups (up to 3 cards with the same account), there is no seed extraction, so you lose it, you lose your coins. * No BIP39 seed, so you are locked to their app platform (as a side note, hardware wallets are not yet standardized as FIDO2, so every hardware wallet is its own unique snowflake as of now) Other then this, its secured as well as the examples I described earlier (and as an added bonus, much simpler to use)
What do you think about it? Where I am (2 strategies): Strategy n°1 = 1- Use my SeedSigner/BlockstreamJade/Coldcard to create a BIP85 child seed 2- Saved the https://nostrtool.com page to a USB drive with https://tails.boum.org/ installed and not connected to the internet! 3- Load my BIP85 child seed (BIP39 mnemonic) into the Nostr Tool I’ve downloaded. Strategy n°2 = Passport Foundation wallet: More info below and: • here the link of the full article https://foundationdevices.com/tag/bip85 • shortcut of 1 animated screenshot of the Nostr process https://foundationdevices.com/wp-content/uploads/2023/05/nostrkeyfull.gif “...All you have to do to unlock all of this new functionality in Passport is to enable the Key Manager extension from the settings menu. Just a few presses and you have a new card on your home screen that lets you create and manage BIP 85 child seeds and Nostr keys with a few clicks! View all your keys, distinguish them quickly by unique icons, and manage their names in seconds. Once you have enabled Key Manager, creating a new key is incredibly straight forward. Simply navigate to the new Key Manager card on your home screen and select “New Key.” Choose how many words you want the seed to be and the new key is automatically saved via encrypted microSD backups. When you need to use the new child seed in another wallet, simply select “Export,” choose whichever format your favorite wallet supports, and import it. It’s that easy. ... That’s not all that the Key Manager extension enables, though! We’ve also been building out full Nostr key support as a part of the extension, allowing you to leverage the power of child keys to create Nostr keys directly from your Bitcoin seed on Passport. One master backup with Passport and all your Nostr keys are safe and secure. When you want to create that new Nostr key, it’s as easy as navigating to the new Key Manager card, selecting “New Key,” choosing the “Nostr” option, and then naming it as you see fit. Whenever you want to login to a Nostr client, simply export the new key to QR and scan it from your favorite client (Amethystcurrently supports this) or export to microSD as a text file and copy paste if necessary. No more worrying about losing your Nostr key. ...”
BIP39 (for recovery menmonics, or "seed words") processes the words (plus passphrase, if any) using 2048 rounds of SHA512 HMAC to create a binary seed which is used by BIP32 (hierarchical deterministic keychains) as its initial entropy The chance of collision is 1 in 2^512 unless the passphrase has less than 256 bits of entropy
Trezor doesn't support my only two holdings outside of ETH and BTC. I have a Tangem 3 card set coming tomorrow. My main reservation was no BIP39 seed to recover, but after researching a bit more on the product, the security audits, open source of the app, the backups and durability, the convenience and ease of use factor and ability to onboard my wife. I'm giving it a try for new alts I might add. Keeping my bags connected to ledger for now until I feel confident. They are supposed to release a 2.0 which has seed phrase backup, and if I like the user experience and build trust, I might move to it for my main wallet. My hangup on peace of mind is still BIP39 seed phrase, but I realize that is also an additional risk worth recognizing, and is why people who move off of exchanges to cold or hot wallets end up losing their crypto (compromised or lost seeds)
I cannot answer with 100% certainty but from a mathematical perspective it does not have to be the case. And from a real perspective is practically impossible. The 24-word phrase is a representation of 256 bits (actually 264 bits = 256 bits + 8 bits of checksum). Then, following the BIP-39 standard, when generating a seed for the wallets, the phrase is passed to a hash function which outputs a seed with a fixed size of 512 bits, regardless of the input size or length. And finally this seed is the one used to generate wallets deterministically (BIP-32). As you can see, we are going from an input with size 256 bits, to an output of 512, so having collisions (2 inputs with the same output) is nearly impossible. And actually hash functions are designed to minimize those. Now, in the case of the optional passphrase, this passphrase is concatenated with the mnemonic phrase and then passed to the hash function. This means that the input of the hash function now has these 256 bits + N bits from your passphrase. And just like before, since you are not likely to input a passphrase with 256 bits, this 256 + N is still going to be lower than 512 (output of the hash function), and therefore you can be sure that there will be no collisions. In summary, theoretically, it is possible to find a case where hash(S1 + Pf1) = hash(S2), but practically it is infeasible.
The transaction you signed probably isn't signalling RBF. To enable BIP125 compatible transactions, you need to set `walletrbf=1` in your bitcoin.conf You can consider double-spending by creating a new transaction with higher fees. Once that transaction gets confirmed onchain, the earlier low-fee transaction will be invalidated.
