BIP

TheHerosReturn2020

I got the CC Mk 4 recently as my first cold storage setup. I really love it. Some people argue it is a little to advanced for a first cold wallet but I have had zero issues and have started using some of the more advanced features with relative ease. I decided I preferred it to the Q for the price difference, the relatively equal technical features, and (most importantly) the size difference. I would highly recommend it. Just watch some youtube videos, practice setting up a few wallets with the various features (I like BIP 84 and passphrase), and then delete and recover the whole setup to prove you can. Only then move your funds over. It really is not that hard and I think it is the best value and feature set.

Aussiehash

Much of your workflow issues are because you are using different desktop coordinator wallets. SparrowWallet uses HWI, whereas Electrum supply a library of plugins for hardware wallets, but when a new hardware wallet or standard comes along it is up to the developer to write or update their own plugin. With SparrowWallet and airgapped multisig those teething problems go away, your hardware wallet is only attached to power, it is *never* connected to the PC. You create the multisig quorum in Sparrow, each co-signing hardware wallet exports the XPUB/descriptors to Sparrow via QR code. SparrowWallet then creates a wallet skeleton which you must import back into each cosigner (it is saved on device in the case of Coldcard, Passport, Jade, Keystone). Then whenever you want to create and sign a spend transaction in SparrowWallet, your transaction signing from desktop, to hardware wallet, back to desktop is over airgap via animated QR codes and camera (I don't use Bluetooth or MicroSD) I re-created my quorum from the cosigners in Electrum and Specter to reassure myself that it is possible, I have no intention of using the others unless I have to. The BIP39 standard is not going anywhere, even with Taproot, MuSig, etc.

StrepselFlyer

Hi, thanks for the reply. Yes, I agree Seedsigner looks very cool. I probably will go for Coldcard / Jade + Sparrow Software wallet. 3 hardware wallets seems kind of insane over dependence on proprietary hardware IMO, having to find places to store these things, lug them around when travelling, keep firmware up to date + learn different protocols etc. 1 HW + 1 SW for signing is your man IMO I think. But...how portable is the BIP 39 and other standards really ? That is the question. It seems like work in progress to me because the hardware is such an integral part of the wallet creation and signing process. For example I save a PSBT transaction from Sparrow and Electrum just chokes trying to read it. It's not clear to me whether the original hardware wallet should be considered critical to recovery or if the wallet can be reconstructed in a software client using the seedwords and derivation path.

Aussiehash

My objective is multivendor open source airgapped multisig, so using a desktop wallet as a cosigner is not on my radar Having said that Electrum's developer has never been a fan of BIP39, so you might not be able to use Electrum as a BIP39 wallet (they have their own mnemonic seed system), but SparrowWallet fully supports BIP39. My recommendation is take a look at Seedsigner as one of your cosigners, with a PiZero 1.3 (no wifi or Bluetooth). It is completely stateless, you boot up SeedsignerOS, remove the MicroSD, and do all key generation and signing airgapped. When you remove the power there is no record. That does mean that you do need to imput your mnemonic seed words every session, but that is a deliberate feature by design.

Toesy93

Hello people, I'm looking for some advice if it's known please. This is not ledger related, but seed phrase related. On a casper wallet. I have always been so careful with noting down my seed phrase, but I messed up last week setting up a casper wallet. It's a 24 word seed and I have missed one word from it. I'm 99% sure I know which number word it is in the sequence. I'm currently working through the 2048 words in the BIP39 directory. As the btcrecover or seed saviour way is doing my head in. I'm not that techy, but will find someone who is if I have to. I will revert to this after If I have no joy working through the directory of words. Does anyone know the answer to this: One of the words I put in, took me to the next stage of account recovery. It showed 5 addresses that I could choose to recover, but none were the address where my casper tokens are. You can click next 5 addresses and it shows another 5, again none are my address. You can keep clicking next 5 addresses and see more, again, none are my address. This seems to just keep going. I'm wondering, will another word in the BIP39 directory, potentially take me to my account where my casper is. Or is the one that let me through to recover, my one? And I just have to keep clicking next 5 until my address shows up with the tokens in. Sorry if this isn't clear. Thank you,

TheGreatMuffin

> This week’s newsletter describes a recently discovered theoretical consensus failure vulnerability and links to a proposal to avoid reuse of BIP32 wallet paths. Also included are our regular sections summarizing a Bitcoin Core PR Review Club meeting, announcing new releases and release candidates, and describing notable code changes to popular Bitcoin infrastructure software.

Grand-Button5819

Yeah, I get that and I agree with the sentiment. I'd probably go about it by instead providing a random number generator and a standard full list of BIP-39 words and allow the user to create their own mnemonic word by word onto paper. Would be tricky to to properly guide them how to pick the last word that's also a checksum for the mnemonic, but a fair RNG would be an easier sell than a full mnemonic generator in the browser. But why would you do that anyway if you can get an established hot wallet or a hardware wallet that both handle this stuff for you and are already credible?

BitcoinAcc

Electrum by default doesn't use the standard BIP39 for the 12 seed words, like most other wallets do. It uses its own standard, with its own word list. Bluewallet recognized the seed words as coming from the Electrum list, which is why it was able to label the wallet.

Genkoji

BIP39 + passphrase basically fulfill the same purpose b

low_contrast_black

Yes. Passphrase is part of the BIP39 spec, so as long as it’s BIP39 compliant, you should be good. As far as an “official” list? Not really. The landscape changes, and there’s also personal preference. If you stick to open-source wallets with air-gapped secure elements you’re generally good. Trezor Safe 3, Trezor Safe 5 and BitBox02 bit only version are a few very reliable wallets that are also quite friendly enough for first-timers. That’s by no means an exhaustive list though.

user_name_checks_out

Yeah, those are variations on the xpub, not the same thing. You want the address that holds the balance. Or you could try creating the wallet three different times in Electrum, once with each of the three likely derivation paths: `m/44'/0'/0'`, `m/49'/0'/0'`, and `m/84'/0'/0'`. See if any of those yields a balance. I note that in [another post](https://old.reddit.com/r/Bitcoin/comments/1kg6ajr/error_sending_transaction/mqw9yis/) you mentioned that you have a passphrase, and that the wallet is BIP39, you would also have to get both of those things right when recovering the wallet in Electrum.

user_name_checks_out

The first line indicates three different formats for the derlivation path, and I would guess that you want one of those: BIP 44: m/44'/0'/0' (1addresses) BIP 49: m/49'/0'/0' (3addresses) BIP 84: m/84'/0'/0' (bc1qaddresses) In Samourai, the address that holds the balance, does it start with 1, 3, or bc1?

