Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
> This week’s newsletter describes a proposal to relay weak blocks to improve compact block performance in a network with multiple divergent mempool policies and announces the addition of five BIP editors. Also included are our regular sections with selected questions and answers from the Bitcoin Stack Exchange, announcements of new releases and release candidates, and summaries of notable changes to popular Bitcoin infrastructure software.
Forget mnemonic code format. I don't even make use of BIP39. I still have my private keys in the old format.
The wallet is just a convenience. To start your digital security you need to figure out how you are going to create, store and protect the seed that generates your private keys. The protocol must be a well established standard otherwise you could be locked into a single vendor where your recovery could be pulled out leaving you digital assets unreachable. You want to consider both the security that protects your keys from being obtained by undesired actors as well as redundancy that insures you or your designated representative will be able to recover your keys even after a disaster. There are a few standards that help store seeds and keys. Perhaps the best known is the BIP39 word list. This is a start but it creates a single point of failure. If you loose this list you loose access to your keys. You can make multiple copies but each copy is a critical security risk if someone were to acquire one. You can encrypt your seed with a passphrase before creating the wordlist but this creates another single point of failure if you forget the passphrase. A better method is to use a Shamir Split Secret. SSS splits a secret into multiple parts where any N of those parts can be used to reconstruct the whole. This is like multi-sig but is completely offline so no added network fees. One standard track implementation like SSS is SLIP-0036. I don’t know if this has received enough scrutiny to assure it is safe and effective. How you split and store the parts to your master seed is your own decision. Keep in mind who will have access to each of the parts and who might collude to attempt to assemble the seed against your wishes. The parts can be stored in safes, safe deposit boxes, be escrowed with friends or family or even be escrowed with a law firm. Each part should probably be sealed in a tamper evident enclosure. A simple security envelope should be sufficient. If any part is found to be compromised you have to start over creating a new seed, new keys, move all your assets and re-evaluate who you escrow the keys with.
Splitting BIP39 phrases is not a good idea for the reasons explained here: [https://youtu.be/p5nSibpfHYE](https://youtu.be/p5nSibpfHYE)
If you want my method, it's simple. A lot of people on this sub love the metal plates, but I don't. Let me first start off with a fact, I don't have a mnemonic code (BIP-39) "seed phrase", "seed words" etc.. whatever the kids are incorrectly calling it these days. I have a private key. My private key is encrypted (there are several options including just creating a password protected compressed file (zip, rar, etc..) My method works for both private key formats. On an OFFLINE machine, put your key/code into a text file and zip it with a password. Put that zipped file on **multiple** fresh USB sticks. Keep the USB sticks in **different** locations. You could even trust friends with them because of the fact that they are encrypted. With this method some of the USBs can get lost, stolen, or destroyed and you're still fine. The encryption buys TIME. Once I lost one. I took my time - transferred the coin to a new wallet and repeated the backup steps and replaced 6 USB sticks. This is the best fault proof method that works for me. It is not a cold wallet, it is a backup strategy. When you are ready to sell or move coin, you import the key into a new wallet (on an OFFLINE machine or hardware wallet). When you are ready to move stuff, you send some amount to a hot wallet to be spent or sold.
Your friend is thinking along the lines of Moore's law. Every 18-24 months capacity and processing power virtually double. But the basic computer stays the same. As we've seen and will continue to see, new improvements in the processing and capacity of bitcoin are happening in the form of BIP's (bitcoin improvement proposals) but Bitcoin itself stays the same.
Bitcoin is a protocol with an emaculant conception so to speak in that we don't know who created it which it also one of the features. Bitcoin is also adaptable through BIP's with out sacrificing the core protocol that makes it what it is. According to coinmarketcap there are currently 2.4 million crypto's all trying to be better than Bitcoin yet none of them even come close. The core rules ( protocol ) are Bitcoin. The techonolgy to impliment these rules will continue to get better.
Yes, I'm aware of the DarkFi project. I haven't followed it super closely. What can you say. Your favorite bands will go on to release bad albums, that's life. It doesn't make the old albums any less great IMO I still think in terms of popularizing hacktivist culture within Bitcoin, Amir was an early and positive force within Bitcoin. As an advocate for a conservative development process, creator of the BIP process, he contributed so much. But yeah, Kiss did disco
You seem to be talking absolute nonsense, but nice try. 1. Bitcoin had no monetary value in January 2009, and was not available for purchase. 2. HD wallets didn't exist in 2009. BIP39 was introduced much later. It has never been implemented in Bitcoin Core (the only wallet available in 2009). The wallet.dat stores the keys. There is no separation between wallet.dat and "keys". 3. Why do narcissists insist on inventing ridiculous stories around early Bitcoin experiences? Perhaps you think it makes you interesting but truly it's pathetic.
Pretty much the same reason we write code with words instead of 1s and 0s (aka binary). The only thing unique about this case is each wallets password is pre-set and unchanging. BIP39 just formalised which words refer to which 1s and 0s. So instead of typing in a jillion 1s and 0s, you can type in "dog cat butt fart" which gets converted into those same 1s and 0s. That's why seed phrases are used. They turn the "seed" (aka, your password in 1s and 0s) into recognisable words. (And yes, I'm aware keys are represented with hexadecimal; they inevitably gets converted to binary eventually anyway. Hexadecimal is basically just more complicated seed phrases for representing binary.)
You would still have the seed backed up for the hardware wallet. It should be a compatible BIP39 seed, so you could restore to any hot wallet in a pinch if needed. If the HWW breaks, you still have your seed and your funds. The HWW's job is to keep the keys offline, while still being able to send transactions easily.
