BIP

Charming-Designer944

There is even a standard how to generate infinite amount if new bip-39 seed phrases from a single seed. See BIP 85.

ImpossiblePeak1722

I'm against BIP-444. No one gives a shit for compressed 1990's looking thumbnail illegal image. Going down the road of restricting OP_Return is against BTC purpose.

Charming-Designer944

Not at all. A) it does not affect the bitcoin protocol at all B) it is a strong method of storing your HD wallet seed offline C) It is completely open with multiple independent implementations available D) Just like BIP-39 it layers ontop of BIP-32. It is only a different method of building the BIP-32 wallet master seed. The cryptographic hashing in SLIP-39 deriving the wallet seed from the entropy + passphrase is as sound as that of BIP-39, just slightly different. The mnemonic encoding in SLIP-39 is stronger than what is used in BIP-39, with less risk of mistaken words. And leaves no room for interpretation with a single word list and a bidirectional mapping of entropy<=>mnemonic. Malformed SLIP-39 mnemonics are by definition invalid, unlike BIP-39 where the seed mnemonic of the wallet may technically be any free text string not constrained to the word list or format. The drawbacks compared to BIP-39 A) Somewhat longer seed mnemonic phrase B) Some wallets do not let the user easily select the use of more than 128 bits entropy. (20 words mnemonic). This said 128 bits of.entropy is plenty, and SLIP-39 does support up to 256 bits.

jkl2035

Around 6 Million Bitcoin are vulnerable (estimation Hunter Beast mentioned in a talk on BIP360)

jkl2035

Think the problem is that a hard fork will take like 3y (estimation by Hunter Beast who is driving the discussion with BIP360 in the BTC community), looking at the current developments on the quantum roadmaps of the Major Players I‘m afraid that we‘ll wake with a big announcement by Ionq, Alphabet, IBM or whatever telling us they will have 2k logical qbits in a year away. In that case BTC will Crash heavily, that’s why I would appreciate of we would take this topic more serious

brtastic

BIP-360 is good, answers all organizational questions but leaves open field for any technical solution.

grndslm

Create a truly RANDOM seed with high entropy (research this, like rolling a die 128 times) & open source software.  Write the seed down ONLY on paper / steel.  NEVER digitally!! Make a small test transaction.  Wipe the device (assuming this is a hardware wallet) & put your seed in.  If you see your test transaction, then YOU'RE GOOD.  Next steps are to use a BIP-38 passphrase (not a PIN) to generate a NEW wallet, based off that seed.  Store your funds in that NEW wallet, and then stamp/engrave your seed into 2 or 3 stainless steel plates, stored in various locations.  Let your family know where the seed plate(s) are... but come up with a dead man's switch that gives them a treasure map to where the passphrase & other personal passwords might be.

t34mpl4y3r

Oh okay thanks again. I went with this setup since I would be running my own node and trying to keep everything under my own control and the tutorial I followed seemed to be perfect for this. I just started to think if something bad happened to my computer and I had to use the backup of my bitcoin core wallet to get my funds back I wanted to make sure it would work. Or if my sparrow wallet would be the only way to recover (which it does sound like now) Thanks for the help again! Makes me feel better knowing that as long as I have the seed phrase for sparrow wallet then I will be able to recover it within any BIP39 wallet system

TheGreatMuffin

I only skimmed through the video but I think I understand the scenario. In this case, your wallet is only backed up in Sparrow. Bitcoin Core is **not** your wallet, it only serves as a tool to interact with the Bitcoin blockchain. You don't need to back anything up in Bitcoin Core. You can recover your backup with other wallets than Sparrow (any wallet that supports the BIP39 standard), but not with Bitcoin Core itself (because it uses a different standard).

jkl2035

I also think it’s not a major risk, but assume we should take this a little Bit more serious than most of the folks do today - I‘m watching the discussion on BIP360 and they are Talking about a 3y duration to implement it. Don’t think we are close to a quantum threat in a 3-5y period from now but we have to start now

DRAGULA85

Thank you for a discussion, this is what we're all here for, all good. House fires happen more often than wrench attacks. On average, 350,000 homes are on fire per year, a house fire is more of a liability than a wrench attach in my opinion. Of course depending on temperature, titanium metal is a better option. Seed memorisation. i don't trust my brain to remember 24 words, this would give me anxiety on a daily basis. This is without any black swan events like a concussion or amnesia or something. With respect, paper and my brain are a liability. How hard is it to hide a little chunk of metal? Check out this smaller solution with 'Microseed' where everything in one titanium washer. (Let's say you have flee and get through an airport) Can be easily magnetised to the underside of your watch, put on a necklace or magnetised to your belt buckle. Here: [https://postimg.cc/jwvKHDhP](https://postimg.cc/jwvKHDhP) If I have to flee a country in a hurry, yes, maybe put in onto paper in that short temporary scenario, soon as I'm safe, i'm putting it onto metal for peace of mind. Thank you for your input, gonna take a look at BIP39

DRAGULA85

“People like me” There is a difference between refusing to learn and not knowing something that exists. Calm down friend. We’re not in a war. Microseed is a smaller way to put it on one singular washer. Still way better than your paper suggestion. The fact you advise paper only makes me think your advice is not credible And no. I don’t have a safe. I think it’s better to stash it somewhere rather than make the safe a prime target. Can add a decoy stack in there to thwart off the attack I will google what BIP39 in the meantime, thanks. But can still be amicable.

Full_Possibility7983

Splitting seed is not a good idea. Do not DIY your security, use standards. Use passphrase, multi-sig, SLIP-39, BIP-85, plenty of options with different trade offs. Just do not split your seed. Also consider a standard scenario requires to protect you from 3 events: \- accidental loss -> fool-proof \- theft -> secure \- inheritance -> accessible Ah, and do not rely on your memory, ever.