Bred_Slippy

Yes, but OP didn't state the amount involved, so I'm erring on the side of caution with my suggestions. If it's not a large amount and OP is happy with the increased risk of a hot wallet, then Electrum or Blue Wallet are also decent options that can restore a BIP39 seed phrase with additional passphrase. This would be simpler. 

ManlyAndWise

The sequence of words \*is\* the access to your wallet. Your physical device does not contain your BTC. They are on the blockchain. Anything happens, you buy a new device (whatever brand), put those words into them, and can access your wallet as usual. This presupposes you have used the common BIP39 seed phrase. If you have used a different standard, you will have to buy a cold wallet that uses that standard.

CatatonicMan

Non-mining nodes don't *usually* vote. They do, however, vote whenever a user-activated soft fork is called for (e.g., BIP 148 for SegWit activation).

Aussiehash

You can use any 23 BIP39 words, so if you haven't transferred your coins yet, use your hardware wallet to calculate a new 24th word

JamesScotlandBruce

Yup. Don't try and out random the jade for your seedphrase. There is no benefit and potentially a lot of bad that could come if it. Much better is to add a passphrase. I use a short sentence of five or six words that doesn't look out of the ordinary so can be stored digitally. https://help.blockstream.com/hc/en-us/articles/20138948637337-Add-a-BIP39-passphrase-for-Jade

NiagaraBTC

You can do multisig with one ColdCard (using passphrases or BIP-85) but I'm not sure why you'd want to. Ideally your devices/keys are geographically separated, imo.

Dangerous_Dingo5236

How bout a not scam... I have a seed generator. I'll send it for a donation. If you donate over $20, I'll send you multiple scripts that do 12, 15, 18, 21, 24 BIP passcodes. [https://commerce.coinbase.com/checkout/beda1313-1767-4ae1-9762-07d48904c6a4](https://commerce.coinbase.com/checkout/beda1313-1767-4ae1-9762-07d48904c6a4) https://i.redd.it/syrrlxxoavxe1.gif

RedditThrowaway-1984

I haven’t read the BIP, but wouldn’t that make it more censorship resistant to prevent miners from censoring transactions? Also, if the mining fee is paid, it’s not spam by definition.

Mantis-Prawn

Your keys will remain the same, when we are back online you will just use the same BIP38 or BIP39 private keys in order to submit signed txid's into the mempool

Mantis-Prawn

Small chance that is what a phrase... Back then BIP39 wasn't widely implemented yet.

Blockchainauditor

You are missing a step or two. The BIP39 recovery phrase (re)creates a wallet. You then need to calculate the private keys and associated crypto addresses. So it isn’t a one step process for each seed you create with the 12/24 words.

cannedshrimp

The 24 words are the private key. The BIP39 standard converts the private key to 12 or 24 plain text words. If you let the Jade generate the words for you then you may be at risk

halfwheeled

Good question — this gets into the heart of how Bitcoin (and other crypto) wallets stay secure! Here’s the simple version: 1. Random number generation: First, a very large random number is created — typically 128 bits (for 12 words) or 256 bits (for 24 words). This is just a string of random 1s and 0s. 2. Checksum added: A checksum (sort of like a tiny error-detection code) is added to the random number to help catch mistakes. It’s based on a hash of the random bits. 3. Split into groups and mapped to words: The combined bits are split into groups of 11 bits each, and each 11-bit group maps to a word in the BIP-39 standard word list (which has exactly 2048 words — because 2¹¹ = 2048). 4. That’s your seed phrase. ⸻ Now your real question: how does the algorithm ensure that the combination of words isn’t the same as an existing wallet? Answer: It doesn’t check at all if it matches an existing wallet. Instead, it relies on probability. The space of possible seed phrases is so astronomically huge that the odds of two people randomly generating the same seed are virtually zero. • A 12-word seed has about 2¹²⁸ possibilities. • A 24-word seed has about 2²⁵⁶ possibilities. For context: • 2¹²⁸ is about 10³⁸ — that’s a 1 with 38 zeroes. • 2²⁵⁶ is about 10⁷⁷ — a number so large that it dwarfs the number of atoms in the universe (~10⁸⁰). In other words: There are so many possible seed phrases that even if every human on Earth generated a billion seed phrases per second, for the entire age of the universe, we still wouldn’t run into collisions. ⸻ Summary: • Seeds are generated by strong randomness + a checksum. • No checking against existing wallets is needed — it’s just statistically impossible to collide.