Your "password" in this sense is 256 bits. To get that type of security in a traditional password, it would have to be 32 characters, and enforced randomness (prettypurpleelephantinatuxedo69! is 32 characters, and easy to remember, but a lousy password). In a BIP39 seed phrase, every word represents 11 bits, so 24 gets you 264 bits which has 256 plus 8 for a checksum. Not only does this get you true randomness, but there are other advantages. Memorizing 32 words isn't easy, but it's a lot easier than 32 alphanumeric and special characters. The checksum gives you some recovery ability - if you have 23 words there are only 8 possibilities for the last one, so some software can recover your phrase if you are off by a word or two. Only the first three letters matter - and so they are unique on the list. So if your word is "bread", and your handwriting makes it look like "break," it won't matter.
The BIP for any sortware change is voted for and 95% consensus must be reached for that or those changes to be implemented if they don’t reach that figure then a fork of the chain will be implemented creating another chain with the new software implemented.
No that’s also incorrect you are confusing a 51% attack on the blockchain with a BIP which is a Bitcoin Implementation Proposal and it is that BIP that is the voting mechanism to change or add code, it takes 95% or more of the miners and nodes on the network to signal for that change so 95% is a lot of the vote.
here's a randomly generated example of what that word list would look like, called a "BIP39" code: allow stem brush insane unhappy slush purpose idea leopard split music lady clutch foam census twenty lazy dismiss junior metal raw recall grape base
Woah thanks for sharing. Biggest update IMO is BIP324 being enabled by default. This allows nodes to communicate in a more secure fashion!
Out of curiosity, I went ahead and reviewed how Electrum does hardware wallet passwords. Basically it's the public key from the derivation `m/4541509'/1112098098'`. Here's a minimal bit of code to do the decode, assuming you can find the XPUB at that derivation. # python -m pip install setuptools==65.5.0 pip==21 wheel==0.38.1 # pip install libsecp256k1-0 electrum[crypto]@git+https://github.com/spesmilo/electrum.git@4.5.2 from libsecp256k1_0 import * from electrum.storage import WalletStorage from electrum.bip32 import BIP32Node DERIVATION = "m/4541509'/1112098098'" WALLET_FILENAME = 'default_wallet' storage = WalletStorage(WALLET_FILENAME) if storage.is_encrypted(): if storage.is_encrypted_with_hw_device(): # https://iancoleman.io/bip39/ # https://appdevtools.com/base58-encoder-decoder XPUB = 'xpub6ECc2hG3eExuXKFPxnfUkUuGPGcgrJoHMhej82VDRTFAe9syWg75QiWaKVC2rDnz567HNPSfjpPf74bfzgUMBSbeCbBRiL3DuJsx78J2W19' xpub = BIP32Node.from_xkey(XPUB) password = xpub.eckey.get_public_key_hex() storage.decrypt(password) else: print("no password provided") print(storage.read())
Do your own research. Bitcoin is amazing but don't take my word for it. Go read on Bitcoin.org. Research how to start your own node (you don't have to implement, just learning how it works is cool). Lookup the hash rate of the Bitcoin network vs. the combined computing power of Amazon and Google. Learn about how the network is secured and how long it would take to brute force guess someone's private keys. Learn how to manually generate your own private key and then convert that into BIP39 seed phrase (again you don't have to implement, just learning it should amaze you).
Yes. He provide me an P2PKH address. I checked against a Bitcoin explorer and eventually there is funds there. I can generate addresses using BIP44 derivation paths and checked if there is a match.
> Me, being a programmer Ok cool! > I wrote a Rust program that runs through the combinations, gets the seed, master key, and derives the private and public key of each combination using BIP32 and BIP44. I worry you are reinventing the wheel. Have you dived into BTCRecover? [https://btcrecover.readthedocs.io/en/latest/INSTALL/](https://btcrecover.readthedocs.io/en/latest/INSTALL/)
You assumed wrong I’m afraid Most wallets follow BIP39 and are cross compatible. Just enter the seed phrase it should show up.
Ohh thanks for the clarification. I found a Rust library that implements the BIP39 and have some utilities to verify and parse seed words. There is quite a lot of possible candidates
you can use RPA but it would be pretty slow. Instead try this: In a BIP-39 mnemonic phrase, the last word is a checksum, which helps verify the integrity of the seed. To validate the checksum: * Convert the mnemonic back to the binary seed it represents. Each word corresponds to an 11-bit value, and the entire phrase encodes a single binary number. * The first 256 bits of this number represent the entropy used to generate the phrase, and the last bits (the length depends on the entropy size) are the checksum. * Compute the checksum of the entropy and compare it to the checksum part of the binary sequence. They should match if the seed is valid.
IMO, a novice should take the time to learn about seed phrases (including Master and Child Seed Phrases via BIP85 indexes, and Pass Phrases), Addresses and Private Keys, and all the security knowledge that goes along with self-custody.
I understand what you mean. To me, hardware wallets are only needed if you plan to make frequent transactions or you to need to interact with your funds for some reason. If you’re just going to HODL, as long as you know your Master Seed Phrase, you can derive your Address and Private Key anytime you need it using the BIP39 Mnemonic tool (offline, of course).