SherbetFluffy1867

Some downsides of seed splitting: 1. Reduced entropy / weakened security Splitting a full‐mnemonic into parts generally means each part contains fewer words. That reduces the brute‐force resistance dramatically. For example, Andreas Antonopoulos states splitting a 24‐word seed into parts can reduce security from ~256-bit to ~80-bit equivalent. Also, if the split part includes the checksum word it further weakens the scheme. 2. Loss of standard interoperability The mnemonic format (e.g., BIP-39) expects the full phrase. Splitting it manually is non-standard and may not be recoverable by standard wallets without reconstruction. Antonopoulos warns against DIY splitting schemes. 3. Increased operational complexity and risk of loss • If you split into N parts and require K parts to recover, you have multiple physical locations or storage units. More items to track means more points of failure. • If you lose enough pieces (below threshold K) you lose access permanently. Some split schemes reduce resilience. • For day-to-day spending or emergency recovery you may need to gather multiple pieces from separate locations—makes quick recovery harder. 4. False sense of increased security Users may believe splitting gives stronger protection, but without a proper cryptographic scheme like SLIP‑39 (Shamir’s Secret Sharing for wallets) the splitting is insecure and fragile. Antonopoulos says: “If you’re doing splitting you should use a standard such as SLIP-39.” 5. Estate planning/inheritance risk For heirs or future recovery: multiple pieces mean multiple responsible locations or persons. More complexity means more chance something goes wrong (lost key-holder, disaster at location, etc.). 6. Single point of failure remains / new points introduced Splitting often results in a scheme where you rely on “both secrets” (or multiple parts) which introduces new single points of failure (if any part is lost) and doesn’t eliminate the attack surface properly.

pop-1988

The discrepancy is obvious. A crypto wallet is self-contained, like a physical wallet full of cash banknotes. You're solely responsible for securing it. There's no crypto help desk to recover or change your seed phrase for you It's also obvious that online banking as described is horrendously insecure. It used to be that bad. Now there's a lot of 2FA, and in the phone apps, there's a hidden layer of asymmetrical cryptography used for authentication Of course, there are also phishing techniques which compromise 2FA, so make sure your banking password isn't the same as your gmail password, or don't use email 2FA. Also, "SIM swapping" can be used to compromise SMS 2FA, so don't use that either Don't split your seed phrase If you want to split your security, append a BIP39 passphrase to your seed phrase For example: https://trezor.io/guides/backups-recovery/advanced-wallets/what-is-a-passphrase

pop-1988

> someone will find a way around it Other data insertion methods have been known for years The proposal addresses OP_RETURN txoutputs and the use of OP_IF in txinputs (as used in the Ordinals "protocol") Ordinals uses OP_IF followed by multiple 520-byte pushes. The OP_IF follows OP_FALSE, so that in the consensus context the data push ops are never executed by a node. But the data is stored immutably. This is a kindness to the node operators - not straining the node's memory by loading it with arbitrary data https://docs.ordinals.com/inscriptions.html But there are other methods which have been used for years For example, there's a Simpsons JPEG in transaction 94e319d09fc236fb9d7a24e60af8f47ed41ca3cc01e9950c925d806153ed8aa3 The Simpsons JPEG in 2017 uses a repeating sequence of OP_PUSH, 520 bytes, OP_DROP. Unlike Ordinals, these opcodes are executed in the node, although they only occupy 520 bytes of memory at a time (thanks to the OP_DROP) The OP_DROP method and several other methods are discussed in this 2018 paper https://ledgerjournal.org/ojs/ledger/article/view/101 Bitcoin script has a rich set of opcodes https://en.bitcoin.it/wiki/Script The BIP444 proposal can't hope to predict all possible uses of Script for arbitrary data insertion, so it chooses a couple of known methods, ignores other known methods, and isn't aware of unknown methods which will be chosen to bypass its filters

pop-1988

Great. Let's all be clueless and irrational Everybody kneejerking about "legal threats" are only fueling support for this half-baked proposal. There are no threats. There's a claim that a blameless node operator could be exposed to criminal charges The supposed "legal issue" is that the node network is a volunteer operation. Every node operator is independent, and every node contains a copy (or part-copy for a pruned node) of the Bitcoin blockchain. In the early days of Bitcoin, there were discussions about whether every node operator is guilty of possessing and distributing unlawful content if one or more Bitcoin transactions embeds such content. In those old discussion threads, the consensus opinion was that the node operator is not liable The proposal can't work. It's not going to be implemented. Publicly shouting lame misconceptions about the proposal's justifications is pointless Logic If a Bitcoin node operator might be liable for unlawful material on his copy of the blockchain, and if it's necessary to change Bitcoin to eliminate this risk, then the change must completely prevent the storage of unlawful material The BIP444 proposal does not prevent the storage of unlawful material. It's a "we gotta be seen to be doing something" proposal which tweaks a couple of Bitcoin script opcodes and parameters. The tweaks only invalidate one current method of storing arbitrary data in a txinput scriptSig, and impose a consensus limit on the OP_RETURN txoutput The obvious indication that the proposal is a failure is that it's proposed to have a 12-month expiry - supposedly to give us enough time to work out a proper solution. We've seen arbitrary data on the Bitcoin blockchain for many years. The proper solution isn't a couple of hopeful parameter tweaks. If it's to be solved at all, it requires an overhaul of the fundamental structure of the Bitcoin block, and to abandon immutability