OrionsChainsaw

Ok, I got bored and wrote a python script for you that will unlock your backup file. Here's how to do it. * 1. Download and install python [https://www.python.org/downloads/](https://www.python.org/downloads/) * 2. Once installed, open up a command prompt and type "pip install pycryptodome" (without the quotations). * 3. Make a new folder. In that folder put your backup file. * 4. In the same folder, make a new file called "decrypter.py". * 5. Open [decrypter.py](http://decrypter.py) in notepad and paste the following code: &#8203; from Crypto.Cipher import AES from Crypto.Hash import MD5 import base64 def openssl_key_iv_derivation(password, salt, key_len, iv_len): d = d_i = b'' while len(d) < key_len + iv_len: d_i = MD5.new(d_i + password + salt).digest() d += d_i return d[:key_len], d[key_len:key_len+iv_len] def decrypt_openssl(enc_file_path, dec_file_path, password): with open(enc_file_path, 'rb') as f: enc_data = f.read() enc_data = base64.b64decode(enc_data) if enc_data[:8] != b"Salted__": raise ValueError("Missing OpenSSL salt header") salt = enc_data[8:16] ciphertext = enc_data[16:] key, iv = openssl_key_iv_derivation(password.encode(), salt, 32, 16) cipher = AES.new(key, AES.MODE_CBC, iv) decrypted = cipher.decrypt(ciphertext) padding_length = decrypted[-1] decrypted = decrypted[:-padding_length] with open(dec_file_path, 'wb') as f: f.write(decrypted) # Variables needed: decrypt_openssl('NAMEOFYOURFILE', 'decryptedfile.txt', 'blabla') Replaced NAMEOFYOURFILE with the actual name of your file, and MYPASSWORD with your actual password. Then save the file. * 6. Open up CMD and navigate to your folder. Type "py decrypter.py". * 7. A new file should appear in your folder called decryptedfile.txt. If you open it you'll notice it is mostly gibberish, but if your password is correct a twelve word seed phrase should appear at the top of the file. If it's not there and all you see if random characters, you got your password wrong. * 8. Open Electrum. Choose File > New/Restore > Standard Wallet > I already have a seed. * 9. Paste your seed, then click options and choose "BIP39 seed". Click next. * 10. If your addresses start with bc1q.... then choose native segwit and type " m/1' " (note the ') in the derivation path. 11. If your addresses are older (possible from 2014), choose legacy and type " m/0' " (again not the ') in the derivation path. This will restore all your wallet address. **Once done, send your coins to a new wallet because you now have an unencrypted seed phrase on your PC.**

OrionsChainsaw

Ok, I got bored and wrote a python script for you that will unlock your backup file. Here's how to do it. 1. Download and install python [https://www.python.org/downloads/](https://www.python.org/downloads/) 2. Once installed, open up a command prompt and type "pip install pycryptodome" (without the quotations). 3. Make a new folder. In that folder put your backup file. 4. In the same folder, make a new file called "decrypter.py". 5. Open [decrypter.py](http://decrypter.py) in notepad and paste the following code: `from Crypto.Cipher import AES` `from Crypto.Hash import MD5` `import base64` `def openssl_key_iv_derivation(password, salt, key_len, iv_len):` `d = d_i = b''` `while len(d) < key_len + iv_len:` `d_i = MD5.new(d_i + password + salt).digest()` `d += d_i` `return d[:key_len], d[key_len:key_len+iv_len]` `def decrypt_openssl(enc_file_path, dec_file_path, password):` `with open(enc_file_path, 'rb') as f:` `enc_data = f.read()` `enc_data = base64.b64decode(enc_data)` `if enc_data[:8] != b"Salted__":` `raise ValueError("Missing OpenSSL salt header")` `salt = enc_data[8:16]` `ciphertext = enc_data[16:]` `key, iv = openssl_key_iv_derivation(password.encode(), salt, 32, 16)` `cipher = AES.new(key, AES.MODE_CBC, iv)` `decrypted = cipher.decrypt(ciphertext)` `# Remove PKCS#7 padding` `padding_length = decrypted[-1]` `decrypted = decrypted[:-padding_length]` `with open(dec_file_path, 'wb') as f:` `f.write(decrypted)` `# Variables needed:` `decrypt_openssl('NAMEOFYOURFILE', 'decryptedfile.txt', 'MYPASSWORD')` Replaced NAMEOFYOURFILE with the actual name of your file, and MYPASSWORD with your actual password. Then save the file. 6. Open up CMD and navigate to your folder. Type "py decrypter.py". 7. A new file should appear in your folder called decryptedfile.txt. If you open it you'll notice it is mostly gibberish, but if your password is correct a twelve word seed phrase should appear at the top of the file. If it's not there, you got your password wrong. 8. Open Electrum. Choose File > New/Restore > Standard Wallet > I already have a seed. 9. Paste your seed, then click options and choose "BIP39 seed". Click next. 10. If your addresses start with bc1q.... then choose native segwit and type " m/1' " (note the ') in the derivation path. 11. If your addresses are older (possible from 2014), choose legacy and type " m/0' " (again not the ') in the derivation path. This will restore all your wallet address. Once done, send your coins to a new wallet because you now have an unencrypted seed phrase on your PC.

Junior_Client3022

Bitcoin is the only cryptocurrency that for no additional cost as a user, you can scrutinize the code and audit the ledger without a 3rd party. Every Altcoin is a BIP that was rejected by the concensus mechanism of users(The public majority)

castorfromtheva

> You say 0.1, that is equals 10 million satoshis, would become 10 million BTC? Nope. Read OP's post and BIP. Nevertheless what OP suggests is a stupid idea.

achow101

This totally isn't super confusing.. Reminder that just because a BIP has a number and is in the repo doesn't mean that it's a good idea or that anyone with use it. > if BIP 177 passes Passes what? BIPs aren't legislation that need to be "passed" by anyone. Implementers of software are free to choose which BIPs they want to implement. This particular BIP is so idiotic that I don't think anyone except the author is going to implement it.

Mantis-Prawn

Definitely, every BIP39 wallet will work

incomingone

I have a lot of BTC so made sure my private keys are retrievable by family. They already have the private keys albeit BIP38 encrypted (and obviously the password can be retrieved due to arrangements I made).

incomingone

I have a lot of BTC so made sure my private keys are retrievable by family. They already have the private keys albeit BIP38 encrypted (and obviously the password can be retrieved due to arrangements I made).

pgh_ski

BIP39 passphrase is great for layered security as well. Encryption is a solid strategy provided you ensure you and your heirs know which settings/software to use. Only thing I would disagree with is seed splitting. It's generally better to avoid non-standard practices, as you're likely to forget or make a mistake that results in key loss. Using standard protocols like a BIP39 passphrase is more reliable for layered security. Thanks for commenting! This is the neat stuff of crypto security for sure.

riscten

Nope, the passphrase is part of the BIP39 specification. Ultimately, your keys are derived from a large number called the master key. One mnemonic is a representation of this master key. When adding a passphrase, you're changing the master key, and essentially accessing a different wallet.

life764

An xpub (or extended public key) is not "completely random". An xpub is a string that encodes specific bits of information [described here in BIP-32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#serialization-format). The first pieces of info included are the magic version (or type), depth, parent fingerprint and child number. [This tool](https://learnmeabitcoin.com/technical/keys/hd-wallets/extended-keys/#address-extended-key-tool) is useful for understanding how the encoding works. I think you're right to be suspicious. If the first 10-13 characters are the same, that seems to indicate the keys are derived from the same parent key, which wouldn't be ideal. How were the private keys generated?