What the BCH folks can't wrap their heads around is majority consensus. You can't just keep splitting chains, especially if you're in the minority. For people that actually understand Bitcoin and PoW, majority consensus is one of the most important things to consider before changing any existing consensus rules. If ordinals were to be forked out of Bitcoin it would have to be proposed in a BIP and then voted on by miners. It wouldn't upgrade without 95% miners signaling yes over a 2016 block period. Any attempt to circumvent consensus would fail as hard as Bcash did.
After doing some more research, i found "bumpfee" but when i run this command: ./bitcoin-cli bumpfee TXID i get this error? error code: -4 error message: Transaction is not BIP 125 replaceable
BIP39 passphrase is a standard. any decent hardware or software wallets supports optional BIP39 passphrase. it's not an exclusive feature of Trezor.
Yes. Isn't the idea of a passphrase that the user isn't restricted to the BIP39 dictionary and can use a phrase that is more easily memorized? If the user is going to use random words, they may as well simply swap those words with the last words of the seed phrase. Nothing is gained if the additional words are random.
I get that you're cracking a joke, but passphrases are actually a brilliant part of the cryptography. Each word in your seed represents a number between 1 and 2048. Your addresses with keys for each address are generated from those words (the numbers). Each character in a passphrase represents additional numbers that become part of the math, along with your seed words (the numbers) to generate another entirely different set of addresses with unique keys. The way BIP39 lets us use words and characters for numbers from which addresses and keys are derived... it's effing brilliant! P.S. Happy cake day!
Coldcard has definitely caught my eye. I'm waiting for the Q1 to be released to see if it meets my needs. Coldcard also does BIP85 really well. That's a pretty advanced feature, but it's worth looking into.
> Plus you will have to rely on that single company that is offering the additional passphrase option like you described. No, you don't. A passphrase is part of BIP39. Any wallet that is BIP39 compliant will work with your seed words and your passphrase, even if you created them on some other company's wallet (as long as your wallet is BIP39 compliant). That's the beauty of it. [Check this out](https://iancoleman.io/bip39/). Set it to how many words you want and hit "Generate." Don't worry - it's safe. It's open source code that is cited often in the crypto community. Next, type something in the passphrase field and watch as the addresses change. That's part of what your hardware wallet does for you, automatically. Now, if you really want to blow your mind, click the "Show BIP85" box. A BIP39 seed also generates 10,000 more seeds, all indexed. Here's a random seed: > fabric apple pair urban gorilla enter rather saddle method carbon cram weapon brush lyrics movie liquid final satoshi connect envelope drop crisp live grit Let's add this as a passphrase: > Testing testy tester Set the BIP85 mnemonic to 24 words. The first index number is zero (0 through 9,999). This is the first seed generated by the above seed: > old dolphin elevator always hungry mother nominee exhaust heart oval drive parade undo ski solution spy bonus book defy source guess method choose gadget Just for fun, let's set the index to 5,134. Here's the seed the original seed generates: > true grape brother speed tuition throw improve sting exotic uncle grocery festival trumpet ship correct three guess elegant claw day talk audit stuff wrestle Awesome. Maybe you're thinking "Why the hell would anybody use THAT? Well, let's say you're overseeing seeds for other people. Family, for example. Let's say you have 3 kids. You assign each kid a number (easiest way is by birth year). If they ever lose their seed words, you know how to retrieve them, since YOUR seed words are the master key. You look up your seed words plus the BIP85 index number for whoever lost their seed. Presto! You've found their lost seed. Awesome.
It's not an additional seed. It's an addition TO your seed. A BIP39 seed is 12 or 24 words, as you know. Each of those words represents a number between 1 and 2024. Your addresses and keys to each of your addresses are generated from those words (those numbers). A passphrase is in addition to your seed words. Each character in a passphrase represents additional numbers which become part of the math, along with your seed words (which are numbers) to generate an entirely different set of addresses, each with a unique key. It's all just math. Brilliant math! I can't help but be amazed, not by the math, but rather, by the way some crazy smart minds found amazing ways to take this wildly complex math and make it human readable and usable. It's all such awesome awesome stuff.
I like the way coldcard supports saving (encrypted) passphrase to SD card (which also means you can keep it stored separately when you're not using the wallet). It also has some handy input options to facilitate passphrases that use BIP words. I'd recommend using the saved passphrase for "hot" wallet and deal with the typing for the "cold" wallet (which you'd rarely need to use)
Yeah. Whenever I use a new hardware wallet, I check the [Ian Coleman mnemonic page](https://iancoleman.io/bip39/) to make sure the wallet's passphrase does what it should do (meaning, that it creates an entirely new wallet, outputting proper addresses). It's crazy that one should even need to check. I was watching a video by Blockstream for the Blockstream Jade. The guy from Blockstream used the words passphrase and password interchangeably. That's awful. Those words mean entirely different things in this context! A BIP39 passphrase is NOT a password.
