Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
BIP39 in 2013 to simplify process of creating recovery seeds for your wallet and restoring it. BIP39 comes from *Bitcoin Improvement Proposal no. 39*.
Are the words you wrote down actually on the BIP39 word list? Did you write down a phonetically similar word, perhaps?? Other than that, see what derivation path your original wallet used when you first used the wallet... and make sure that path is constant between your old & new wallet.
The words are arbitrary. It’s the bits that they map to as defined in the BIP-39 list of 2048 words
Also, to bypass any BIP-39 detection program (which presumes malicious email admins or hackers), you could use a "shift cipher" in opposite directions. For example, the letters in your seed words could be shifted 7 letters ahead, and the random noise words between them could be shifted 7 letters behind. Then both the word list sequence *and* the letter order of the words are obfuscated.
That's why you use only those BIP 39 words and just make every 5 words the actual word you need or whatever memorization you do. If you wrote down a number like 5-22-1-18-3-3-10-18-7-20-7-4 and that was the amount of words needed to skip for each "real" word then that would be incredibly difficult to ever solve.
This isn't that great of an idea as you think. Remember, the BIP 39 seed words come from a specific list of 2048 words. So someone could write a program (in fact, someone almost certainly already has) that searches for those specific words. If they get access to your email, they can run that program to search for those words specifically, and ignore all the rest. If their program hits up 12/24 of those BIP 39 words in any email, it'll almost certainly flag it as a potential seed.
2 questions to u/Proton_Team 1: Will you guys integrate Silent Payments? Also BIP 353 DNS Payment instructions, they are simpler and better solution while keeping the functionality intact, makes Proton addresses compatible with other wallets who also support BIP 353. 2: Lightning or any other L2? I suggest either finding a way to make use of something like the Breez SDK non-interactive (you run the infra but only users can sign transactions and outgoing HTLCs), becoming an LSP seems like a good business model these day, OR, integrating Ark (once available), which is compatible with Lightning, I would love to have my proton mail be my Lightning Address.
> What can someone do to mitigate this risk? Multisig where you keep your mnemonic seeds apart and if keeping the hardware wallets together in your house use a different PIN on each hardware wallet > No worries for me because the 25th word In the same way that a password (let's say your Last pass/1passwoed database) can be brute forced, your 25th word Passphrase can also be brute forced. The difficulty to attack is based on entropy, ie: you could use 6-12 BIP39 randomly chosen words drawing them out of a hat
No, sadly. A surprisingly large number of people in this sub are very right wing, which I don't understand. Bitcoin gives power to the people. Democracy gives power to the people. Authoritarianism takes power away from the people, yet a surprisingly large number of people in crypto are pro-authoritarian. Then again, a surprisingly large number of people in crypto would rather trust a company like Ledger (even after Ledger lied to them) instead of trusting themselves (Seriously folks. Secure your coins using open source hardware wallets). Maybe it's just human nature. Most people are followers, so it makes sense that so many weak minded babydudes seek a strongman type figure to show them the way. We see it all the time in this sub, and we see the same results again and again. Do Kwon became everybody's hero here. Then he fell and they moved on to CZ. CZ became everybody's hero here. Then he fell and they moved on to Elon Musk. Elon became a wackjob, then the followers moved on to the next... Sheesh. Stop looking for the next loudmouth strongman to show you the way. You're not a fucking sheep. **You are the one you're waiting for, and so many good people in this space are trying so hard to give you as much information as you could ever need... for free.** Stop following idiot after idiot, and stop letting unscrupulous companies put your coins at risk. Stop following. Start learning. Knowledge is power. For each thing you learn about Bitcoin, especially in terms of how to secure Bitcoin... question it. Keep learning so you can prove what you learned is true. Then use what you learned as a stepping stone to learn the next thing. Learn what BIP39 seed words are (They represent numbers. Learn why). Learn what a passphrase is (it's not a password!). Learn how to make a strong one (Best practice: 5 words or more. More is better. All lowercase, with a space between each word). Learn why open source matters. Learn about multisig, and whether or not it's the best fit for your security needs. It's not hard. And I'm not saying it's always the best choice. Learn about BIP85 and how it enables you to have deterministic backups in case you lose a seed phrase. Learn learn learn. And for the love of Satoshi, good fucking grief, stop following grifters and stop enabling scammers.