Odd_Science5770

Thanks man. I've spent months planning out my inheritance setup. There's much more to it than what I described above. I also developed a method to encrypt my seed phrase using only a pen and paper. It can only be decrypted with a secret dictionary. It's a method called a "one-time pad". Basically, I used some software to assign each of the BIP39 words a random number between 1 and 2048 (there are 2048 words total). I then wrote down the numbers corresponding to my 12 words on paper. I gave my heirs (parents) a package that includes the USB stick, a piece of paper with the encrypted seed phrase, and instructions. On the USB stick, there is a PDF file with detailed instructions, and a file containing the secret dictionary to decrypt the seed phrase. The decryption process is really easy, even for nontechnical people, since all you have to do is find the number written on the paper, and then note down the corresponding word. This setup ensures that there is no third party risk. Neither my heirs nor the dead man's switch service can steal my funds, and only if I am no longer around can the intended people gain access.

Mantis-Prawn

Yes, makes perfect sense. According to the Bitcoin QT and Electrum developers BIP38 is safer than BIP39. Just be 110% sure that your device isn't compromised, and to manually validate the release signatures. And make offline updates of the wallet.dat file.  When your stash grows, and you can afford a hardware signer it is strongly recommended to go that route. Because with a hardware signer you have less risk of your pc gets compromised one way or another.

crunchyeyeball

Their site is less than a year old, but it *appears* to be legit, and just a new company, e.g.: https://techcentral.co.za/cardware-wallet-crypto-south-africa/253540/ I'm usually hyper-paranoid, but I'm not getting bad vibes from anything here, aside from suggesting caution with any any new supplier. It appears to be open source, which is good, though I've not checked the code myself. It also comes with "*...a metal scratch card...to be used as a backup as the metal is fire and water resistant.*", which I think is a neat touch. As long as it supports BIP39 (in case the company fails), it should be a safe option. Personally I wouldn't use it as my main wallet until it's gained wider adoption, but I'm not going to dismiss it either.

Satoshislostkey

I'm sorry but I disaalgorithm. Yes, it's possible that sha256 could be broken as well. However, that is less of a threat because the blockchain can just be restored using a quantum resistant algo. Hopefully, we have a BIP that addresses quantum computing within 10 years. According to Bitcoin devs and Grok, private keys can absolutely be brute forced someday. Not any time soon... but at some point in the future. That means people with access to their Bitcoin must migrate to a Quantum resistant solution. Lost Bitcoin will be at risk potentially. This is all theoretical but possible.

Mantis-Prawn

Bitcoin Core does not use BIP39 seedphrases. They are on BIP38. So, password could be anything.

TaGoItFr

TL;DR It isent secure. The problem is, if its not open source you dont know how random the generated seed is. Truly randomness is impossiblr to achiev on a electrical device. This includes every HW wallet that generates a seed, but if its open source, you can check how random. Just a basic explenation: If the generator just flips one word in every seedphrase, it dosent matter if its airgapped or not. The company knows its own algorhytm and its possible to implement a pedictable one. You can generate your own seed by hand. Check the BIP39-list, print all words, writhe the words by hand or buy the product "seedsticks". Then pick 11 or 23 words (truly random). Use seedsigner or another offline calculating tool to calculate the last word and boom you have a save seedphrase. There are longer and more detailed guides on this topic but this are the key steps. I hope you wont risk it with ledger producrs any more.

na3than

>A passphrase adds another 256bits. Not necessarily. A passphrase adds UP TO 256 additional bits. If your passphrase is a single character, it adds only 6-8 bits of entropy. A two-character passphrase adds only 12-16 bits of entropy. A three-character passphrase adds only 18-24 bits of entropy. To add 256 of entropy you'll need a passphrase consisting of ~36 RANDOM alphanumeric characters (I don't recommend this, since it's VERY hard to record something that complex with ZERO transcription errors), or select 16 RANDOM words from a 100,000 word dictionary, or select 24 RANDOM words from the BIP-39 word list.

Mantis-Prawn

More then likely you are confusing a passphrase with the seedphrase. First of all, never enter your seedphrase into a software wallet. Because you will make your cold wallet a hot wallet. With massive security risks.  Checking if you backed up your seed phrase well can be done by wiping your current device (do this if you have few funds on it) or buying a second one. Could be any hardware wallet that supports the BIP39 protocol. 

Quirky-Reveal-1669

Interesting question. I do not remember if seed phrases were part of a BIP or were there since the beginning. But it all boils done to: can you reproduce your private/public key pair? If yes then access.

Rare_Airline1418

The optional password in the BIP-39 algorithm already offers the ability to safely backup a seed phrase, since it would be useless without knowing the password, as long this password has as enough entropy. In this case you could give the seed phrase to your family and friends, on paper or digitally. You could even write this seed phrase down on public streets, that all does not make a difference. There are only two things: 1. Did your password ever came in contact with an electronic device which has, had or will ever have internet access? In that case, your password is unusable. 2. Has your password enough entropy? Your approach violates number 1, as you add complexity and require the seed phrase to be stored on an unsafe device. Just use a password if you want to backup your seed phrase. A password and a seed phrase from the cryptographic standpoint is exactly the same, because what counts is not the length, the entropy counts.

Decent_Taro_2358

Here’s how I would do it: Write a Python script that scans an entire directory for all PNG/JPG files. For all images, use OCR to scan all words. Check how many of those words match on the BIP39 word list. Rank results in match percentage. Open the photos with the highest match.