pop-1988

The ability to store arbitrary data on the blockchain was not enabled by Taproot The ability to store arbitrary data on the blockchain has existed since the beginning, and still exists on all Bitcoin-like blockchains - BCH, BSV, LTC, DOGE For reasons explained in a bitcointalk thread, Satoshi implemented payment transactions as executable scripts. A payment script requires data push operators to store the pubkey or pubkey hash in the locking script, and to store the signature and pubkey on the unlocking script. A data push operator can not be constrained against storing arbitrary data The BIP444 proposal doesn't remove the ability to store arbitrary data on the Bitcoin blockchain. It only tweaks a couple of parameters. These tweaks are ineffective. They don't make it more difficult to post arbitrary data. They only change the methods Please remove the personal insults from your post. Debate the issue. Attacking the people only demonstrates that you're unwilling to understand and discuss

pop-1988

No The pre-Taproot limits to txinput scriptSig sizes meant that data greater than 100kb had to be spread over multiple transactions Taproot removed that restriction, on the basis that data used is anyway constrained by the per-byte fee cost. Fee cost is the reason that the Ordinals scam eventually died out, and the traded NFT trash and "BRC-20" shittoken pump-n-dumps moved off-chain, anchored only by a reference hash in an OP_RETURN This new "BIP444" proposal includes reducing the limit of a single data push to 256 bytes. But the current limit is 520, and the storage method used by Ordinals (for example) simply does dozens or hundreds of 520-byte data pushes. Reducing 520 to 256 is completely ineffective BIP444 is half-baked

pop-1988

> The debate is over conflicting ideas for how to ensure they don't bog down the network This is true But there is a new outlier proposal which seems to have a PR campaign giving it more exposure than it deserves, moving the emphasis to "but what about the children?". Search for "Bitcoin BIP444". All the usual crypto blog/news sites are running it as a major drama Technically, the difference is that the new proposal is a soft fork with a 12-months sunset, as "let's try this and see what happens". Ignoring the drama, it's likely to be impossible to revert a soft fork after 12 months without a hard fork, even if the sunset time is hard-coded as a specific future block number The previous debate was about relay policy rules - blocking unconfirmed transactions as they traverse the node network in mempools. This "BIP444" is proposing temporary changes to consensus rules

jecoycoy

We gotta talk about BIP-444. Though this hasn't been submitted properly yet. While I don't like spam on Bitcoin, I agree with Core developers' argument on being against censorship, and avoiding a precedent on government control via legal bounds. https://atlas21.com/bip-444-the-temporary-soft-fork-dividing-developers-and-the-community/

crunchyeyeball

> The Cold-Wallet creates a seed-phrase which is my ultimate way to get to my bitcoins even when losing or changing devices, correct? Yup. > But what about a pass phrase... So a pass phrase is basically an optional feature to generate a "hidden" wallet alongside the main wallet generated by your 12/20/24 word seed phrase. The idea is that if someone got hold of your seed phrase through theft or coercion, they would only see your main or "default" wallet. By entering an additional pass phrase, you can access a second (or third, or fourth) wallet. You might e.g. keep a decoy balance in your main wallet, with the rest in a hidden wallet. If someone has a gun to your head demanding your seed phrase, you could hand it over without them being aware of the hidden wallet(s). It's also sometimes called the "13th word", since the standard 12-word BIP39 seed would generate one wallet, but adding this extra word (or phrase) would generate a completely different one. If you use this feature, just be sure not to lose/forget your pass phrase.

na3than

Not just the first four letters. Yes, the first four letters are unique but the words in the BIP39 word list were chosen for easy recognition. Trimming them to four letters cancels that advantage. Stamped "BUIL" looks very similar to stamped "BULL", stamped "PRES" looks very similar to stamped "FRES", stamped "BECO" looks very similar to stamped "RECO", stamped "PION" looks very similar to stamped "PICN", and so on. If, in ten years, your seed is invalid because a T looks like an I or an R looks like a P or an O looks like a C SOMEWHERE in your 24 word mnemonic, how long will it take you to figure out which of the 24 word fragments has a glitch?

jkl2035

Ok I will take Sathoshis wallets then… would be horrible if we reach that State without migrating. Hope BIP360 discussion get more in focus and will get implemented in some time

Many-Blueberry968

As noted by others, it's as secure as the device it's stored on (computer, HDD, USB thumb drive, etc), including where that device is physically kept, how many copies there are on other devices, and if password(s) are used. The wallet.dat can utilize a password. And the file can also be put into a secured format like a password-protected .ZIP for extra layer of protection. Nothing wrong with a wallet.dat, but there may be benefits in moving to a BIP39 (eg: 24 word) format that can be stored in a more physical manner without worry about electronic storage failing due to age or an obscure event like electromagnetic damage. Also allows for use of shamir secret sharing to better protect against various risks of loss/theft/hacking.

Scionic94

What in the midwit-ass-kinda take is this? BIP360 for the quantum FUD. Network can pivot/fork as needed. Old FUD, next. Gold is the bet against human progress. Inherently incentivizes violence because it is material and can be confiscated by force.

jkl2035

There will be a Solution on this threat, See for example BIP360, will be a Challenge but we will solve this

SpendHefty6066

This whole thing has a certain smell. But I digress. Ok... How was it "gifted"? Were you given a private key? Back in 2011 there were no seed phrases. BIP 39 was published in 2013. Is it still sitting on your computer in the wallet.dat file? Which means someone set up Bitcoin Core for you back in the day? Were you handed an account on Mt. Gox? Or some other now defunct exchange, other than maybe Kraken (opened in July 2011)? Your lack of knowledge or interest most likely results in your Bitcoin being lost forever, or you just made this whole thing up.