Oh hell yeah man. Do this: Buy a Yahboom K210 module. It's an off the shelf device people use for DIY robotics and playing with AI using custom code... but you are going to wipe it out and [install Krux](https://selfcustody.github.io/krux/getting-started/) on it (actually, you'll just install Krux, and Krux will wipe it out during the install). Easy peasy. Krux is free and open source. They've won grants from OpenSats, so they're the real deal. Next - use Krux to generate a 24 seed phrase - but don't use it as a wallet! Instead, use it as a parent seed phrase. Using Krux, make an encrypted seed QR for your parent seed. Then, using BIP85 in Krux, you'll generate child seed phrases. These child seed phrases will be what you use for your wallet. Maybe use 3 for a 2-of-3 multisig. Or maybe use a 24 word child seed phrase as your wallet's seed & use a 12 word child seed phrase as a passphrase (yes, I use the 12 words from a seed phrase as a passphrase). This gives you a parent seed phrase that serves as a deterministic backup master key for every seed you'll ever need for as many wallets as you may ever need for the rest of your friggin' life. BIP85 is a standard, so you can generate your child seeds again in the future using any hardware wallet that does BIP85 (Krux, ColdCard, SeedSigner, etc). Here's a guide I wrote for using BIP85: https://np.reddit.com/r/Bitcoin/comments/1bawk6a/tutorial_using_bip85_to_back_up_your_seeds/
Probably your 2 txn are under different BIP type. Happened to me too. I finally worked it out in Sparrow. Created 3 new wallets > types legacy, nested segwit and Native segwit. Then for each one go file> import wallet > browse to Samourai backup > import file. Each wallet showed the correspondent utxo. From this point on they can be transferred to any wallet. I’m sure you’ll be able to recover your hidden utxo.
Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!
I coincidentally just posted about this a few minutes ago but have you looked into child seeds under BIP-85? I have yet to see the disadvantages of this (but happy to be proven wrong)
Interesting review here: https://coinbureau.com/review/cypherock-review/ Personally, I'd avoid it for now - it doesn't support the standard BIP39 seed phrase, and there are some worrying observations about the recovery process in the event the device is lost or broken, or the company goes bust, e.g.: > I am also hesitant about using any wallet that ***requires future reliance on the same wallet***. If my wallet breaks or I lose it, I don’t want to be stuck up the river without a paddle. That is why I also appreciate that Cypherock ***will be releasing*** *an open-source mobile app that can be used for recovery*. As long as you have two cards, the mobile app will allow you to conveniently and securely recover your assets. Personally I think I'll stick with Trezor, or some other BIP39-compatible hardware wallet - it's got more than enough security for my needs, and I know I can recover fully if the wallet is lost/damaged or the manufacturer goes bust.
Put the seed phrase into Ian Coleman’s BIP39 tool and it will give you all the addresses for many coins. Put each coin’s address into a blockchain explorer website to see if it contains any.
Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!
The OP is not talking about seeds made from BIP-39 wordlist. It's possible to turn any string of text into a seed, though it's not recommended at all because people do stuff like pick song lyrics etc.
I would argue that a seed phrase + passphrase consists of two different secrets, not one secret (e.g. a seed phrase) chopped into pieces. The use of a passphrase is a fine way to avoid having a single point of failure. It is also officially supported (by BIP39) which means that it has been scrutinized by many experts, in contrast to any scheme that you might invent yourself (e.g. "Include 2 random words along with their place in the seed phrase"). Never attempt to "roll your own cryptography". You have zero chance of inventing a viable system, you will end up with something that nobody else has ever heard of, that suffers from vulnerabilities which you don't even understand, and which greatly increases the risk of you or your heirs getting locked out of your wallet.
If the seed is a 24 word BIP39 list, losing a third of it, if my calculations are not wrong, involves only 30 million permutations. Definitely recoverable under those circumstances.
With security phrase you mean the passphrase? I think you have to brute force it if your brother really used one. Years back we called the passphrase “25th word” and people really used a word, so I think a good try is start with the BIP39 list and if no success all words in the English dictionary.
I have confirmed from the same input hardware wallets I was able to recreate the exact same BIP48 multisig wallet quorum in Electrum, SparrowWallet and Specter. (SparrowWallet is the best !)
How many numbers are there? Are they divided into groups of numbers or is it one long chain of numbers? You could check the numbers against the words on the BIP39 word list. Each word on that list has a corresponding number.
Yes, the bitcoin protocol have gone through many changes in its history and also recently. I believe the latest change was the Taproot update. You change it by proposing a BIP (Bitcoin Improvement Proposal) and anyone can do this. I can see about 110 BIP's that have been implemented since 2011. Yes, there are developers working on improving the bitcoin protocol, most notably the Bitcoin Core devs who has been around since inception, you can read more on bitcoin.org. Any soft fork to the protocol still requires 95% support of the last 2,016 miners (about 14 days of mining) so basically the community need to be united behind the change.
>String these up on some fishing line using the first three letters of each word on your BIP39 seed phase first **four** letters
Try to restore your words using electrum. They actually created the original implementation of seed words which is technically better as it has features like "birthdays" and "versioning". BIP39 is a simplified interpretation that became documented as standard but has no versioning for being able to adopt improvements in a way that does not break compatibility (thereby just making it Non-upgradable). If that doesn't work, try BlueWallet, it supports a seed word standard that is used by LND (Bitcoin lightning). It is annoying that we didn't settle on a standard seed word format, but we all just jumped on the worst version of the standard and now we all rely on it. Even Bitcoin Core doesn't support BIP39. Most of us just don't create wallets on Bitcoin Core, so we don't notice.