HodlVitality

ChatGPT 4o, Reason and Think: On-Device Generation and Security 1. Local Key Generation When you create a wallet in BlueWallet, the app uses the device’s built-in cryptographic functions to generate a random seed. This process relies on the operating system’s secure random number generator (for example, using Apple’s Security framework on iOS or equivalent mechanisms on Android). This ensures that the randomness used in key creation is robust and not predictable. 2. Mnemonic Seed Phrase (BIP39) The random data is then typically converted into a mnemonic seed phrase according to the BIP39 standard. A mnemonic phrase is a series of words that represent the underlying entropy. Users are encouraged to back up this mnemonic phrase because it is the root from which all private keys for that wallet are derived. The mnemonic makes it easier to store and restore your wallet securely. 3. Hierarchical Deterministic (HD) Wallet Structure (BIP32/BIP44) From the mnemonic, BlueWallet derives a hierarchical structure of keys following the principles laid out in BIP32 (and optionally BIP44). This means that a single seed phrase can be used to generate a practically infinite number of key pairs for receiving addresses or other functions—all in a reproducible way. This HD wallet architecture is standard across many modern cryptocurrency wallets. 4. Offline Process Crucially, all these operations are performed locally on your device. At no point does your private key or mnemonic leave your device or get transmitted to a server. This design decision maximizes security by ensuring that even if a network is compromised, your private keys remain secure on your device. Why This Matters • User Control: Since the key generation happens on your device, you maintain full control over your private keys. This means that only you have access to the seed and the derived keys. • Mitigated Network Risks: Because the sensitive parts of key generation occur without using the network, you’re not exposing your keys to potential vulnerabilities associated with remote servers. • Transparency and Open Source: BlueWallet’s open-source nature also allows independent reviews of the code. This transparency builds trust that the key generation process adheres to industry standards and is implemented correctly. Conclusion BlueWallet follows industry best practices by using the device’s secure random number generator to produce cryptographically strong entropy, converting that into a mnemonic phrase (BIP39), and then using hierarchical deterministic methods (BIP32/BIP44) to derive the necessary private keys—all executed locally on your device. This approach ensures that your private keys remain secure and under your control at all times. For further details, you can examine the open-source code on BlueWallet’s GitHub repository, which outlines these processes in more technical detail. …. I’d say this wallet is as safe as the device you create it on. Which is likely somewhat vulnerable to attack. Eternally offline hardware wallet is better.

HodlVitality

ChatGPT 4o, Reason and Think: On-Device Generation and Security 1. Local Key Generation When you create a wallet in BlueWallet, the app uses the device’s built-in cryptographic functions to generate a random seed. This process relies on the operating system’s secure random number generator (for example, using Apple’s Security framework on iOS or equivalent mechanisms on Android). This ensures that the randomness used in key creation is robust and not predictable. 2. Mnemonic Seed Phrase (BIP39) The random data is then typically converted into a mnemonic seed phrase according to the BIP39 standard. A mnemonic phrase is a series of words that represent the underlying entropy. Users are encouraged to back up this mnemonic phrase because it is the root from which all private keys for that wallet are derived. The mnemonic makes it easier to store and restore your wallet securely. 3. Hierarchical Deterministic (HD) Wallet Structure (BIP32/BIP44) From the mnemonic, BlueWallet derives a hierarchical structure of keys following the principles laid out in BIP32 (and optionally BIP44). This means that a single seed phrase can be used to generate a practically infinite number of key pairs for receiving addresses or other functions—all in a reproducible way. This HD wallet architecture is standard across many modern cryptocurrency wallets. 4. Offline Process Crucially, all these operations are performed locally on your device. At no point does your private key or mnemonic leave your device or get transmitted to a server. This design decision maximizes security by ensuring that even if a network is compromised, your private keys remain secure on your device. Why This Matters • User Control: Since the key generation happens on your device, you maintain full control over your private keys. This means that only you have access to the seed and the derived keys. • Mitigated Network Risks: Because the sensitive parts of key generation occur without using the network, you’re not exposing your keys to potential vulnerabilities associated with remote servers. • Transparency and Open Source: BlueWallet’s open-source nature also allows independent reviews of the code. This transparency builds trust that the key generation process adheres to industry standards and is implemented correctly. Conclusion BlueWallet follows industry best practices by using the device’s secure random number generator to produce cryptographically strong entropy, converting that into a mnemonic phrase (BIP39), and then using hierarchical deterministic methods (BIP32/BIP44) to derive the necessary private keys—all executed locally on your device. This approach ensures that your private keys remain secure and under your control at all times. For further details, you can examine the open-source code on BlueWallet’s GitHub repository, which outlines these processes in more technical detail. …. I’d say this wallet is as safe as the device you create it on. Which is likely somewhat vulnerable to attack. Eternally offline hardware wallet is better.

slash_networkboy

So I took some time to review the page source. They have all the encryption code minified and embedded in the page itself. It would be "easy" to make this create private keys from a constrained keyspace but still look good on the surface. Easy being relative... I don't think I could do it in a weekend, but with the potential take of having tons of BTC I could certainly see someone better at crypto than me pulling it off. What's important to note is this is not the same as breaking the crypto underpinning BTC, it's about limiting the range this particular tool is able to seed from. It's like taking the 2048 words in the BIP39 wordlist and removing 2000 of them. Without actually digging into it vastly deeper my gut says something along those lines is what may have happened. It's generating valid PKs but they're not coming from the entire possible keyspace and instead are coming from some smaller computable/guessable space.

user_name_checks_out

I implemented this once. You roll your own locking script, with two branches. Key A can unlock the script at any time, key B is subject to a timelock. There is no BIP for a dead man's switch as such. The BIP65 soft fork added support for CLTV. The BIP 0068/112/113 soft fork implemented support for relative locktimes and CSV. https://en.bitcoin.it/wiki/Timelock

ameruelo

When restoring a wallet from a seed phrase, you can type in whichever words you want from the BIP39 list. Good luck with the lack of randomness in the seed phrase. Hope you don’t lose your bitcoin.