OkAtmosphere381

Bro if you don’t already know that the old wallets that didn’t migrate to bip 32 will be at risk in the coming years, then I urge you to get off Reddit and go do some research. Hell do a simple search and you’ll find out that with large enough scale even the current BIP32 wallets won’t be safe and everyone will have to upgrade and migrate to something better. This is just common knowledge you should already know. As far as when satoshis gets hacked…. Bitcoin could form then.

jkl2035

Looking at the recent development in quantum computing (see Ionq roadmap) I think we have to prepare. Possible Solution with BIP360 is available, lets see how this works out

protagonist85

You mix BIP38 and BIP39. BIP38 is used by many paper wallets generators (now also out of favor). Basically you encode your private key with a password. BIP39 is a standard way of encoding entropy (random bit data) into a word list usually used to encode a seed. Here you convert words into a seed. Basically, if you have 12 words, then it mostly likely not BIP38, but BIP39.

jkl2035

第一点的困难在于集中式系统可以更容易地迁移到量子安全硬件和软件。我认为在短期/中期范围内，这次讨论将对 BTC 社区产生巨大影响。我们将能够解决这个问题 - 例如参见 Hunter Beast 的 BIP360，但结果将产生巨大影响（硬分叉）

LevelSatisfaction262

The problem with this puzzle is that even with the discovered words moon, tower, food, breathe, this, subject, real, and black, finding the solution remains impossible. If these are indeed 12 BIP39 words, there are 12! permutations—that’s almost half a billion combinations. Running a brute-force search would consume energy worth tens of bitcoins. There must be a definitive system for ordering the words; otherwise it’s simply mathematically unsolvable. The runic inscriptions hint at something (“sum of two numbers,” “rainy day number X”), but there are no concrete details.

eurocohete

Good question. What most people miss is that Bitcoin Core doesn’t own the protocol — it just maintains one of many implementations of it. The rules that matter (supply cap, block size, difficulty adjustment, validation logic) are enforced by the nodes, not by GitHub maintainers. A clear historical example: during the 2017 block size debate, the Core maintainers didn’t “authorize” SegWit activation — it was activated through BIP141 and BIP148 by node operators enforcing the new rules themselves. Miners and users coordinated outside of GitHub, and consensus emerged on-chain. That’s the key difference: Bitcoin Core can suggest, but the network decides. Consensus lives with the nodes, not with the maintai

longonbtc

If 1 bitcoin was worth $10m, then 1 sat would be worth 10 cents. A satoshi, or sat for short, can already be divided into one thousand smaller units on the Lightning Network. These smaller units are called millisatoshis, or millisats & msats for short. So 1000 msats = 1 sat. By the way, millisatoshi (msat) is actually the native unit on the Lightning Network. If a bitcoin is ever so valuable that it would be highly beneficial to have a smaller unit than a sat on the base layer, then a BIP (Bitcoin improvement proposal) could be proposed that would add additional decimal places. Thus, enabling sats to be divided into smaller units on the base layer. With smaller units being so beneficial in this situation and without there being any downsides to adding additional decimal places, the users running full nodes would most likely come to consensus on adding additional decimal places if this were to ever happen.

Sazmining

This headline pops up every few years, but it’s not as bad as it sounds. Quantum computers *theoretically* could break current cryptographic signatures, but that’s still a long way off from being practical. The Bitcoin developer community has already been preparing for this. **BIP-360** (Quantum Safe Bitcoin Signatures) lays out a framework for migrating Bitcoin’s signature system to one that can resist quantum attacks. Even if quantum computers ever reached that point, Bitcoin could soft-fork to adopt quantum-resistant cryptography well before it became a real issue. That’s the strength of an open-source network — it can adapt and evolve. So, no, Bitcoin isn’t doomed by quantum computing. It’s already building its defense!

pwuille

Huh, I wasn't aware BIP39 itself supported that! Thanks.

Holiday-Aioli-430

bitcoin actually rolled back due to exploits for a very short period of time in the early years where people could give themselves millions of BTC but i dont think it was ever attempted before the BIP was rolled out

pwuille

I believe the BIP42 case is indeed what you were talking about, and Grok is talking about something unrelated. /u/TheGreatMuffin: it wasn't me who fixed the bug, but the (indeed, one-off) "ditto-b" (see https://github.com/bitcoin/bitcoin/pull/3842). All I did was write up a funny BIP about it, as it happened to be around April 1st.

Bitcoinbakamo

Pieter Wuille said he just wrote the BIP for it. Funny read, btw. But the credit for the solution goes to a few others, including one anonymous 'ditto-b'.

Abject_Earth_7570

Exactly, spread it out across different LLMs under different accounts and do one at a time. Combine this with the list of BIP39 words. It is your best bet, love it or hate it, AI is your friend in this scenario (if this said scenario is actually real ofc)

Acrobatic-Ad-2777

There is a defined list of BIP39 words. Use the list of words https://www.blockplate.com/pages/bip-39-wordlist to back into the riddle answers. Likely will be easier than trying to guess each riddle

lexicon_riot

There have been plenty of soft forks in Bitcoin's history already. BIP 16 and 34 in 2012, BIP 66 and 65 in 2015, SegWit (141, 143, 147) in 2017, and the most recent was Taproot (340,341,342) in 2021. One of the more prominent BIPs related to quantum resistance is 360 if you want to research that.

TheGreatMuffin

> The story goes someone made a new github account, fixed that one bug, and dipped. Do you mean BIP42? If so, it was Pieter Wuille who fixed that, who is far away from being a "one bug fixer account" :D The way the BIP42 is written is not less fun though (formulated as an April's Fools joke, see also the date, but actually fixing a hugely important bug). https://github.com/bitcoin/bips/blob/master/bip-0042.mediawiki

CharacterSpecific81

Don’t 3D print your seed, period. Slicers and clouds leak: OctoPrint, Prusa Connect, Creality Cloud; even API backends like DreamFactory can log job names/G-code. G-code, timelapse cams, printer flash, and backups all expose words. Use metal stamping or engrave a steel plate, add a BIP39 passphrase or Shamir split, and keep everything offline/air-gapped. If you already printed it, assume compromise and rotate. Don’t 3D print your seed, period.