Thanks again for your time! Really! <<How about when one uses his Ledger with other wallets? Like MetaMask or YOROI for cardano, what happen to the private keys?>> “Scroll down on that last link I gave and look for the heading "Restrict Apps to Coin-Specific BIP32 Prefix". Also read the lower sections "Never store or export secrets derived from seed" and lower down "Private Key Management." Again, these are the checks they apply to every app that wants to be published on the Ledger system. Without Ledger's signing key, no app can be installed unless the Ledger explicitly put in developer/debug mode.” Well in here I’m referring to the fact you can instal YOROI or MetaMask wallet on your phone and connect your Ledger to it, it’s not an app which gets to be installed on your Ledger device in itself. So can you say about those apps that have Ledger device connect?
> As you said, I can verify this myself, how though? (I’m an advanced user, tech savvy but not an IT engineer.) All of Ledger's code is under https://github.com/LedgerHQ For example, this is the bulk of the code the Bitcoin client executes (but far from all of it): https://github.com/LedgerHQ/app-bitcoin-new/blob/develop/bitcoin_client/ledger_bitcoin/client.py Here, let me walk you through a little bit more; The ledger documentation is quite good, even though the software is very complex (I'm learning as I type this to you FYI, apologies for any mistakes). Here's a ledger documentation page on something called the APDU - Application Protocol Data Unit. It is one way of calling into the firmware to request things, and the one the Bitcoin app uses (I think): https://developers.ledger.com/docs/embedded-app/application-structure/ And here's the Bitcoin app code that calls that: https://github.com/LedgerHQ/app-bitcoin-new/blob/develop/bitcoin_client/ledger_bitcoin/command_builder.py#L132 The Bitcoin app generates an unsigned transaction (PSBT) and does all the user checks, getting user confirmation, display, etc. Then it submits it to the APDU to sign and return. > what other people are reviewing this stuff? They're both open source, encourage third party audits, and Ledger's app publication process includes a full audit: https://developers.ledger.com/docs/embedded-app/introduction/ And here's a very long page detailing all the checks applied to submitted applications as well as mistakes other developers have made that were caught: https://developers.ledger.com/docs/embedded-app/secure-app/ > no I bought it for max cold storage security, FYI, I'm similar. I have a few altcoins, but my security is my paramount concern. Unfortunately for me I devised a system to ensure that my seed phrase's storage itself is not a single point of failure (against fire, flood, theft, government intrusion, etc), but that process also makes it so I can't actually use a Trezor due to their limitations. Keystone is the next best choice but I'm not thrilled with their choices & limitations either, so I'm really hoping Ledger gets their shit together or someone makes a thoroughly more secure wallet option (And proves it to my satisfaction). > Does the donjon also review all those third party apps which the Ledger can connect? Not just the Donjon, who are their own team, but other teams within Ledger as well. Yes, every app. > And do they review them every time there’s a new update? Yes, every time. > How about when one uses his Ledger with other wallets? Like MetaMask or YOROI for cardano, what happen to the private keys? Scroll down on that [last link I gave](https://developers.ledger.com/docs/embedded-app/secure-app/) and look for the heading "Restrict Apps to Coin-Specific BIP32 Prefix". Also read the lower sections "Never store or export secrets derived from seed" and lower down "Private Key Management." Again, these are the checks they apply to every app that wants to be published on the Ledger system. Without Ledger's signing key, no app can be installed unless the Ledger explicitly put in developer/debug mode.
>What does paper-wallet mean? lose all your funds if you don't know exactly what you are doing. paper wallet means that you generate your seed creating some entrophy (using dices for example), and using that entrophy you use BIP39 compliants algorithm to generate a seed or a private-public keypair, and the related hashed public key (address) >Do I have a paper wallet now? no
The regular user shouldn't use encrypted seeds because they are hard to write down. An algorithm should return the data again in seed words so you can reduce writing mistakes. What exactly is the benefit of using an encrypted seed instead of a passphrase protected wallet? The last one is compatible with almost any hw-wallet out there and you can follow the BIP39 standard.
most airgapped solutions support generating entrophy with dice throws. and you can verify they are giving you legit result comparing with available BIP39 compliant algorithms. airgapped solutions can be trustless. you just need to verify seed generation, and the transactions you are signing which is a very simple one click process decoding raw hex. Trezor instead doesn't really have a true random number generator. it creates enthropy mixing computer generated + device generates pseudo random numbers.