senfmeister

And my original reply stands. You only need one with BIP85.

senfmeister

You can make a multisig with child BIP85 seeds.

senfmeister

You only need one with BIP85. 

pakovm

There is also BIP-360 by Cryptoquick (Hunter, a veteran Bitcoin contributor) which proposes a why to make quantum resistant signature for legacy address, I don't know the details as I'm not really interested in QC, but you should give it a look, the proposals to upgrade Bitcoin to be Quantum Resistant will be very interesting when the time comes.

jfitie

The same BIP39 seed will always generate the same master public key, but it depends on the script type and derivation path.

jfitie

The same BIP39 seed will always generate the same master public key, but it depends on the script type and derivation path.

senfmeister

BIP85

Dry_Computer_9111

Let’s face it man, Satoshi has sold out! ^/s You’re correct. Bitcoin is a protocol. People can project onto that protocol whatever their minds can imagine, but that’s not what Bitcoin is. I don’t see anyone *controlling* Bitcoin. Owning little ‘b’ bitcoin, sure, but nobody owns big ‘B’ Bitcoin. Wake me up when Trump creates a BIP.

wh977oqej9

BIP39 passphrase exists... You can already give it to your child. And bank can't do anything with just seedphrase. As your child can't do anything with just passphrase. Just you have both.

Full_Possibility7983

Don't want to overcomplicate, but instead of a passphrase (which can make inheritance planning trickier), you could check BIP-85, for example Coldcard supports that, but I expect more will in the future. I keep all my wallets, including hot wallets on my phone, separate using different BIP-85 seeds, but all backed up with the same "master" seed.

NiagaraBTC

Don't give anyone your seed words, ever, if you have a simple Bitcoin wallet. The simplest way to do inheritance would be to make a passphrase protected wallet. Have your seed words securely stored somewhere. Let your son or someone else trusted know where it is. Make a *strong* passphrase - I mean like 12 more BIP-39 words. Give this passphrase to your lawyer as part of your will.

TerribleTurkey

The number of possible addresses = 2³¹ = 2,147,483,648 If you generated a new one every second it would take you over 68 years, so its not something to worry about If you theoretically hit the limit you would just create a new account under the seed. This changes the path, which is made up of Path components: • 84’ → BIP84 = native SegWit • 0’ → Coin type (0 = Bitcoin) • 0’ → Account index ← this is what changes when you make a new account • 0 → Change (0 = external, 1 = change/internal) • i → Address index (0, 1, 2, …)

joecool42069

Who keeps their life savings on just a usb? BIP39 was created for a reason.

wh977oqej9

Just seedphrase wallet is totally and eternaly safe, if you do it right. But I use BIP-39 passphrase only for a reason of burglary. My passphrase is stored on different location as seedphrase, so common burglar can't do anything. I could also do it with multisig, but I find it easier to manipulate with that kind of setup.

TyberWhite

Perhaps not. The article claims he purchased Bitcoin in 2013, which predates BIP39 based wallets. Electrum was around though.

magus-21

No. He generated his keys in 2013. That's the same year BIP39 was first proposed. So there's a 90%+ chance that he has to generate his keys at random with no way to deterministically regenerate them.

magus-21

If you had read the article, you'd know the wallet was from 2013. Look up when BIP39 was adopted.

agaunaut

> just by knowing 21 words. Which BIP was this?

Realistic-Jelly8133

Just to be snarky, Satoshi doesn't have any seed phrases. He left in 2010, and seed phrases weren't introduced until 2013 with BIP 39!

Mandatory_Attribute

Dude, I even put the link right there, where he explains it. It’s not my proposal: “Bitcoin advocate John Carvalho has introduced a groundbreaking Bitcoin Improvement Proposal (BIP) that seeks to revolutionize how Bitcoin is measured and represented. The proposal suggests making the satoshi—the smallest unit of Bitcoin—the new base unit. This would redefine the current system, where one Bitcoin ($BTC ) equals 100 million satoshis (sats). Under this proposal, the term “one Bitcoin” would no longer refer to the larger unit $BTC we know today. Instead, it would represent the smallest indivisible Bitcoin unit, currently called a satoshi. This change aims to eliminate the need for decimal points in Bitcoin transactions, making values more straightforward and accessible. For instance, a transaction currently displayed as 0.00010000 $BTC would instead appear as 10,000 $BTC under this new structure. Carvalho believes this shift would reduce confusion, align Bitcoin's representation with its technical framework, and improve usability for new adopters. He argues that the decimal point is an unnecessary abstraction and that the proposed structure is already compatible with Bitcoin’s protocol. This is not the first proposal to address Bitcoin’s unit structure. In 2017, prominent developer Jimmy Song suggested BIP 176, which proposed using "bits" as a standard unit to avoid fractional BTC displays for smaller transactions. However, that idea failed to gain traction. Critics caution that such a change could disrupt existing systems, such as wallets and exchanges, and create challenges during the transition. Users accustomed to the current system might also face confusion, increasing the risk of errors in transactions.”

Original-Assistant-8

I've come around on thinking it's best if they start aligning on a transition plan. James actually offered a BIP, which is a start. I don't think burn is the right approach. They should start messaging that coins in p2pk wallets are vulnerable and should be moved at least to p2pkh. At some point they could retire p2pk as no longer secure (which would be a soft easy fork). After that, they would need to work on transition to wallets signing with quantum prepared cryptography. This will be tougher, but if they started the process with retiring p2pk, it will help get people used to the idea that transitions are required to maintain security.

Crypto-Guide

Not readily available, just work it out with Ian Coleman's BIP39 tool

Mandatory_Attribute

See the Bitcoin Improvement Proposal (BIP) by John Carvalho, to make the Satoshi the base unit of Bitcoin [https://www.binance.com/en/square/post/17615141453498](https://www.binance.com/en/square/post/17615141453498)

ymgve

BIP39 can actually use any number of words and any words/characters, but you only get the checksum advantages by following the standard. There are dozens of (empty) single word wallets with words outside the wordlist if you scan the BTC blockchain

FugitivePagan

I recommend reading about SLIP39. It has been around for quite some time, so it’s somewhat surprising that you aren’t familiar with it. Fun fact both BIP39 and SLIP39 were developed by the Trezor team.