There is a draft BIP for creating a new address type that is quantum resistant that does not require a hard fork: [https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki](https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki)
Learn about master seed phrases, BIP85 Index child seed phrases, Addresses and Private Keys. Bitcoin is stored on the blockchain, not in wallets. Wallets are more like keys, allowing you to access the bitcoin on the blockchain. If you have the keys, you can access bitcoin, yours or anyone else’s. With an exchange wallet, you don’t have the keys, so you’re at risk of someone else doing something to “your” bitcoin. Once you have learned about seed phrases, addresses and private keys, then you can move your bitcoin (“withdraw” it) to an address you control (via your seed phrase). You don’t need a wallet for this. If/when you want to move your bitcoin to another address, you’ll need to know your private key (again, derived from the seed phrase). Learn all this and then decide. Wallets just make it easier to more conveniently access your private keys, but you don’t actually need a wallet to have 100% control of your bitcoin. Just move it to an address you control with your seed phrase, and don’t do it until you fully understand it and the self-custody accountability!
afaik BIP32 defines it. HD wallets implemented but different wallets used different implementations or changed which path they used in updates, after the keys were generated. Usually a successful but 0 balance restore is because the restore process of that wallet assumes the path the current version of the wallet uses. Trying other variations on a restore usually works. Other reasons may be, the wallet is in fact empty or there's a subwallet which again usually has a specific derivation path to reveal and then needs a passcode to access.
I see it as a hybrid approach. If your private key is compromised, then private keys of the indexed BIP85 keys are also compromised. However the trade off with BIP85 is you only need to safeguard a single private key. If I were to use BIP85 for multi-sig I would use n * indexed keys, all with passphrases, and make a note of the derived indexes. If the master key is then compromised, you’re still protected by the passphrases applied to the derived keys. Importantly an attacker would still need to correctly combine x of n derived keys plus passphrases in order to confirm a positive wallet balance. Of course the parent/master private key would also be passphrase protected and I’d only ever use it with an air-gapped HWW to derive the child keys. Personally, I’m a fan of BIP85.
I think you havent got a clue on how a BIP works, if you even know wat a BIP is.
Open source, non custodial, compatible with BIP39, can connect to your own node (if you run one), compatible with many hardware wallets also.
Can I ask you for some help? I have my seed words and my passphrase, but on Electrum it just says that it can't find the account. I've tried following every step on this thread (BIP39 and adding passphrase) Is the bitcoin lost? If not, what should I do?
Use Coleman's BIP39 Tool or brute force it manually. It's only [2048 words](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt) after all.
thanks - i already asked AI and it told me this: Use an online tool or calculator that can help you determine the missing word (like Ian Coleman's BIP39 Tool or Bitcoin Seed Tool). got it but the thing is not exactly easy to use - i was hoping there might be a video tutorial or something on how it works.
BIP32 and BIP39 were the greatest technology additions to bitcoin imo. As in functionality provided. I dips me lid t'yer m'sieur wuille.
you should read something about Hierarchical Deterministic wallets and BIP standards before losing your funds or doing something useless anyway, if you want to keep using the seed you engraved, you can go 3 different ways: - add a BIP39 Passphrase to your seed if you add a salt to your seed, it will generate different addresses - derivate BIP85 seedphrases from your original seedphrase BIP85 standard will allow you to generate new seedphrases from your original one - keep using your seedphrase without passphrase and generate the following address in derivation path you can check this useful tool to understand better how it does work: https://iancoleman.io/bip39/ of course, DON'T WRITE YOUR REAL SEEDPHRASE use this online tool only to learn how derivation and seed work. you could also use this tool with your real seedphrase, but i'll advice to download the .html on a offline airgapped computer you'll wipe after use.
I think [Fully Noded](https://apps.apple.com/us/app/fully-noded/id1436425586) deserves a spot on your list :) Connect to your own node over Tor, use BIP39 and passphrase, works with all HWW if you want to keep it cold.
@OP, Not sure if anyone mentioned it yet, but please please become aware of your threat model and what a good (offline) backup system is for you. Usually people say etched or stamped metal you buy and punch, or stamp yourself. Some options are very inexpensive and seem as good as purchased products. Purchased products leave your customer info on their website, which indicates you probably have crypto. Also consider a decoy wallet and usage of one or several passphrases. Look into what BIP 39 and 85 are.
Agreed. You can do this yourself. For each word, make a list of which BIP39 words it might be. There probably aren't many realistic possibilities. Also I think these bitcoin aren't worth much. It's not worth getting external help.
You don't need a handwriting analyst or anything similar.. The 24 words come from a standard list (Google "BIP39 Word List"). Use that list to verify your guesses. Each word is unique in the first 4 letters. >couldn't that lock out permanently after a certain amount of tries? No. The thing that will lock you out of the Ledger device is entering the PIN wrong 3 times. Passphrases are eternal. He would have had Ledger Live on his computer or phone. Launch it and make a note of the various assets. (and their values. You'll need them in the next step if you don't have the Ledger Device's PIN. This isn't a huge problem. Good Luck!