Aussiehash

BIP39 seeds have a weak checksum last word, you just guessed enough times to come up with a valid checksum word (there are multiple options for words that will pass the check)

taciom

ALL wallets already exist, when you generate a new seed phrase, the wallet software is just taking a random grain of sand from the beach and saying "take care of this one, it's yours now". Except, since it's all digital, the grain of sand is still on the beach, you just have a copy of it. What you did by trying different combinations of 12 words was just mimicking what wallet software does when they "create" a new seed phrase. Now to the math. The 12 words thing is from [BIP39](https://bips.dev/39/). Each word is one of 2048 possibilities. So you have 2048 to the 12th power possible wallets. And that's around 10\^40. And this is the lowest setting, you can use more, up to 24 words.

riscten

If you feel comfortable auditing flipBIT then sure, but I wouldn't trust it blindly as it seems like it was largely written by a single person (although it does have a decent amount of Github stars). Honestly I'd just prepare a USB stick with the latest Ubuntu and Sparrow or iancoleman's BIP39 tool, and run it as a live session ("Try Ubuntu without installing") with radios/networking disabled/removed.

Aussiehash

I've never heard of flipBIP so I would advise you avoid it You seem to not understand the 24 words are you BIP39 mnemonic seed. This is completely different to a Passphrase. Mycelium has been abandoned a long time ago. Don't use it If you plan to store you Bitcoin for a long time, and believe that it will appreciate several orders of magnitude, then I would advise that you consider generating the mnemonic seed on a ln airgapped hardware wallet or airgapped signer (,like Seedsigner) and that your mnemonic seed NEVER exists in digital form outside of your hardware wallet/signer, including not using a tails ISO laptop.

longonbtc

Satoshis, or sats for short, can already be divided into one thousand smaller units on the Lightning Network. These smaller units are called millisatoshis, or millisats & msats for short. So 1000 msats = 1 sat. By the way, millisatoshi (msat) is actually the native unit on the Lightning Network. If a bitcoin is ever so valuable that it would be highly beneficial to have a smaller unit than a satoshi on the base layer, then a BIP (Bitcoin improvement proposal) could be proposed that would add additional decimal places. Thus, enabling satoshis to be divided into smaller units on the base layer. With smaller units being so beneficial in this situation and without there being any downsides to adding additional decimal places, the users running full nodes would most likely come to consensus on adding additional decimal places this were to ever happen.

fllthdcrb

Hope you manage to recover. Sounds like it's totally doable but a bit of a pain. But let's all take the opportunity to learn from this: Don't use weird solutions, especially if they depend on someone's service that could disappear someday. Instead, use standard solutions like a BIP 39 mnemonic. (Electrum is also okay, but the thing about it is that other wallets generally don't deal with its mnemonics. Fortunately, Electrum is open-source, and it's actually not that hard to implement its derivation process; it's just not really done outside Electrum.)

Odd-Worth-9021

I think you should convert your seed phrase to numbers, e.g. the index in the BIP39 list. Then create a mapping function (with whatever logic makes sense to you, you can make up anything), that converts those numbers to a different set of numbers, and convert back when needed. Then come up with another algorithm that determines the order of numbers, e..g, don't write the numbers down in the same order as the seed phrase. I think that could work, well enough that I could post a list of numbers here and highly doubt anyone would be able to determine the seed phrase.

Darklightofsoul

Just to be clear so the OP is aware, you use BIP39 to create an offline wallet without any hardware. You essentially sign the transaction offline & then use a wallet to broadcast the transaction. By doing this, when tokenised assets come in on the blockchain (they're currently in progress & in 30 years every asset will be tokenised) you're ensuring that no software, no company or anyone other than yourself is in control of your BTC. Non tokenised BTC in the future is going to be worth huge $$$$$$. The issue is ensuring whoever gets it knows how to access it without destroying all your work protecting it. Your BTC will live on the blockchain & isn't accessible without the keys by anyone. It's literally the safest way to hold your BTC long term. Obviously as long as you protect the seed.. Most people dont keep the full seed in one place & have it backed up & engraved, stored in fireproof material & buried. For me, my son & I have our own language we understand & he has coordinates that no one else can translate. In saying this, I struggled to understand this process. I only got into crypto a few years ago & am not a massive tech savvy person. I had to study alot to ensure I did this process correctly. For some, it's simple. For me, I am future proofing my assets from a CBDC world so learning was a must for me...

xpresstuning

You stamp the following on a metal plate: - your seed-phrase and your passphrase - your Derivation Path - your Master Fingerprint (XFP) Trust me, you'll need them. And you write down or backup your public key (zpub or xpub) - this will allow you to import your wallet as a Watch-Only wallet in anything; a Watch-Only wallet is your wallet, but it can only receive Bitcoin (it can generate receiving addresses) and you can monitor transactions with it. If the plan is a long-term haul, then you don't need anything else. If the BIP39 standard every becomes obsolete and a new standard appears, then you transfer your funds to that new standard. Use a hardware "wallet" once to generate your wallet offline, and write what I said above.

user_name_checks_out

> From what I’ve read, Electrum has compatibility issues with the BIP-39 standard, When creating wallets, Electrum uses its own standard which is different from BIP39. When loading wallets, Electrum is capable of loading both Electrum-format wallets and BIP39 wallets. > which can cause different versions of the software (Electrum Wallet) to generate distinct wallets from the same seed phrase. I do not believe that that is true. > Electrum also has issues with extra spaces in the passphrase. I am not sure about that either. A passphrase can be any string of characters, including spaces. You could have words (or gibberish) separated by one (or more) spaces. Some hardware and software wallets have restricted support for passphrases, for example they might only allow ASCII characters. I am not aware of Electrum handling spaces incorrectly.