Intelligent_End_7022

I’m sure that “imbecile” is not part of the BIP dictionary

ToTheBatmobileGuy

No one is actually reading the words... Some of those words don't even exist in any well known "recovery seed" protocols... 20 words long phrases are also not existant in any protocol since BIP39 requires multiples of 3 words, 24 and 21 word phrases would be valid, though 21 is rare/not used. But yeah, I am amazed at how many ways one can write "stupid" on a fake backup sheet... lol

CiaranCarroll

I thought that I would have to generate a seed specifically for lightning, but I was wrong. According to ChatGPT: A Lightning wallet’s seed is **just a Bitcoin wallet seed**—it’s not a special type of seed. Your assumption that a Lightning seed would be fundamentally different is understandable, but in reality: 1. **A Lightning wallet is a Bitcoin wallet** * It starts with a **BIP-39 seed phrase** (just like any regular Bitcoin wallet). * The difference is that the software (e.g., **Phoenix, Breez, Zeus, LND, CLN**) sets up a **Lightning node** on top of that seed. 2. **What Happens When You Use a BIP-39 Seed in a Lightning Wallet?** * When you restore a Lightning wallet from its seed, it **derives on-chain Bitcoin addresses** just like any standard Bitcoin wallet. * The software then checks if any of those addresses were used to open **Lightning channels**. * If Lightning channels existed, it attempts to restore them from its **channel backup files** (if supported). 3. **BIP-85 Just Generates a New Bitcoin Seed** * Coldcard Q’s **BIP-85** feature **doesn’t create a special Lightning seed**—it generates **a normal BIP-39 mnemonic** (12/24 words). * This mnemonic can be used in **any wallet** that supports Bitcoin. If the wallet also supports Lightning, you can use it as a Lightning wallet.

CiaranCarroll

Ok so you were **not** using Lightning with the derived seed generated with BIP-85 on Cold Card, correct?

CiaranCarroll

So you generated a derived seed from Cold Card Q using BIP-85, imported it into Aqua Wallet, and can send and receive to that address using the lightning network?

CiaranCarroll

Wouldn't hot wallets typically be lightning wallets. Can BIP-85 derive lightning seeds from a regular seed?

AstroRoverToday

Before you go down the self-custody route (i.e., as opposed to storing your bitcoin on an exchange), please make sure you fully understand how to safeguard your seedphrase and recover your wallet. I was a total newbie a year ago and was helped tremendously by Shayne, over at BetterHumanz https://betterhumanz.org/ref/bitcoinsecuritybasics/ He has some great video courses covering all the basics to get you educated before taking that leap. There are a ton of things to learn! It’s OK to get started on exchanges, but ultimately you want to withdraw it into your own wallet that you fully control, so be sure to understand how to correctly set that up and keep it safe. Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Hardware Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a hardware wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!

DidiEdd

bruhhh... i highly doubt there is a higher chance of getting hacked with a solana wallet as opposed to any other crypto that supports BIP39 seed phrases... could you explain why you think i would be hacked more on solana than other blockchains? answer carefully, as i've done a lot of research on solana and am an avid user of it :)

pop-1988

> How do 12 seed phrase work They start as a big random number, 128 bits long. Feed the 128 bits into SHA256. Use the first 4 bits of the SHA256 hash as a checksum. Append the checksum to the 128 bits. Split the 132 bits into 12 chunks of 11 bits. Use each 11-bit chunk as an integer - 2^11 is 2048, an 11-bit integer has a value from 0-2047. The word list has 2048 carefully selected words https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt Use the integer as an index into the word list - 0 is *abandon* ... 2047 is *zoo* Now the big random number has been transformed into 12 words Show the 12 words to the user. The user must write the words on paper and store the paper securely Hash the 12 words 2048 times using SHA512. Send the 512-bit hash to BIP42 to make a tree of keychains > couldn’t someone theoretically just run a computer that guesses 12 word phrases and then steal peoples money all day 2^128 is a very large number, beyond your imagination Also, guessing words is too slow. It's faster to guess all the keys, without all that word-lookup overhead There is a project to guess all keys. It has been running for many years. It has made only tiny progress https://privatekeys.pw/puzzles/bitcoin-puzzle-tx

wierdjokes

There are 2048 words in the list used by the widely accepted BIP39 standard. Assuming our phrase is 12 words, that would give us 2048\^12 possible combinations. That is a massive number. 5.4\*10\^39 to be exact. Slightly less since the final word is a checksum. It's like trying to find a specific water molecule from the ocean.

HEERO1sg

Heres what ChatGPT says about your questions: A **12-word seed phrase** (also known as a **mnemonic phrase** or **recovery phrase**) is used in cryptocurrency wallets to derive private keys. It is generated using the **BIP-39 standard**, which consists of a predefined list of **2048 words**. # Mathematical Explanation of the Difficulty of Guessing a 12-Word Seed Phrase Each word in the 12-word seed phrase is selected from a fixed **BIP-39 wordlist** containing **2048 words**. 1. **Total Possible Combinations** Since each of the 12 words can be any of the 2048 words, the total number of possible seed phrases is: 2048\^12, calculating 2048\^12 = 2\^11x12 = 2\^132 **this means there are 2\^132 different possible seed phrases**. 2. **Comparison to Brute-Force Probability**Even if a supercomputer could check **1 trillion (10\^{12}) seed phrases per second**, the time required to check all possibilities would be: 2\^132 / 10\^12 x 60 x 60 x 24 x 365 = 10\^22 years, which is **billions of times longer than the age of the universe (\~10\^10 years)** * The total number of **possible Bitcoin private keys** is **2\^256**. * A **128-bit security level** (as in a 12-word seed) is considered **practically unbreakable** even with the fastest computers. 3. **Entropy and Security Level** * A **12-word seed phrase has 128 bits of entropy** (randomness), which means it provides security comparable to a **128-bit encryption key**. * This level of security makes it resistant to any brute-force attack, even with future quantum computing advancements. # Conclusion The sheer number of possible 12-word seed phrases (**2\^132 or \~5.4×10\^39** combinations) makes it **mathematically infeasible** to randomly guess a correct one, even with extreme computing power. This ensures the security of cryptocurrency wallets that rely on BIP-39 seed phrases.