Don't answer any DMs. You can guess as many times as you like. Use the BIP39 list to match the faded words.
As much as I agree with the "fuck normies" position, there is definitely something to be said for making Bitcoin more user friendly. I think that may be more the domain of Bitcoin companies though, rather than the protocol. I mean Strike for example has invested a lot into making their Android app very user friendly. If Bitcoin companies come up with something that everyone loves, it might become a BIP.
I don't take the seed when I go on vacation, but just Ledger device. My seed is on 2 different locations on strel plates. Then I have BIP39 passphrase, stored in Bitwarden. If 1 place melts down, I still have my seed. If someone steals 1 seed, I'm still safe woth passphrase. If someone hacks my Bitwarden, he don't have seed. In some extraordinary event of losing both seeds and Bitwarden access, I have still my Ledger device to send fund on new wallet.
Bitcoin Core never adopted BIP39. It utilizes private keys as it has since the beginning.
If you prefer a distributed system, perhaps we should develop a BIP that builds into the mining process the requirement to hash the database of UTXOs that is created after each block. If this isn't done honestly the block gets rejected. If it is done honestly you have a validated has of the db at each block, and people can choose to go back only as far as they want. If you want to validate from the genesis block, go for it. If you prefer to start from a month ago, or say, Block 849549, then you can do that. > The point of bitcoin is trustlessness. This would still be trustless, but even if it wasn't there are lots of examples where users already assume more or less risk at their discretion. The point is that users should have the \*option\* of complete trustlessness, and can't hurt others with their own decisions. The point is \*not\* to force people to do things a certain way when they are only putting themselves at risk. Free and open source software and protocols give people enough rope to bury themselves. Good systems need only to protect them from burying others
Someone who discovered a seed would then have to 1) know it's part of a multisig 2) know or guess that all parts of the multisig are using BIP-85 derived seeds from that wallet and THEN get the right 3 keys out of 10,000. So it's very unlikely...but I personally still would get separate devices and unrelated keys.
Hodl till dedollarization completes. ONLY USE MULTISIG!! Don’t keep your private keys in others hands Iike coinbase kraken etc. Use electrum and bitcoin core, they are the best! Get familiar with different ways to broadcast transactions and learn about the different BIP (bitcoin improvement protocols) and if you’re a real Bitcoin enthusiast you should run a full node. Keep your btw in cold storage and be mindful of hiding what you have. Many people will try to scam you just for posting in this thread too so ignore everyone and use protective measures be careful copy pasting and if your really tech savvy use Linux and learn system hardening. If you love it add to it help the community and stay on what’s going on with the blockchain. Best luck!
What I got from their scenarios is: #1 - Generate a seed, use that seed to generate a "primary" set of deterministic private key/address pair (using, say, BIP84), and transfer most of your savings there, then reuse the same seed with BIP85 to generate more child seeds, and then derive multiple wallets from there, each with their own set of private keys. Do whatever with the child wallets. #2 - Basically same as #1, but you don't generate a deterministic wallet from the master seed, only from the child seeds, and use the wallet at a specific index for your primary savings, the rest are for other uses. If that's what you're saying, then really there is no better solution. Neither is particularly safer or technically superior. For sake of organization, I personally feel like #2 is neater. It's like having all your clothes in drawers, rather than having some in drawers and the rest on top of the dresser. But that's completely subjective.
Here's a couple of scenarios on how BIP85 may be used: [https://gist.github.com/aido/07be6c7e68f1ce2091fba8f3eebd9932](https://gist.github.com/aido/07be6c7e68f1ce2091fba8f3eebd9932)
You need to choose the option “standard wallet” and next “I already have a seed”. It is possible the seed is not Electrum generated, so next you change the options to BIP-39 or SLIP-39.
Are you talking about choosing the BIP-39 seed words? That would be a bad idea.
Choosing words from the BIP-39 wordlist would be okay (not ideal but fine) as long as you make it 5 or 6 words at least. I would not recommend using lyrics from a poem or song or anything like that.
As long as your BIP39 mnemonic seed is generated with good random entropy, it doesn't matter so much if your optional Passphrase(s) has low entropy
Everything you describe here was established long ago with BIP32. The question was about BIP85 that takes BIP32 & BIP39 & adds some additional functionality like child seeds.
I have helped several family members set up their own wallets using BIP-85. They all store their own seed words, but in the event they lose it, I have a secure copy.