You could split your seed into 3 smaller seeds using the Shamir method [https://iancoleman.io/shamir39/](https://iancoleman.io/shamir/) (but offline, you can save the html for offline use). You could make it, say, 3 parts, and 2 are needed to reconstruct the final seed. Put each part on a usb drive or print and laminate, and give one to 3 different, trusted family members, then give instructions to a lawyer (or just the family members), on how to reconstruct your seed if necessary. Two of the three have to agree to do it and they need the link above (or the html file). Each mini-seed by itself doesn't help. Remember, when you reconstruct, you need to include the shamir39-p1 at the beginning. As an example: (this is not a real wallet, don't get excited lol). BIP39 Mnemonic actor spike outside stage cherry orchard like slot borrow section december talk Split Parameters Allow reconstruction with 2 of 3 parts. shamir39-p1 amount abandon top mix toss people pen elevator click local butter nurse rule pass business shamir39-p1 amused abandon simple brave ribbon toast december toy vehicle love health accuse diet amount flag shamir39-p1 analyst abandon column obey miracle sword exclude manage elder make ride method drama mosquito one
All wallets software / hardware follow some kind of crypto standard for deriving the wallet address from seed phrase. Some wallets use a fixed derivation path, eg metamask wallet. >[https://support.metamask.io/hc/en-us/articles/360060331752-Importing-a-seed-phrase-from-another-wallet-software-derivation-path](https://support.metamask.io/hc/en-us/articles/360060331752-Importing-a-seed-phrase-from-another-wallet-software-derivation-path) > >When importing a Secret Recovery Phrase (seed phrase), **MetaMask only supports the default BIP-44 derivation path (m/44'/60'/0'/0)**. For more information, see the technical specification here. Currently, you can only use Ledger's derivation paths when connecting a Ledger hardware wallet (you get options for Legacy derivation MEW/MyCrypto, Ledger Live, or BIP44). **The MetaMask team is looking at adding more options and customization; for example, custom networks may use different derivation paths.** At this time, Trezor hardware wallet integration only supports the BIP44 derivation path. As long as your coins are onchain and you kept your seed phrase / keys safe and secret, your coins are still safe. What you need is to find out what derivation path was used by said company/org. Then you can find a wallet that supports this or a custom derivation path and you can configure the wallet to use it. Then you can access your coins again. PS: I've omitted a list of wallet apps or products that support custom derivation path as I cannot ascertain the integrity of any number of wallet providers. DYOR or consult the sub for more info. **Reference** [https://learnmeabitcoin.com/technical/derivation-paths](https://learnmeabitcoin.com/technical/derivation-paths)
This is not really accurate. A seed has no directly corresponding address. It has a "first address", but even that depends on the derivation path. The BIP39 standard doesn't replace the elliptic curves that private keys use, they just add some steps before to make sure you can generate all you private keys and addresses from writing down a single phrase.
They serve the same purpose, with different implementation. Both private keys and seed phrases are used to access cryptocurrency wallets and correspond to a public address in the blockchain. Private keys use cryptography, and are a string of numbers, letters and symbols, and seed phrases use the BIP39 standard, and are and array of words. Essentially, a seed phrase is a version of a private key, represented in a more human way through a mnemonic phrase.
I suspect this is why almost no one uses a passphrase to protect their wallets. Most hardware wallet manufacturers make using a passphrase so cumbersome that almost nobody uses one. This is also probably why so few people seem to even understand what a passphrase is (a passphrase is NOT a password and is NOT just "a 25th word"). A passphrase is a relatively basic part of the BIP39 spec, and it's an incredibly powerful tool to keep your wallet safe. If somebody finds your seed words, they don't need your wallet to steal everything because the 24 words are the keys. But if you use a passphrase and somebody finds your seed words, they won't find anything, and they'll have no way of knowing you use a passphrase. And even if they DID know you use a passphrase, if you use a good one, they couldn't brute force attack it even if they spent an entire lifetime trying. A good passphrase is between 30 and 50 characters, written in standard human readable form. In other words, not something stupid like G5454erfu4$ef4e89r, but rather, a phrase that is meaningful to you, preferably something only you know. I always use a passphrase. Always. I think everyone should use a passphrase, but most hardware wallet companies make using a passphrase so freaking cumbersome. Sheesh. Oh well. My search for my next wallet continues. Luckily, Ledger announced that the firmware to extract keys isn't compatible with the original Nano S, so I'm in no rush. I hate Ledger, as a company, but man, they got some parts of usability right.