Palmeriano_SQN

From what I’ve read, Electrum has compatibility issues with the BIP-39 standard, which can cause different versions of the software (Electrum Wallet) to generate distinct wallets from the same seed phrase. Electrum also has issues with extra spaces in the passphrase. However, I rule out this possibility, as I was able to open the same wallet from my SeedSigner in Electrum at least once. Regarding the derivation path, I explored very little at the time because I wasn’t aware of their existence (I’m still a beginner, but a bit less so now). I probably used the default path.

Optionbulls

I plan on using my Cold Card but I need to get some backup steels, and start fresh with the BIP39 Dice Rolls. I generated a seed before using the BIP39 setting. I just setup my own BTC Node that operate fully on Tor with Join Market Built into it with full support for Electrum and Sparrow. I plan to host my hot wallet on Whonix with Electrum and plan on using sparrow with the Cold Card. I currently just use electrum with Google Auth 2FA and SMS 2FA over the clear-net.

STRATEGY510

No. Look up seed phrases and BIP-39. Don’t go any further until you learn some basics. Probably some good links in the group description?

Far-Lingonberry-5030

the odds are about **1 in 2¹²⁸** for a standard 12-word BIP39 mnemonic

theflyingtuga

BlueWallet is pretty straightforward. Part 1: Set Up Your BlueWallet and Get the Receive Address If you haven't created a Bitcoin wallet in BlueWallet yet: Open the BlueWallet app and tap the + icon in the top-right corner (or the "Add now" button) to go to the "Add wallet" screen. Select Bitcoin as the wallet type. (Optional) Name your wallet or leave the default. If advanced mode is enabled (in settings), choose a wallet type—SegWit HD (BIP84 Bech32 - Native) is recommended for lower fees and better privacy. Tap Create to generate the wallet. Back up your 12-word seed phrase securely (write it down offline and never share it). To get your receive address: Tap on your new Bitcoin wallet in the app. Select Receive. Your BTC receive address (starting with "bc1..." for SegWit) will display. Tap it to copy to your clipboard, or use the Share button to send it via messaging. You can also tap Receive with amount to generate a QR code or invoice with a specific amount. Note: BlueWallet supports the Bitcoin network (on-chain BTC). Always use a fresh address for privacy, but the same one is fine for this transfer. Transactions may take 10–60 minutes to confirm, depending on network fees. Part 2: Withdraw BTC from Bitget Log in to your Bitget account on the website (bitget.com) or app. For the website: Click your profile icon in the top-right and select Withdraw. Search for and select BTC from the cryptocurrency list. Paste your BlueWallet receive address into the "Address" field. (Use the QR scanner if on mobile.) Ensure the network is set to Bitcoin (BTC) or BTC (Native SegWit) to match BlueWallet—mismatches can lead to lost funds. Enter the amount of BTC to withdraw. The interface will show the withdrawal fee (typically 0.0005 BTC or similar, deducted automatically) and the net amount arriving in your wallet. Minimum withdrawal is usually around 0.0005 BTC—check the exact limit in the interface. Double-check everything: address, amount, network, and fees. Click Withdraw. Complete security verification: Enter your email/SMS code and Google Authenticator 2FA code. Part 3: Confirm and Monitor the Transfer After submission, go to Assets > Deposit/Withdrawal in Bitget to track the status (e.g., Processing > Completed). In BlueWallet, refresh your wallet or check the Transactions tab—the incoming BTC will appear once confirmed on the blockchain (usually 1–3 confirmations needed). Use a blockchain explorer like Blockchair.com (search your address) for real-time tracking. Important Notes and Warnings Fees: Bitget charges a fixed withdrawal fee for BTC (displayed during the process; around 0.0005 BTC as of recent data). Network fees are included. BlueWallet doesn't charge for receiving. Limits: Daily/monthly withdrawal limits depend on your verification level (e.g., up to 100 BTC/day for advanced users). Time: Transfers are usually fast but can delay due to Bitcoin network congestion. Security: Never share your seed phrase. Test with a small amount (e.g., 0.001 BTC) first if you're new. Withdrawals are irreversible—triple-check the address! Support: If issues arise, contact Bitget support via their app/site or BlueWallet's help docs. This process should complete your transfer securely. If you encounter errors, verify your setup or reach out to the platforms' support.

SherbetFluffy1867

The thread was about the Jade. Jades are Bitcoin only. Not sure where Ledger came into the conversation. If you are working with a Bitcoin only device, using the term "crypto" is obnoxious. Whatever. You can use any hardware signing device to generate unlimited numbers of private keys. Those private keys are derived from generated mnuemonic seed phrases. Whether you use dice or coins or online computer programs or hardware signing devices, same same. You can generate your words via dice and then enter them into a Ledger. You can generate them via coin flips and then enter them into a Trezor. You can use a web tool and then enter them into Sparrow wallet. It's all the same. Some wallets, like Jade and Cold Card, have the ability to sign transactions air-gapped. They use either QR codes or PSBT's transferred back and forth via SD card. The Jade Plus can do both. When it comes to "temporary signing" or "stateless signer" you are talking about using a hardware signing device in such a way that the private key does not stay on the device at all times. Each hardware wallet deals with private key safety in a different way. Most use a secure element chip, like credit cards do. The keys stay on the secure element at all times and you gain access to function via a PIN or password etc. Jades are unique in that they don't have a secure element. Blockstream has what is called a Blind Oracle that functions as a way to protect your private keys without a secure element but that requires authenticating back to Blockstream when you unlock your Jade (assuming you are not using it as a temporary signer). Blind Oracle requires physical connection via USB cable or Bluetooth. This by definition makes the Jade in those modes not air-gapped. To use the Jade, or any other air-gap capable signing device, as a temporary signer means to literally wipe the device after every use. Nothing more secure than a device that doesn't even hold any private keys. Each time you want to use the device, you must restore your private keys to it. You can manually restore via your seed words or you can speed the process along by scanning a QR code of your seed words. Either way, once restored you can use the device to sign transactions. When you shut the device off, it wipes itself. Rinse and repeat. When I recommended you go watch tutorials I was referring to Jade specific tutorials. I feel like you would have a better understanding of how the Jade works specifically since that was the scope of the original post. On the reference to the last word be generated by the Jade. The last word of any seed mnuemonic is always a checksum. Most people don't realize that you can't just smash together BIP39 words at random to produce a valid seed. There is more structure involved in the creation of the seed and the final word is always a checksum. That is not specific to the Jade.