You can use BIP85 for a password manager, or to create all your hot wallets. Or you can use it to generate a Nostrpub. It's a method to have sets of spending keys, that are unrelated to your master seed, but backed up by your master seed. You can have infinite wallets under your seed using the different derivation paths, or passphrases, but you could never load one of them as a hot wallet, because it would expose the keys to all the derived wallets. With BIP85 you can have a multiple hot-wallets. Like your phone wallet, your desktop wallet, your lightning wallet. A wallet for your kids to use. None of these BIP85 wallets have spending control over wallets derived from the master key.
its multiple addresses in one wallet... generated in a deterministic way so the same addresses are always generated. The advantage is a new address for every transaction which increases privacy and also safety of funds if one of the addresses gets compromised...although the most likely attack vector is losing or revealing the seed phrase through malware, keyloggers, social engineering etc... in which case all the addresses will be exposed. addresses were always meant to be disposable and used once... and the BIP85 makes that easier to manage...
Don't trust companies. Trust open source code. When I finally got my coins off Coinbase, I started with a Ledger hardware wallet, but if I was starting today, I'd get a Krux or SeedSigner instead. Ledger is [dirty](https://np.reddit.com/r/CryptoCurrency/comments/13v80ri/the_questions_ledger_owes_us_answers_to/) and [cannot be trusted](https://np.reddit.com/r/BitcoinBeginners/comments/1btw3tv/ledgers_wallet/kxotjya/). Krux and SeedSigner, on the other hand, are free and open source, which means you don't have to trust them. Also, pro tip: a secure element chip may sound like something you want a hardware wallet to have, but it isn't. Ledger proved keys can be extracted from a secure element chip (they wrote the code to do it and put that code on all Ledger hardware whether the user wants it or not). Also, secure element chips require the manufacturer to sign nondisclosure agreements, which mean some of the code cannot be open source. Code that isn't open can't be verified, which means it can't be trusted. In my opinion, the best hardware wallet at any price for Bitcoin is [Krux](https://selfcustody.github.io/krux/getting-started/): Free and open source. Airgapped (no wifi, no bluetooth, no connection to the internet) Stateless (your seed isn't saved on the device, which means if the device gets lost or stolen, no worries since nothing is on it) Seed QR, with encryption (scan the QR & decryption key to load your seed. Even if somebody finds your seed QR, they can't scan it without the decryption key). Passphrase QR (using a strong passphrase is easy. Scan it to load it) BIP85 (use a parent seed to load child seeds. "One Seed to rule them all, One Key to find them, One Path to bring them all, And in cryptography bind them.") I could go on and on. Krux is an awesome Bitcoin only hardware wallet. Pair it up with BlueWallet or Nunchuk for mobile and Sparrow or Electrum for desktop (though Electrum is kind of clunky for signing transactions with QRs, but it works once you figure it out).
BIP85 is a protocol that allows you to generate a new 12 word seed. So you can have master seed and generate 100 sub-seeds. It works very similar to the passphrase, in that you pick an ID. E.g. 0 or 23059449 and then that's a new set of seed words. Cold card and Passport both have it as a standard feature. You can even use the ColdCard's BIP85 as password manager via keyboard emulation. In Passport it's "key manager" and you can label them like "Wasabi hot wallet" and so on. It also uses seed QR so it's really easy to set up a new hot wallet on your phone via QR code.
> I would do W0 as decoy and W3 using a passphrase, with multiple accounts to do savings + nonkyc. I would make W2 from BIP85 path 0 (a 12 word seed generated from your main 2 words). I would load the path 0 seed on to a jade / trezor and use that as the non-hot wallet spending. This would mean you would have 1 set of seed words and 1 passphrase to track instead of 1s + 4 passphrases, with most of the same wallets + security. I guess i don't fully understand what you mean by bip85 path 0
When we're just talking about the secp256k1 ECDSA (or since Taproot, also secp256k1 Schnorr) algorithm, there are roughyly 2^256 private keys, and just as many public keys. There is a one-to-one correspondence between them: every private key has exactly one public key, every public key has exactly private key. The exact number of valid keys is 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336. Now, in Bitcoin private/public key pairs are generally not computed independently, but through a deterministic derivation scheme, so that it's possible for a single backup to cover multiple keys, including future ones. There are many standards governing this process, including BIP32, BIP39, BIP44, and more, and they use terms like seeds, phrases, mnemonics, master keys, extended keys, ...; I just want to mention this, because while these things matter in practice, I'm ignoring them for the purposes of this answer. We're just talking about independently generated key pairs. One more note: the term "collision" is a term of art in cryptography, in the context of hash functions. It refers to someone's ability to find two *distinct* inputs that hash to the same output. If you were to treat the operation of going from private key to public key in this light, collisions are not possible. So I'm going to assume your question is this: if you start randomly generating key pairs (private key with corresponding public key), and keep doing that until you have two key pairs whose public key is identical. What are the odds that the private key is identical too? The answer is 100%. Due to the birthday paradox, you'll only need around 2^128 attempts before this happens (not 2^255 as you might think). However, it will be for a *new* public key: both pairs are keys generated by you, they will not match - with exceedingly large probability - any existing Bitcoin keys with funds on them. If you want to generate key pairs until you hit one whose public key matches a key which actually already holds funds, you'll need closer to 2^255 attempts. In either case, even with all computing power available currently available to mankind, even 2^128 steps will take longer than the age of the universe. I do need to point out that if your actual goal is breaking existing Bitcoin keys that hold funds, this is *not* the way you would do it. Better algorithms than brute force exist to find the private key for a given public key, which only take around 2^128 steps.