A utxo is just a transaction hash (txid) and output index (vout). You can get these from a block explorer. Use the txid and vout to build the raw transaction with ./bitcoin-cli createrawtransaction ./bitcoin-cli help createrawtransaction createrawtransaction [{"txid":"hex","vout":n,"sequence":n},...] [{"address":amount,...},{"data":"hex"},...] ( locktime replaceable ) Create a transaction spending the given inputs and creating new outputs. Outputs can be addresses or data. Returns hex-encoded raw transaction. Note that the transaction's inputs are not signed, and it is not stored in the wallet or transmitted to the network. Arguments: 1. inputs (json array, required) The inputs [ { (json object) "txid": "hex", (string, required) The transaction id "vout": n, (numeric, required) The output number "sequence": n, (numeric, optional, default=depends on the value of the 'replaceable' and 'locktime' arguments) The sequence number }, ... ] 2. outputs (json array, required) The outputs (key-value pairs), where none of the keys are duplicated. That is, each address can only appear once and there can only be one 'data' object. For compatibility reasons, a dictionary, which holds the key-value pairs directly, is also accepted as second parameter. [ { (json object) "address": amount, (numeric or string, required) A key-value pair. The key (string) is the bitcoin address, the value (float or string) is the amount in BTC ... }, { (json object) "data": "hex", (string, required) A key-value pair. The key must be "data", the value is hex-encoded data }, ... ] 3. locktime (numeric, optional, default=0) Raw locktime. Non-0 value also locktime-activates inputs 4. replaceable (boolean, optional, default=true) Marks this transaction as BIP125-replaceable. Allows this transaction to be replaced by a transaction with higher fees. If provided, it is an error if explicit sequence numbers are incompatible. Result: "hex" (string) hex string of the transaction Examples: > bitcoin-cli createrawtransaction "[{\"txid\":\"myid\",\"vout\":0}]" "[{\"address\":0.01}]" > bitcoin-cli createrawtransaction "[{\"txid\":\"myid\",\"vout\":0}]" "[{\"data\":\"00010203\"}]" > curl --user myusername --data-binary '{"jsonrpc": "1.0", "id": "curltest", "method": "createrawtransaction", "params": ["[{\"txid\":\"myid\",\"vout\":0}]", "[{\"address\":0.01}]"]}' -H 'content-type: text/plain;' http://127.0.0.1:8332/
Same seed with passphrases for each of their wallets. Give them the seeds, put passphrases in will. If you aren't worried about them stealing from each other, make the passphrases the same, say 10 words from the BIP list, but affix their birthdays to the end of the passphrase. In this scenario the passphrase has to be strong because you're giving them the seed before hand. The passphrase (quick-brown-fox-jumps-over-the-lazy-dog-another-word-7-04-1969) is for the one born on 4th of July 1969 (quick-brown-fox-jumps-over-the-lazy-dog-another-word-12-25-2001) is for the one born Christmas 2001. Quick brown fox ~ is a terrible passphrase but you get what I'm getting at.
No. I did not use a different wordlist. I don’t think you have a technical understanding for me to be able to explain. But read the BIP and re-read my previous replies it’s pretty clear what I said
Sooooo.... you generated the generator with a different BIP39 wordlist? What gives? Are the original words not good enough for you? Yes, you can make up your own wordlist, but I just fail to see the reason why.
Honestly I am beginning to see that from a few of the replies. This place has turned into a cesspool. It’s amazing. It used to be a really good source of info when folk like Maxwell spent their time here, and when the convo was around BIP’s and associated debates. What the hell has this place turned into 😳 But I suppose you’re right. The get-rich-quick brigade are here for a minute, and will be gone when we go down 87%+ again.
BIP-39 is just the protocol with the 2048 words that form the private key.
The 24-word mnemonic (aka. *seed* phrase) is different from the passphrase. The passphrase is an additional, custom word you can add on top of the 24 words to further increase the security of your setup. [This goes over more details.](https://www.blockplate.com/blogs/blockplate/what-is-a-bip39-passphrase) If you have a mnemonic and optional passphrase, it is possible to restore your wallet on the vast majority of wallets, including most hardware wallets, Electrum, Nunchuk, etc. Also, in the context of Bitcoin Core, the term "passphrase" doesn't refer to a BIP39 passphrase. It's a local password used to decrypt your wallet.dat file.
In their website they say the legacy seeds are BIP39 and newer ones are BIP44. I think they did used their own system when they started. Maybe OPs wallet is really old?
Is that the case? In their website they say the legacy seeds are BIP39 and newer ones are BIP44. OP should try to use the seed in a BIP39 wallet.
No he doesn't have an actual seed or what we call seed phrase what he has with blockchain is a web based seed that only works on their website and not BIP39 seed
No method--not a hardware wallet, not coin flips, not dice rolls--will use 256 bits of entropy when creating a twelve word mnemonic. You'd need a word list of more than 2.6 million words, and unless you know without a doubt you'll be able to find the exact same numbered list in the future to decode it, you'd be a fool to even try. [The allowed size of entropy in a BIP-39 mnemonic is 128 to 256 bits.](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#user-content-Generating_the_mnemonic). A twelve word mnemonic from a list of 2048 words can't possibly use more than 132 bits of entropy.
"Even on a wallet that does use BIP39 seed phrases, safeguarding just the passphrase isn't enough to restore your wallet at a later date" Can you please elaborate further? My 24 word mnemonic is NOT enough to restore the wallet? On Ledger it is? What about if there is no Ledger at all and I want to restore my wallet via e.g., electrum?
Core predates BIP39, which describes the seed phrase system. I can understand the confusion (hopefully you haven't lost much), but you should've RTFM. Even on a wallet that does use BIP39 seed phrases, safeguarding just the passphrase isn't enough to restore your wallet at a later date. Core doesn't generate a 12-24 words mnemonic, so it's pretty obvious you cannot use one to restore your wallet. On the other hand, Core generates multiple private addresses, and you can back that up. The lesson here isn't to not use Core or to backup the .dat file, it is to take the time to understand the tools you're working with.
> This week’s newsletter announces a new domain-specific language for experimenting with contract protocols, summarizes a discussion about modifying BIP editor responsibilities, and describes proposals to reset and modify testnet. Also included are our regular sections with the summary of a Bitcoin Core PR Review Club meeting, announcements of new releases and release candidates, and descriptions of notable changes to popular Bitcoin infrastructure software.