Bidofthis

BitBloom: AI-Compressed Media Wrappers for Bitcoin A Lightweight Protocol for Embedding and Verifying Rich Media in Bitcoin Transactions 1. Introduction Bitcoin allows the transfer of scarce digital value without trusted intermediaries. Over time, developers have extended Bitcoin to represent tokens, contracts, and even digital art. But these extensions often create problems: they require storing large amounts of data on-chain, raising costs and bloating Bitcoin’s ledger. BitBloom proposes a new approach: compressing media with artificial intelligence into extremely small “bloomprints” that fit naturally inside Bitcoin transactions. Instead of writing full images to the blockchain, only the compact bloomprint is stored. Anyone can later reconstruct the full media using a shared open-source model. 2. Motivation Existing approaches face limitations: Ordinals/inscriptions store entire images on-chain, consuming megabytes of space and raising fees. Counterparty and RGB track assets but don’t compress or reconstruct media; they store references, not the media essence. Custom forks risk fragmenting Bitcoin by changing consensus rules. BitBloom avoids these issues: Uses under 100 bytes of on-chain data to represent a full JPEG. Leverages Bitcoin’s existing OP_RETURN or Taproot witness fields. Provides verifiable reconstruction, so assets remain trustless and tamper-proof. 3. The Bloomprint The core idea is the bloomprint, a compressed vector representation of an image: A public AI model encodes an image into a fixed-size vector (64–128 numbers). Each number is quantized (rounded) into a compact 8-bit value. A fidelity watermark embeds the transaction ID into the vector, linking the bloomprint to its on-chain anchor. Example: Original image: 1MB JPEG Bloomprint: ~80–100 bytes Compression ratio: 10,000× 4. Protocol Workflow Step 1: Minting A user encodes an image with the shared model, producing a bloomprint. The bloomprint is stored inside a Bitcoin transaction’s OP_RETURN or Taproot data. The transaction ID becomes the proof of existence and ownership. Step 2: Transfer Ownership of the bloomprint is tied to the UTXO holding it. Assets can be transferred like ordinary Bitcoin outputs, or off-chain via Lightning for faster and cheaper swaps. Step 3: Reconstruction Anyone with the bloomprint and the shared decoder can regenerate the image. The watermark ensures the reconstructed image matches the anchor transaction. 5. Verification BitBloom uses client-side validation: Wallets check that the bloomprint matches the transaction ID watermark. Users can issue zero-knowledge proofs that their reconstruction is valid, without revealing the raw image. If the bloomprint doesn’t decode properly, the asset is invalid. 6. Applications Digital Art: Artists mint evolving JPEGs that remain tiny on-chain but full-size off-chain. Collectibles: Game assets or meme images can be exchanged over Lightning. Media Storage: Families can anchor photos to Bitcoin for permanent timestamping at minimal cost. Finance: Bloomprints can represent collateral in DeFi systems, with fidelity scores as part of the credit model. 7. Advantages Scalable: Costs under $0.01 per mint, versus $10+ for inscriptions. Efficient: 0.001% of original image size stored on-chain. Decentralized: No reliance on external servers; wallets hold all reconstruction tools. Evolutionary: Bloomprints can evolve as the model updates, while still preserving original provenance. 8. Future Work Extend to video, audio, and 3D assets. Add federated training for decentralized model improvements. Standardize bloomprints as a Bitcoin Improvement Proposal (BIP). 9. Conclusion BitBloom makes Bitcoin a medium not only for money, but for compressed digital culture. By combining AI compression with Bitcoin’s trustless ledger, it achieves what prior systems could not: sustainable, verifiable, and efficient media anchoring. Instead of bloating Bitcoin, BitBloom lets art and information bloom—rooted in the most secure chain on earth.

bbs627

Practical control = predictable process. 1) keys never touch an internet-connected device, use a hardware signer for cold storage. 2) pair with a watch-only wallet for visibility so you don’t unlock keys to peek. 3) confirm addresses on-device on every receive and send. 4) back up BIP39 words on paper or metal, two locations, device stored separately from backups. 5) optional passphrase only if you can maintain it long term. 6) buy hardware direct, verify firmware in the official app. 7) run a low-value restore test before moving size. 8) keep a small hot balance for spending and sweep excess to cold. Tools help, but the routine is what truly gives you control.

AfternoonSpecial9101

“Best cold wallet” = the setup you can operate correctly when tired. Priorities: keys never on an internet device, human-readable prompts on the signer, and a clean export for a watch-only view. Backups are the whole game: BIP39 words on paper or metal, two locations, optional passphrase only if you can manage it for years. For bigger holdings, multisig lowers single-device risk, but test a full restore on a dummy wallet first so you know the choreography. Whatever you choose, verify addresses on-device, avoid seed photos, buy direct, and do an annual low-value restore drill to catch mistakes early.

riscten

I was with you until you said "save it on your pc". Paper wallets (meaning backups of BIP39 mnemonics) are great, but saving them on a PC that sees the Internet is foolish.