The goal in your setup would be to reduce the number of parts you have to secure. At the moment you have lots of "2 of 2" schemes. Which require you to have 2 parts to recover funds. 2 of 2 is more vulnerable to loss than a single factor. At present you have 5 factors to secure separately. The high value passphrases would need to be duplicated for redundancy so you need >5 locations. **W3C** and **W3D** can be a single wallet with separate "accounts" inside it. Different derivation path, that cuts down on 1 extra passphrase. ColdCard and Passport manage that internally. **W1** is redundant. You already have a decoy. I would do **W0** as decoy and **W3** using a passphrase, with multiple accounts to do savings + nonkyc. I would make **W2** from BIP85 path 0 (a 12 word seed generated from your main 2 words). I would load the path 0 seed on to a jade / trezor and use that as the non-hot wallet spending. This would mean you would have 1 set of seed words and 1 passphrase to track instead of 1s + 4 passphrases, with most of the same wallets + security.
Here is a smart way of storing the 24-word seed phrase: Take 4 pieces of paper / metal and split the seed phrase into 3 pieces: The words 1-8, 9-16 and 17-24. Write down the splits to 3 of the 4 pieces of paper / metal. The 4th piece will become your recovery piece. It is an XOR of the binary values of the BIP39 word list standard. Translate the XOR binary values back into words using the BIP39 word list. Write down these words on the 4th piece of paper / metal. Optionally, use a passphrase and/or create the hexadecimal values if using metal to reduce the amount of metal stamps required for each plate. Now, distribute those pieces to safe places and take them to wherever you wanna go - one by one. If you loose one, no worries: You have the recovery piece. Never ask anyone for help - especially no one called Trevor.
> Source: I wrote BIP32, the HD wallet spec. That's a hell of a flex haha. Thank you sir!
BIP85 https://old.reddit.com/r/Bitcoin/comments/1dho90h/what_is_thr_best_way_to_put_bitcoin_away_for_my/l8yf2lf/?context=3
[BIP85](https://coldcard.com/docs/bip85/) if you want to be able to recover in event your nephew [loses access to the hardware wallet/mnemonic](https://old.reddit.com/r/ledgerwallet/comments/1dgrjp5/help_ledger_nano_s_erased_after_years_in_storage/)
The duress PINs alone make it worth it. Get the CokdCard Q and keep your airgap via QR or SD card or by NFC. Add in BIP-85 and also SeedXOR and the ColdCard is simply in a different league.
Did you try deriving the wallet with BIP39?
You still have to put the same seed in 3 different devices which still doesn’t eliminate the manufacturer risk. If you want to maintain just one seed, I would recommend using BIP-85 to generate child seeds.
I thought about book cipher before. There are a couple of problems: 1) If you keep a copy of the book on your computer or cloud. If someone gets access to your computer or cloud, they could hack into your Bitcoin. 2) If you decided to use a physical book and got destroyed in a house fire, you have to replace it with the same version, which may not be available. Also, carrying the book around may not be convenient. My solution is this: [https://x.com/BIP39Plus/status/1791881171170705563](https://x.com/BIP39Plus/status/1791881171170705563)
I've had the same in the past and did the following: (1) Buy Hardware Wallet and create a new wallet based on seed phrase (2) On an offline laptop decrypt your BIP38 private key (3) Install Electrum on offline laptop (4) Sign the transaction with Electrum on offline laptop (5) Import the signed transaction to Electrum on your online laptop (6) Broadcast the transaction (7) Voila your funds are now on your new address on your hardware wallet!! Now keep HODLing and have peace of mind! :)
Cool. Yeah I'm not even going to try to figure out how long it would take to crack, since computational power is changing all the time (especially with quantum coming soon), so my approach was more to focus on the math of the entropy itself and make sure mine is at least as much as BIP-39's since that is a standard that the community already accepts. Hopefully I've done that correctly.