If you’ve been in bitcoin this long you should know that monero is up against bitcoin from 2015. Trends only stay that way until they don’t. And you mention that bitcoin can replicate any functionality that an altcoin may offer. This couldn’t be further from the truth. Bitcoin has shown over time that it cannot really adapt. It cannot implement mandatory privacy on the base layer. It cannot make any changes that aren’t extremely conservative. If it had BIP300 implemented your point would at least be a bit true but oh well, bitcoin can’t even implement that.
BIP38 enabled wallets fixed a lot of the brute forceble wallets. Bitcoin-qt and wallet.dat did not have such protections...I suspect simple passwords will move more old funds as tech gets faster. Hashcat is amazing at easy password cracking.
The [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) standard calls it a mnemoic sentence. Electrum calls it a [seed](https://electrum.readthedocs.io/en/latest/faq.html) (ugh). I don't particularly care for "12/24 recovery words" because a) it's a mouthful, b) although it's uncommon, BIP-39 mnemonics can also be 15, 18 or 21 words.
I've tried arguing for using the term mnemonic but other places just mess everything up. Seed phrase for example https://en.bitcoin.it/wiki/Seed_phrase Now we could get into the weeds. BIP is not a standard. P is for Proposal. And bip39 is not finalized and things in it could change, including various terms.
>No such thing as "seedphrase." You're being a little picky, especially since the [BIP-39 standard](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki)--which you referenced--calls it a "mnemoic", "mnemonic code" and "mnemoic sentence" but never "seed words". No such thing as "seed words", amirite?
I love the positive outlook and would really like to help however I think the problem you're facing is you have essentially a new bitcoin public key there with no matching private key. I can't really see how having the private key of a different public key is going to make any difference in finding the private key that matches your new public key. The relationship between a public key and private key is intentionally unfathomable to reverse. A couple options though... if it's a large sum of bitcoin, you could propose a BIP to reclaim these funds by doing the following \* Prove ownership of the original coins by signing a tx that would have moved them \* Show how your private key made the public key hex value and the two addresses it would generate (k private key = 21345234) produces (P public key = 00A18243590...3457) P where the 00's are removed produces Intended bitcoin address A(correct) = \`3c1n2....19\` and actual bitcoin address A(erroneous)\`3a43783...89\` Give a new bitcoin address where you know the private key. K2. Then if enough miners agree in future, they could include a new rule to transfer the funds from the transaction that sent the funds to A(erroneous). I think this would be a first but if you're talking about moving thousands of bitcoin for an exchange that is holding customer funds... there is a slim chance all miners may agree the hard fork for the better of the community. It would have to be an unfathomable amount of bitcoin and will inevitably lead to another new currency (think BTC/BCH fiasco) but bitcoin being run by the majority community will mean this is a possibliity if you can win over the community that such a dramatic change is necessary. Alternatively, just start your own coin before that TX and people may choose to adopt it as a genuine alt coin. The final option is that when quantum computers powerful enough allow the public key->private key derivation, be prepared to reclaim your coins during what will be a very short transition period to the quantum resistenent signing/blockchain upgrade. I do wish you luck on retrieving these funds.
Actually I think BTC beats gold on all fronts you mentioned: * Easy to buy/sell. While it's true you can sell gold you need to find a dealer in your country which is impossible in some locations. Would you be comfortable taking a large amount of your life-savings to the dealer and paying the 5% spread? Alternatively Bitcoin can be bought and sold anywhere with an internet connection. Even without banking services it may be exchanged for gift cards or stable-coins. * Custody. Most lost bitcoin was before the adoption of BIP-39 seed words in wallets which gradually matured over the last 10 years. We are still early and experimenting with different custody solutions (see collaborative multisig or BitKey). If someone robs my house they get all my gold. But my bitcoin may be held in multisigs that span multiple jurisdictions. If we get covenants then you could even time-lock it so that the robbers cannot force you to give over the bitcoin without waiting 6 months or whatever. * ETFs are the gateway for traditional finance, but represent a small percentage of overall supply. A superior vehicle for someone who doesn't trust themselves to self-custody would be a multi-institutional multi-jurisdictional custody solutions. With timelocks you could even setup complex scripts to prevent the institutions from rug-pulling you. Bitcoin is the internet in 1990. The next 10-20 years of development will bring a vast range of custody options for all use-cases.
What's cute is not realizing that quantum computers won't be able to "crack" secret phrases, and any cryptographic primitive that is based on scrambling (SHA, BIP-32, AES, etc...). At best, it will reduce their security by some factor, which can easily be remediated by increasing the block size.
It's a barely been out for a month. It sounds like it's not a wallet you want but simply mass adoption. There are technical and security concerns when it comes to self-custody. It's literally not possible to be like using Gmail and also be secure and self-custodial. It's still early days for Bitcoin and right now Bitkey is as good as it gets. Which is pretty damn good as far as self-custody goes. You do not need to be any more tech-savvy than being able to use an app on a phone and tap a device every once in a while that you keep in a drawer. If it's just the payment address UX you're trying to improve, this should probably be proposed as a BIP rather than a wallet so that any wallet can use it. Something similar was proposed recently here: https://delvingbitcoin.org/t/human-readable-bitcoin-payment-instructions/542
thank you that is what I was thinking but wasn't sure, I find it very interesting on the GitHub BIP39 wiki it is said "The allowed size of initial entropy length is 128-256 bits", so in the case of a coldcard dice roll, the initial entropy is not really the dice rolls but its hash of 256bits, this hash can be secure or insecure if not enough rolls have been made but still 256bits. so : 1. dice rolls numbers pass through sha256 = hash n°1 = initial entropy 2. hash n°1 pass through sha256 to get the checksum from hash n°2 3. hash n°1 (256 bits) + checksum from hash n°2 ( 8bits) = 264 bits = mnemonic correct?