Full_Possibility7983

First, never trust your memory, which also works poorly after you've been hit by a bus. Memorizing your hardware wallet PIN is ok, a private key or even worse a brain wallet is a no-no. Please do not listen to anyone suggesting DIY was of generating seeds, concealing your words, splitting them 12/12, etc. these are in the best case useless mambowambo, in the worst, more realist, case a good recipe for disaster. Stick to the standards: BIP 39 seed (12 or 24 words) generated with GOOD entropy (either a secure element or throwing dice yourself, without shortcuts), add a passphrase if you want, but remember that's a critical piece of information that you must protect, keep safe and separate from the seed. You should store those two pieces of information on steal, possibly create multiple copies geographically distributed (friends, families, your properties in different jurisdictions). Instruct your family, heirs, lawyer where these things are located, remember the bus chasing you. Consider multi-sig, use standard patterns like 2-of-3 or 3-of-5, don't get too creative. You can have multiple copies of the seeds and multiple instances of each hardware wallet used for signing. Same as before, distribute geographically, leave instructions for your heirs. The items below are promising/interesting but I would not recommend quite yet because they are either not battle-tested or not standard enough at present time: \- software like Liana, which uses smart contracts for enforcing "complex" rules, like a dead-man switch \- seed in SLIP-39 format, where you can assign Shamir-Share-Secret shares with different quorums (quora?) to different groups of people (partner, familiy, friends, etc.) As for initial posting, I'd be nervous leaving a seed in a safety box in a bank without a passphrase, in principle they can access it (even legally).

AstroRoverToday

Before you go down the self-custody route (i.e., as opposed to storing your bitcoin on an exchange), please make sure you fully understand how to safeguard your seedphrase and recover your wallet. I was a total newbie a year ago and was helped tremendously by Shayne, over at BetterHumanz https://betterhumanz.org/ref/bitcoinsecuritybasics/ He has some great video courses covering all the basics to get you educated before taking that leap. There are a ton of things to learn! It’s OK to get started on exchanges, but ultimately you want to withdraw it into your own wallet that you fully control, so be sure to understand how to correctly set that up and keep it safe. Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Hardware Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a hardware wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!

ecmdome

There is software that will reveal the private key of each address. The way BIP32 works is pretty incredible. You could technically give out private keys of those addresses, and they wouldn't be able to figure out the root private key. Here's a neat tool you can use to understand how it works a bit more https://www.bip32.net/ Please do not use these keys for any real money.

riscten

If you need more than one wallet, you can use BIP85. This is useful to keep separate "accounts" like you would do at the bank. Each wallet contains a near-infinity of addresses, and you should never re-use addresses or send funds to the same address as it makes it much easier for anyone to track your funds and figure out how much money you own and spend.

Mantis-Prawn

Kitchen, Duck, Paper and Clip are all on the BIP39 wordlist. Am I onto something here ?? 

bilstream

Your right, a standard 24 word BIP-39 seed phrase is more secure. But honestly, it doesn’t really matter. We are light years away from even could break ECDSA, so even a 12 word seed are future proof. And lets be real, if computers ever get powerful enough to break crypto, its a apocalypse for fiat and everything else too

AstroRoverToday

Before you go down the self-custody route (i.e., as opposed to storing your bitcoin on an exchange), please make sure you fully understand how to safeguard your seedphrase and recover your wallet. I was a total newbie a year ago and was helped tremendously by Shayne, over at BetterHumanz https://betterhumanz.org/ref/bitcoinsecuritybasics/ He has some great video courses covering all the basics to get you educated before taking that leap. There are a ton of things to learn! It’s OK to get started on exchanges, but ultimately you want to withdraw it into your own wallet that you fully control, so be sure to understand how to correctly set that up and keep it safe. Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Hardware Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a hardware wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!

AstroRoverToday

Before you go down the self-custody route (i.e., as opposed to storing your bitcoin on an exchange), please make sure you fully understand how to safeguard your seedphrase and recover your wallet. I was a total newbie a year ago and was helped tremendously by Shayne, over at BetterHumanz https://betterhumanz.org/ref/bitcoinsecuritybasics/ He has some great video courses covering all the basics to get you educated before taking that leap. There are a ton of things to learn! It’s OK to get started on exchanges, but ultimately you want to withdraw it into your own wallet that you fully control, so be sure to understand how to correctly set that up and keep it safe. Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Hardware Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a hardware wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!

Mantis-Prawn

Yes, directly over the Bitcoin blockchain. Most common wallets all use BIP39 standardization. So even the private key is interchangeable.

BigDeezerrr

There is no sound digital money except Bitcoin, another massive use case. Censorship resistant is not the samr thing as privacy. Can you reverse a transaction or freeze my wallet? If no then it's censorship resistant. Again, the only way they can confiscate Bitcoin is if you let them. Nobody can just siphon your Bitcoin without your private key. Anyone can submit a BIP. The only thing thay matters is what the majority of nodes run. Blockstream is doing a terrible job because it functions perfectly well as peer to peer money today.

FuelZestyclose3541

https://btcrecover.readthedocs.io/en/latest/BIP39_descrambling_seedlists/ > This feature can be used to unscramble seed phrases where the words of the passphrase are available, but the ordering is unknown. (This is currently only really practical with a 12 word seed phrase, though is also usable for a 24 word seed where the position of 12 of the words is known)

Grand-Button5819

You are technically correct. You could even concatenate several BIP-39 seedphrases together to make the password, but let's be real. Most people use a password or a passphrase that's nowhere near the entropy of a seed. 😉