Memorizing a mnemonic isn't all that difficult, particularly since you can kind of cheat and only really memory the first syllable or two of each word. BIP 39 is designed such that each word is uniquely identifable with only the first 4 characters, so it's possible to forget how a word ends, but still remember enough of it to be correct. I think the problem that you're going to run into with this scheme is that the complexity introduces enough things that are similar enough that people would get them mixed up. Remembering the wrong thing, or any bit of doubt about what was memorized, has the potential to lose money. To start with, colors depend on each person's individual perception. If you color stuff, and have shades of the same color with different names, it's likely they will get mixed up, or people will just name them with a more general name. That would be a reduction of entropy, and possibly a misremembering of the actual color. There's also the problem of people who are colorblind. With objects, I think you're just going to run into being in categories of objects that people might get mixed up. For example, someone might remember one phrase had a kind of ball, but not specifically basketball or football. Flags also have a uniqueness problem. There are many flags to look very similar to each other and are easy to get mixed up. Not to mention that with flags, you're kind of asking people to memorize all of the flags in the world as a prerequisite, which I think is unrealistic. Lastly, for profressions being represented in icons, just looking at your example, plumber, carpenter, and mechanic are all represented very similarly. Without the annotation of what they're supposed to be, I don't think I could've told you which was which. I don't think you'd actually be able to get enough distinctly recognizable icons where everyone could agree on their meanings.
True. But OP didn't specify 24 words, so we should count all of them, if we want to be exact. BIP 39 allows for phrases of 12, 15, 18, 21, and 24 words, corresponding to entropy of length 128, 160, 192, 224, and 256 bits, respectively. Smaller phrases are treated as completely different from all longer phrases, so they do count. So the actual number of possible phrases is 2^(128) + 2^(160) + 2^(192) + 2^(224) + 2^(256). Admittedly, that's not much larger than 2^(256), though.
I chose the numbers per category so that multiplying each category results in enough permutations to match BIP-39. And whether the values are chosen at random is independent from how many items are in a list. Both ingredients are required: - many permutations - randomly selected
I am certainly not in the "against" camp: I am all for having options. People with good visual memory might appreciate having this option, if it ever ends up in an official BIP. That last part is critical, since no one should rely on a single implementation of your proposed scheme, however good it becomes. I agree that mnemonic wallets can be misused as well, so this was not meant as a strong argument against your visual mnemonic. More as a warning that it may look relatively safe to simplify the memorization burden thinking that the entropy is preserved. A better example of a misuse would be to pick only items, colors, countries and professions that start with the letter "C". But again, this misuse potential is also there with the mnemonic wallets.
I am certainly not in the "against" camp: I am all for having options. People with good visual memory might appreciate having this option, if it ever ends up in an official BIP. That last part is critical, since no one should rely on a single implementation of your proposed scheme, however good it becomes. I agree that mnemonic wallets can be misused as well, so this was not meant as a strong argument against your visual mnemonic. More as a warning that it may look relatively safe to simplify the memorization burden thinking that the entropy is preserved. A better example of a misuse would be to pick only items, colors, countries and professions that start with the letter "C". But again, this misuse potential is also there with the mnemonic wallets.
I looked it up and I think you take log2(1500) to determine each word now represents ~10.55 bits. Total bits of entropy for a 24 word phrase would then be 24 x 10.55 = 253.22. The checksum per BIP39 is always a fraction of the total bits. So 253.22/32 = 7.91 bits of checksum consideration which is rounded down. So final bits of security is 253.22 - 7 ~ 246.22 bits of security. Would love if someone can confirm or tell me this is all wrong.
Read up on BIP39 and how it works! There's lots of resources at your fingertips
I see now. How of curiosity, how would you calculate the bits of security if you only had access to part of the BIP39 word bank? Say you were choosing 24 words out of a bank of 1500 instead of 2048?
Ah okay, glad to know you've gotten that far at least. I think you'll be in good shape. - Same screen where you type in your secret words with that weird keyboard, top of the screen across from 'Seed Type' you'll want to select '**BIP39'** from the dropdown (defaults to 'Electrum'). - Enter your secret words - Scroll down (no way to see that you can actually scroll down, but you can). Check the box '**Extend seed with custom words**'. - Scroll down a bit further, now you'll see an input field where you can type/paste in your Samourai **passphrase** (using your regular android keyboard). Hope that helps! Not the most intuitive process
Depends on how simple... BIP32 - instead of having a list of shits that is hard to maintain, you've got just one shit to derive all other shits from, makes maintaining your shits easier BIP44 - considering BIP32, which defines derivation of the shits in infinite number of ways, this BIP44 defines a certain structure to the derivation of shits so that you can find your shit in the endless pile of possible shits
Send them to a address you generated, then delete any record of the private key / BIP39 seed .
Just to add BIP-56 is the protocol used that converts private keys to word lists. You can absolutely use a private key to gain access to an address, but BIP makes the whole part of accidentally having a punctuation error causing you to lose your coins.