Encryption refers to an algorithm that transforms a plaintext into a ciphertext such that the ciphertext can only be decrypted using knowledge of a secret key. Off the top of my head, I can't think of anywhere encryption is used in Bitcoin, at least not in the core protocol. It uses digital signatures, hash functions, Merkle trees, and key derivation functions (BIP39), which are forms of cryptography but aren't encryption. The quote from the paper above is talking about program obfuscation. The idea there is that if you could cryptographically obfuscate a program, you could build a public-key encryption algorithm from any private-key encryption algorithm, by hard-coding a secret key into a program that encrypts messages, obfuscating the program, and then distributing the obfuscated program as the public key. That's not related to Bitcoin in any direct way.
No it won't. Bitcoin has the ability to change and adapt through soft forks and BIP voting etc. You are operating under the assumption that Bitcoin is a fixed and rigid solution. It is not. Thats not how it works. Bitcoin will be the first technology ever that will give future people insight into economics, finance etc from now a century or so in the future and still be in use...on the same block chain...the protocol may have shifted and adapted, but the ledger will still be in tact.
> The seed is the 256 bits of random data According to BIP 32, it's the random data, yes. But if you follow BIP 39, the seed is instead derived from the mnemonic phrase through hashing. The mnemonic is, in turn, an encoding of the actual random data. Also, BIP 39 makes the seed 512 bits. (BIP 32 allows it to be anywhere from 128 to 512 bits.)
Thanks again! > "Data = S". It defines "S" in the immediately previous line (but again, with BIP 39, S comes from the procedure you implemented instead of an RNG). Data is one of the arguments to the HMAC-SHA512() function, and it's saying to set it equal to S. Similarly, set Key equal to the string "`Bitcoin seed`". Is data S what the PBKDF2 calls a "salt"?
> I have no idea what "(P)RNG", "Data = S" and "parse256" mean * (P)RNG = (pseudo-)random number generator. * "Data = S". It defines "S" in the immediately previous line (but again, with BIP 39, S comes from the procedure you implemented instead of an RNG). "Data" is one of the arguments to the HMAC-SHA512() function, and it's saying to set it equal to S. Similarly, set Key equal to the string "Bitcoin seed". * parse256() is another function, defined elsewhere in the BIP, which just treats a 32-byte sequence as a 256-bit number. That said, BIP 32 is not the easiest to read if you don't have a background in cryptography (or at least math writing in general). I, too, have trouble with it. But the main thing to get out of that section is: seed goes in, master extended private key comes out.
Thank you! > What this generates is what BIP 39 and BIP 32 call the "seed" (it is common to call the mnemonic phrase the "seed"—which even I do often—but that is not strictly correct). That confuses me frequently. I never know what exactly people are referring to when they say "seed". > Compare [what BIP 32 says about the process from this point on](https://en.bitcoin.it/wiki/BIP_0032#Master_key_generation). Unfortunately I can't understand everything is written there. I have no idea what "(P)RNG", "Data = S" and "parse256" mean, so it's hard for me to understand the whole process.
The image shows an implementation of [how BIP 39 specifies to convert a mnemonic phrase to a BIP 32 seed value](https://en.bitcoin.it/wiki/BIP_0039#From_mnemonic_to_seed), which is exactly what a large number of Bitcoin wallets do. While Bitcoin itself runs on SHA-256, the processing of mnemonics uses SHA-512.
I'm very confused right now. The only way that I can get the same "BIP 39 Seed" that [https://iancoleman.io/bip39/](https://iancoleman.io/bip39/) shows me is when I use the 512 version. For instance, if you use the words "betray still power rally produce pipe gas have firm print tunnel february pipe steel famous shed vital friend feed final stuff profit relief peasant" as mnemonic words, then Ian coleman says that the "BIP 39 Seed" is "911c5d763e16a4fb21f25ad21602a6962309dedb8315e14d6993401053d883d534624a63136d5fa9d1e986e342372888df0b37c5a60cd32f80f04444bed0caf2". The only way to get the "911cd5d7..." as a result is by using the 512 version.
I see you are doing the computation specified in BIP 39, which is correct, as far as I can see. What this generates is what BIP 39 and BIP 32 call the "seed" (it is common to call the mnemonic phrase the "seed"—which even I do often—but that is not strictly correct). Compare [what BIP 32 says about the process from this point on](https://en.bitcoin.it/wiki/BIP_0032#Master_key_generation). (That is written under the assumption that the seed is the initial entropy, but BIP 39 modifies it with some extra steps, for the sake of getting something humans can more easily handle.) As you will note, there is one more step to get the master private key from the seed. Also note: there is a difference between the actual *master* keys and the keys (at least public key) you typically see in a wallet. Because wallets typically use BIP 44, which includes hardened derivation, and it is impossible to use hardened derivation with an extended *public* key, the extended public key you get is at the account level and is thus not a *master* key. It is several levels down in derivation from that.
No, it isn't. Bitcoin keys are 256 bits, while extended keys are 512 bits. But in fact, the value above is neither. It is a seed value (as BIP 39 and BIP 32 define the term), which is still one step removed from the master extended private key.
Trezor, 24 word BIP39. Passphrase protected. Look it up.
BIP39 has 2\^12 words, so it takes 144 bits input for 12 words (288 bits for 24 words) and generates a 512 bit pseudo random seed. BIP32 takes a seed and a number (up to 2\^31) and generates keys. So BIP39/32 with a single set of words can only generate max 2\^31 of the 2\^160 keys.
Create a 24-word master seed phrase. Etch it in stainless steel. Store it in a safe deposit box. Then, use the master seed phrase to create BIP85 Child Seed Phrases (a different index per wallet). You can also add a 256 bit entropy passphrase to add extra protection to each child seed phrase. Store the passphrase in a separate safe deposit box. This way you only ever need to safeguard one seed phrase and one passphrase. Each of the child seed phrases for any of your wallets can be derived from your single, master seed phrase + passphrase, which are never used for a wallet.
> All wallets use the same BIP-39 standard, no matter the blockchain. Except the bitcoin wallets created before September 2013 when BIP-39 was released.
All wallets use the same BIP-39 standard, no matter the blockchain. Its just 12 or 24 words that represent a very large number
From chatGPT: 1. **Seed Phrase and Multiple Cryptocurrencies:** * A seed phrase is a list of words that acts as the master key to your cryptocurrency wallet. It's typically generated using a cryptographic algorithm. * While a seed phrase is primarily associated with Bitcoin wallets, it follows a standard (BIP39) that allows it to be compatible with other cryptocurrencies. * When you set up your hardware wallet, it generates a seed phrase. This seed phrase can then be used to derive private keys for different cryptocurrencies, not just Bitcoin. Each cryptocurrency has its own method for deriving keys from the seed phrase, but they all follow the same standard. 2. **Adding Another Account on Trezor:** * When you add another account on your Trezor (or any hardware wallet), it generates a new public key associated with that account. This new public key is derived from the same seed phrase you originally set up. * You won't be given another private key because the private keys are all derived from the original seed phrase. Your hardware wallet manages these keys internally, so you don't need to worry about managing multiple private keys yourself. * Each account can have its own unique public key, but they are all controlled by the same seed phrase, ensuring that you have access to all your funds with just one mnemonic phrase. In summary, a hardware wallet generates a single seed phrase that can be used to derive private keys for multiple cryptocurrencies. Adding another account on your hardware wallet generates a new public key, but it's still controlled by the same seed phrase, eliminating the need for multiple private keys.
While it's true a HWW only needs the first four letters but I don't think that's a good idea because.... Recording only the first 4 letters of the words in a BIP39 recovery phrase may be risky even if it’s done on metal. This is especially true if storage media uses sliding tiles and/or screws or is made of or contains a soft metal like copper or aluminum. Jameson Lopp did extensive testing where he found many materials and methods suffered data loss from fire and/or corrosion and/or crushing. https://blog.lopp.net/a-treatise-on-bitcoin-seed-backup-device-design/ Stamping jig https://www.cryptocloaks.com/product/blockmitjig/ In all, there are 710 words or 34% of the BIP39 standard that become ambiguous if the first letter is lost and only the first 4 were recorded. Consider that recording only the first four of a 5 letter word loses 20%, a 6 letter 33%, 7 letters 43% and an 8 letter word loses fully ½ its meaning when truncated to 4. What If the calamity that the seedphrase backup is supposed to protect against also smudges,singes or destroys the first letter? Some examples: mushroom & push both become ush drastic, erase, trash & grass become ras Not much can be done about the 3 letter words such as fan, man & van that are reduced to "an"m
This is all you’ll ever need to make an educated decision on metal stamped cold storage.. https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test/amp/ Just make sure to use [BIP38](https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki?ref=blog.lopp.net) or [BIP39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki?ref=blog.lopp.net) to mitigate the physical attack vector.
>doesn't that mean the seedphrase is on the blockchain or floating around somewhere online? It's understandable that you would think this, because very few of us are familiar with the existence of "one way" mathematics operations such as those used in cryptographically secure hash operations. Your seed phrase represents, in human-friendly form, "entropy" that is input to an algorithm that deterministically (that is, reproducibly, not randomly) produces a secret number from a REALLY, REALLY big number space. The algorithm is irreversible; there is no known math that can be used to rediscover the entropy from the seed. The [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#user-content-From_mnemonic_to_seed) sums it up as: > To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes). So that's how a wallet -- ANY wallet -- can recreate a seed without having to consult the blockchain or a server somewhere. Likewise, the seed (a number) is used as input to another algorithm that, along with an index number (0, 1, 2, ...) deterministically produces private keys. > This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods. The fascinating consequence of the "one way math" functions used in these algorithms is that, while private key #2 and private key #1 can always and at any time be recreated from the seed by following the algorithm, there is no known algorithm for directly linking private key #2 to private key #1, or for producing private key #2 from private key #1, or for reverse engineering the seed from any (or all!) of its private keys.
Because it's not a concern. If anything quantum is developed which could compromise Bitcoin, someone will propose a BIP which solves for it, and problem solved.
BIP will require literally all wallets to transfer their BTC to new chain. Unclaimed wallets will be free up for the grabs.
Surely you can't be serious. Someone will release a BIP that solves for any quantum issue that might arrive, and Bitcoin keeps on trucking.
If we have to differentiate between KYC and non KYC Bitcoin, then Bitcoin is not private enough. I would honestly support a BIP that made a user pay higher sats/vbyte to have good privacy on the L1. I would also support a BIP that made this available as a default.
I don't see anything about democrats or republicans in the white paper. Was that introduced in some BIP that I'm not aware of?
The vastness of possible combinations. There are 10 to the 77th power, possible private keys with BIP39, 256bits of entropy. 1 followed by 77 zeros is as many atoms there are in the observable universe. One grain of sand contains 100 quintillion atoms. And that’s not counting possible passphrase combinations. 256 bits of entropy could be cracked with 256qbits of quantum power. We’re currently at around 7qbits and the increase slows down as it progresses.