Your brother's bitcoin may be accessible, but given the appreciation in value over the last decade, be VERY skeptical about offers of help and DO NOT send the laptop away. The bitcoin your brother had may be in either of three places: 1. On the exchange where he bought it .. his emails or bank account records may give some hints there; if the exchange is operating still and you or your solicitor have probate then you can approach the exchange for the release of the bitcoin; 2. On the laptop in a bitcoin wallet .. pre-2014 was very early days for wallets and other people's advice here for proceeding with caution are well placed. If it's a mac or windows machine and still boots, consider starting by taking a backup of the machine, and then working from the files on the backup. If he was running bitcoin core, then there will be a wallet.dat file that may contain the bitcoin keys. Equally with the other major bitcoin wallet software at the time - electrum - that also had wallet files. Similarly, the wallet file can be password protected, and if you don't have the password, then it still may be accessible by brute-forcing that .. there are reputable specialists that will assist with that and they generally ask a % of funds recovered. 3. The seed phrase .. there was an improvement called BIP39 that introduced a new way of storing bitcoin private keys as mnemonics - a set of 12 words from a special word-list - that could be devolved into a bitcoin private key. Written references (diaries, notebooks etc) or possibly files on his laptop, may hold these. It is unlikely this is the method because BIP39 was only codefied in 2013, but searching and checking for these is worthwhile. Do not send any wallet file to rando's on the internet; I hope some of that helps.
This was before the BIP that introduced seed phrases IIRC. So what he lost was the actual private keys. Not that it matters, it’s still just as lost.
Step one is to propose a BIP that allows the deletion of Bitcoin. Good luck with that.
Ah. Well in that case, search the files for anything named "wallet.dat" or containing the word "wallet". You can also look up the wordlists for BIP39 and Electrum (IIRC they are different) and scan files for sequences of those words. Doing it on Linux would probably be easier than using Winblows. For example find . -type f -print | grep -i wallet will find every filename that has the word wallet, while find . -type f -exec grep -a <word> {} \; will search files for that word in plaintext. You would want to pick some of the more unusual words from the wordlists, since common words are going to be in a lot of files.
So long as you're okay with KYC. Use Swan, not Coinbase. For that much Bitcoin I would suggest setting up a 2 of 2 multisig with 2 different brand hardware wallets. BIP39 passphrase(s) on top of your seed phrases is good too if you plan on storing both your seed phrases in the same relative location.
Yep, that's exactly what I did. I followed the 'Export to Electrum' section on this page: [https://docs.samourai.io/wallet/restore-recovery](https://docs.samourai.io/wallet/restore-recovery) It was pretty straightforward, but make sure you do the part in setup where you select BIP39 and then scroll down to 'extend seed with custom words', which is where you paste in your Samourai passphrase.
In fact, it has never implemented BIP39.
>Not only is this shown as not true from above, it's also not true because there's more people wanting to use Bitcoin than there ever was in the past except we're stiffling ourselves from having the best of both worlds by limiting the transaction capacity. Not only you do not get it, you really can't think straight. Go ahead and create a BIP to save miners. Good luck.
A seed phrase is like a master key for your bitcoin wallet. With the seed phrase, the wallet can create as many new public/private keypairs as you will ever require. It relates to several improvements that happened after bitcoin was launched, with the aim of improving privacy and ease of use. BIP32 introduced a technique to create seemingly random key-pairs, but deterministically when provided with a starting point, the seed. But it was all still numbers, until... BIP39, which built on that by creating a standardised number-to-word map. Humans are good at words, computers are good at numbers. This adds a lot of surety when humans get involved with backing up and restoring the master key.
I believe Armory did it first in late 2011. BIP 32's final construction ultimately had some roots in Armory (e.g. that's where the name "chaincode" comes from).
Bitcoin Core hadn't implemented BIP39in 2012/2013. You only had a wallet.dat file
The Seed for your wallet is used to create private keys. The BIP39 12 or 24 word phrase is a method of making it easier to reenter the Seed if necessary. Another common alternative representation for the Seed is a QR code. The QR code, BIP39 phrase, or original string of the Seed will reestablish the private keys.
BIP39 seeds are typically either 12 or 24 words
While it's true a HWW only needs the first four letters I don't think that's a good idea because.... Recording only the first 4 letters of the words in a BIP39 recovery phrase may be risky even if it’s done on metal. This is especially true if storage media uses sliding tiles and/or screws or is made of or contains a soft metal like copper or aluminum. Jameson Lopp did extensive testing where he found many materials and methods suffered data loss from fire and/or corrosion and/or crushing. https://blog.lopp.net/a-treatise-on-bitcoin-seed-backup-device-design/ Stamping jig https://www.cryptocloaks.com/product/blockmitjig/ In all, there are 710 words or 34% of the BIP39 standard that become ambiguous if the first letter is lost and only the first 4 were recorded. Consider that recording only the first four of a 5 letter word loses 20%, a 6 letter 33%, 7 letters 43% and an 8 letter word loses fully ½ its meaning when truncated to 4. What If the calamity that the seedphrase backup is supposed to protect against also smudges,singes or destroys the first letter? Some examples: mushroom & push both become ush drastic, erase, trash & grass become ras Not much can be done about the 3 letter words such as fan, man & van that are reduced to "an"
Strictly speaking, what's "correct" from BIP39 perspective is to NOT convert the words into numbers. The whole point of the seed phrase is to convert numbers into words, converting them back into numbers is undoing the first step