I programmed the BIP39 key generator myself. All the fail safes are just sugar on top of a way to get entropy bytes, not actually enforced by the protocol. The wordlist in the end is for convenience and standardization. I used all the failsafes on the important step when I generate my seed, but not when I go to sign tx’s since there’s no risk of a mistake
"Steep" is not even in the BIP39 word list... also, the checksum words wouldn't let you invent a seed that is not matching up. No way to misspell just one word and carry on.
The problem is that if anyone has your Seed Words they can use it in any BIP39 Wallet, so your Ledger Device doesn't even know that a transaction is taking place.
I use the dice roll method for entropy. Run a string of 99 dice rolls through SHA256 and you have 256-bit security. then [BIP39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) from there. [seedsigner](https://seedsigner.com/) has an easy-to-read [python version of this](https://github.com/SeedSigner/seedsigner). Disclaimer: many experts such as Andreas and Kratter do not recommend this since you could screw it up if you don't know what you're doing
>I am not talking about the 1000 other chains, which all have their own shortcomings, I am talking about Bitcoin Cash. Sure, but don't you think BCH is attracting an unfair amount of hate relative to all others? >Anybody can fork Bitcoin by copying its codebase and start tweaking stuff. That's not an accomplishment. We did much more than just "tweaking stuff". Full VM upgrade, TX output format extension, infinite mempool chains thx to mempool code optimizations and nuking Core's RBF, adaptive blocksize limit algo >So BitcoinCash is a company now? How decentralized. Then Bitcoin™ is a company too. I add ™ just to highlight that we have our own brand. Bitcoin is the title of a whitepaper, Bitcoin™ is the chain that defended and won the Bitcoin™ brand. >Bitcoin's strength lies in its inability to not change every five seconds. It's the incumbent now, ossification-as-a-feature. Lets see how long it can stay #1. We don't need to overtake BTC, 10% would be a nice place to be. Enough hash to be secure and enough that miners start appreciating us more. "five seconds" means you know nothing about BCH [change process](https://gitlab.com/im_uname/cash-improvement-proposals/-/blob/master/CHIPs.md). It's not easy and it's not every 5s, the upgrades we did were after years of discussions. >you have developments on layer 2s that are aimed to scale Bitcoin Without good primitives on L1, the L2s are doomed to irrelevance. LN has 5k BTC TVL lmao. If Bitcoin activated some L1 covenants tech or BIP300 or something then we could talk about serious L2s. >Market cap, transaction volume (on average), active addresses, hash rate, engagement of community, global usage, merchant adoption, mining infrastructure development, the very filling of blocks for god sakes.. which is arguably the largest reason for the fork in the first place. Yes. All networks are ultimately secured by their economy. Attracting enough volume before subsidy runs out is a matter of survival, and we're trying to attract it by making a better value proposition than we were trying in '19-'20. Just because volume didn't go to BCH doesn't mean L1 scaling was proven wrong - activity just went to all the other chains - and they were the real winners of blocksize war. It could all have been Bitcoin. >You need more volume on the L1 to be relevant. Agreed, working on it.
> This week’s newsletter summarizes discussion about a new push for a consensus cleanup soft fork and announces a plan to choose additional BIP editors by the end of the week. Also included are our regular sections announcing new releases and describing changes to popular Bitcoin infrastructure software.
Right, now compare it with all the 1000s of other chains which are mostly centralized PoS/VC crap. It's a big ocean, and we're better than the most, and been busy with upgrades, got full L1 DeFi and native tokens now. What other pure PoW with no ICO/devtax/premine chains are there? It's just BTC, DOGE, LTC, XMR, and BCH is most advanced when it comes to L1 tech, you haven't been paying attention. >Roger’s fall from grace He's not relevant for BCH's future. He was a big supporter in '17 and most stubborn in trying to take the Bitcoin brand but he faded away. It's a new generation of holders, builders, and supporters, we stand on our own as BitcoinCash™. >only extracts value from development on bitcoin LOL. What did BTC get done during last 7 years other than Taproot/ordinals shitshow? BCH: BIP-62 malfixes, CSFS, cat&split, full flexible covenants through TX introspection opcodes (May '22), int64 ScripVM ops (May '22), unlimited unconfirmed chains, consensus-enforced native tokens (May '23, with dedicated set of introspection opcodes) that can interact with covenants, keep & pass around contract state, and make L1 DeFi happen, P2SH32 to solve the collision problem. Also, getting adaptive blocksize limit in May '24. In '18 we were doing recursive covenants with CSFS+CAT&SPLIT, now we're just using introspection, it's much more straight-forward. We already have the primitives to implement whatever L2s we want, but there's no need for that, we want more volume on L1 so fee volume will add up, imagine 2033 BCH at $200k at peak of bull, PoW worth $210k/block, blocks filled with 190 MB, and fee/TX still cheap at 6 cents. 190 MB is at the limit of current tech (due to orphan rates, when it comes to general non-mining nodes we have proven a RPi can keep up with 256 MB blocks). Also, we're working on UTXO commitments to solve IBD.
Yes, the seed words generated on the ledger are "BIP39". BIP39 seed words work on all the hardware devices. I assume you have them written on a piece of paper somewhere? You'll be importing the seed words from your paper into your Jade. You can't export the seed from a ledger.
A seed is a "random start point" for procedural generation. It's often used in computer games for creating randomly generated levels or characters. The benefit is that with the same seed one can create the same level, world or character. A seed can be anything, a word, a phrase, a few letters, a single byte. We can both put the seed "spaghetti" into minecraft and we would be playing in worlds that look identical. We can both create the same wallet with the words "spaghetti". The issue is that it is a *low entropy* seed, which means it's easy to guess. There are bots that crawl all the 1 word "seed" phrase; "correct horse battery staple" from the XKCD comic; lines of songs, "Call me ishmael", the first sentance in Moby dick etc to find peoples money. In order to make wallets impossible to find you need to use an unguessably large number. *115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,935* Like this. This is a 256 bit number. BIP39, is a method of creating and displaying big numbers in a standard format that is easy to read, hard to mistake and easy to remake. In the word list all the first 4 letters of each word are unique. If it has the word "Seat" then Seated, Seats, Seatie will not be in the list. BIP39 is purely for making it easy for humans to read and write big numbers with ease.
>1, Would flipping a coin 256 times BUT each alternate flip I reverse the result, would I eliminate coin side bias from my new number? ie be as random as possible? No. Think about this in the extreme: a coin so biased that it ALWAYS lands on "heads". The naïve user cluelessly records the outcome as HTHTHTHT.... which is a guessable pattern. To eliminate coin side bias you'd have to RANDOMLY (not periodically) reverse the result of the coin flip ... which brings you right back to the original problem. But if you find your 256 flip outcomes are between 45% and 55% heads, I wouldn't worry about it. >2, If I were to flip a coin 256 times how do I convert offline resulting binary number into bip39? Short answer: see [Generating the mnemonic ](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic). Long answer: 1. Compute the SHA256 hash of your 256 bits of entropy. The first 8 bits of this hash output will be your checksum value. 2. Append the 8-bit checksum to the 256 bits of entropy, creating a 264-bit number. 3. Partition the 264-bit number into groups of 11 bits. 4. Convert each 11-bit number to a decimal number (0 to 2047), then add 1. 5. Use each number as the index for a word in one of the BIP-39 [word lists](https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md).
>If I used only 12 words, shouldn't it be 128 bits? I thought that 12 words = 128 bits and 24 words = 256 bits. You're confusing the entropy - from which the seed is calculated - with the seed. In the BIP-39 standard, the entropy can be 128, 160, 192, 224 or 256 bits. The seed, calculated from that entropy, is always 512 bits.
There is a checksum for addresses. If you change a word in a seed and that is still a valid BIP word then it'll generate a new private/public key which will then generate different addresses.
>If I have "11111011000101011111110000011110010001000001101110110100001100010100000001111010010101111110101110000111111110100001111111011110" and "wild quiz always market robust board acid enough twist divert margin route", why do I need "fd0ec962aa939c994a8aae278f54d514aa689901f60a0c739252f349df507d5e4839d3d82cdd8cc769a5c9fa7c2b2f0bb719769ef8661f59f14451f60f6e3dbf"? You don't (except that binary number is way too short; it should be 11111101000011101100100101100010101010101001001110011100100110010100101010001010101011100010011110001111010101001101010100010100101010100110100010011001000000011111011000001010000011000111001110010010010100101111001101001001110111110101000001111101010111100100100000111001110100111101100000101100110111011000110011000111011010011010010111001001111110100111110000101011001011110000101110110111000110010111011010011110111110000110011000011111010110011111000101000100010100011111011000001111011011100011110110111111). The hexadecimal and the binary formats are just two different ways of expressing the same 512-bit number. The BIP-39 mnemoic sentence expresses the same information as the binary and hexadecimal forms, plus some error checking information, and it's MUCH more human friendly.
What is the difference between these two? BIP39 Mnemonic: wild quiz always market robust board acid enough twist divert margin route BIP39 Seed: fd0ec962aa939c994a8aae278f54d514aa689901f60a0c739252f349df507d5e4839d3d82cdd8cc769a5c9fa7c2b2f0bb719769ef8661f59f14451f60f6e3dbf
Just to comprehend, even if I gave all 24 words of my seed phrase it would take at max 620448401733239439360000 (24!) tries to find the correct order. Judging by OP’s computer speed, that’s about 100 billion years of trial and error. There are 2048 words in the BIP 39 wordlist.
>Is it possible to create a seed that is not bip39 interpretable? That depends on what you mean by "interpretable". A seed is just a number. Of you give a number to a function which is expecting a BIP-39 mnemonic sentence, it will not "interpret" it as such. >As I understand it, seed addresses are 256 1s & 0s? Seeds are. "Seed addresses" aren't a thing. > So if those 256 digits are split to create a 39 seed phrase, presumably all possible seed addresses can be converted to a BIP 39 pass phrase? That's not how BIP-39 works. 128 to 256 bits of *entropy*--not the seed--are split into 11-bit chunks. Each chunk identifies a word in the 2048-word word list. 12, 15, 18, 21 or 24 words from that list form a mnemonic sentence. > what is the additional cutstom 25th word doing to the original 24 words? The [algorithm](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#user-content-From_mnemonic_to_seed) that converts a mnemonic sentence - or seed phrase - into a seed starts with a *salt* value. If you provide a passphrase, the salt is "mnemonic" + <<passphrase≥>. If you don't provide one, the salt is "mnemonic": >To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).
Because that was incorrect. The receiver simply sees the transaction, this includes the originating *address,* not the wallet. There is no way to deduce other wallet addresses from a single one (assuming the usual BIP-39, etc.)
Download any BIP39 compatible wallet (most of them these days are) and enter the seedphrase. Make sure to download a trustworthy wallet to not lose your funds.
No. But we can propose a new BIP for it. Or implement it onto the Lightning Network.
It started out at a blocksize increase, but at this point BCH has evolved far beyond that: * BIP-62 malfixes * covenants * 64bit ScripVM OPs * Unlimited unconfirmed chains * Consensus-enforced native tokens * Demand-driven adaptive blocksizes To name a few