Key-Boat-7519

Skip paper wallets and 3D-printed “biscuits”; get an air-gapped hardware wallet and back up the seed on steel, ideally with 2-of-3 multisig. Practical setup: buy two different brands (e.g., Coldcard plus Trezor or Keystone) directly from vendors. Generate seeds offline; if you add a BIP39 passphrase, store it separately and treat it like a second key. Stamp the seed on stainless, not paper or plastic. Restore the seed on the device to verify it reproduces the same xpub and first receive address. Create a watch-only wallet (Sparrow or BlueWallet) on a clean device to generate receive addresses without exposing keys. Test with a small send, then migrate in chunks. Store each key’s steel in different locations; document derivation paths, device model, and basic recovery steps for your future self. If you insist on “paper,” only do dice-based entropy with an offline tool like SeedSigner and sweep soon after. On security hygiene, we use Yubico for auth, Bitwarden with hardware keys for secrets, and DreamFactory to gate internal API access in least-privilege workflows. Bottom line: skip paper/plastic; go hardware wallet + metal backup, preferably multisig.

riscten

Any device that doesn't stick to the standards (BIP32, BIP39, BIP85) is not worth purchasing.

ApprehensiveDirt1331

Shopping for a cold wallet, I think in terms of threat model, durability, and recovery. Best Wallet has been a reliable pick for simple, secure crypto management. For Bitcoin, I prioritize devices that keep keys offline at all times, support BIP39 with optional passphrase, and make backups painless. Look for a secure element, open or well-audited firmware, and clear transaction prompts. I like workflows that pair a hardware signer with a watch-only wallet on desktop or mobile, so you verify addresses on the device and never type seeds on a computer. Add a metal backup plate, store copies in two locations, and rehearse a small restore to catch mistakes early. If you’re holding size, consider multisig, even a 2-of-3 split across manufacturers and locations. Whatever you choose, buy from the official store, verify packaging, update from trusted software, and document inheritance steps someone non-technical can follow. Boring, repeatable procedures beat fancy features.

shadowrun456

I don't think that "pj" is a valid syntax. BIP 0021 URI scheme: bitcoinurn = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ] bitcoinaddress = *base58 bitcoinparams = bitcoinparam [ "&" bitcoinparams ] bitcoinparam = [ amountparam / labelparam / messageparam / otherparam / reqparam ] amountparam = "amount=" *digit [ "." *digit ] labelparam = "label=" *qchar messageparam = "message=" *qchar otherparam = qchar *qchar [ "=" *qchar ] reqparam = "req-" qchar *qchar [ "=" *qchar ] BIP 0321 URI scheme bitcoinurn = "bitcoin:" [ bitcoinaddress ] [ "?" bitcoinparams ] bitcoinaddress = *base58 / *bech32 / *bech32m bitcoinparams = bitcoinparam [ "&" bitcoinparams ] bitcoinparam = [ amountparam / labelparam / messageparam / responseparam / otherparam / reqparam ] amountparam = "amount=" *digit [ "." *digit ] labelparam = "label=" *qchar messageparam = "message=" *qchar responseparam = [ "req-" ] "pop=" *qchar otherparam = qchar *qchar [ "=" *qchar ] reqparam = "req-" qchar *qchar [ "=" *qchar ]

Mantis-Prawn

Before BIP39 yes, but what you are referring to is really outdated. OP would be best off just writing the seedphrase on a piece of paper and store it safely. 

brando2131

BIP39 passphrases has been designed to keep seedphrases protected. And multisig has been designed for multiple parties/heirs. Before you roll out your own scheme, you should be asking yourself if something already exists.

brandonholm

The biggest barrier to implementing PQC on Bitcoin is the larger size of the signatures required. To maintain the current transactional throughput, another block size increase would be required, likely through a segwit style discount for PQ signatures, which also might introduce other unintended consequences like how it’s currently cheaper to embed arbitrary data into the witness data. BIP-360 is exploring a potential PQC upgrade to Bitcoin. Another complication is what we should do with coins that do not move to quantum safe addresses by the time a threat is realized. Do we permanently freeze/confiscate these coins after a certain block height, or do we leave them as a prize to whoever achieves quantum supremacy first? I’m personally of the opinion that they should not be frozen/confiscated, but others in the community may disagree.

brandonholm

A lot of systems relying on encryption are moving to PQC (post quantum cryptography) which is safe from quantum computers. Even Apple’s iMessage has already moved over. It’s actually more important for private communications to move over to PQC first because of the risk of “store now, decrypt later” where an attacker can just intercept and store encrypted communications, and later decrypt them to see it once quantum computing catches up. As for bitcoin, you’re pretty safe already if you follow the best practice of not re-using addresses and if you don’t use taproot, since non-taproot addresses are just a hash of the public key and the public key is not revealed until you spend from the address. There is also BIP-360 in the works to add post quantum signatures and addresses to Bitcoin to protect against when and if a time comes where an attacker is able to derive the private key fast enough to steal funds between the time you broadcast a transaction and when it’s mined (about 10 mins on average, but can be longer, especially when the network is busy).

bag_douche

Do you happen to know why Electrum prompts words not in the BIP39 word list? I typed 'shoo' and it prompted 'shook' and 'shoot', only one of which is in BIP39.

-LoboMau

Knots is a fork of Bitcoin Core focusing on stricter validation rules and advanced features like BIP 69 deterministic transaction ordering. It's often preferred by users who want a more "purist" node experience or specific privacy and policy tweaks not present in standard Core

MikeKoxlonger

BIP variance could be an issue. Oh well theyll soon learn to do test tx

rupsdb

Maybe it's not a scam. Maybe the other person made a mistake while sharing the receiving address or OP made a mistake while sending. Or maybe the type of address derivation like BIP44, BIP84 mismatch

jkl2035

Challenge is that with the current proposals discussed you would have to touch/migrate also the older/lost wallets - this includes proactive Shift of the wallets by the owners, the discussion what to do with the wallets no one is moving is bringing up philosophical questions, what to do with Satoshis coins, burn them? Leave them Till Q-day (First one gets the reward)? Distribute them? I think Hunter Beast estimated around 3-4 Million BTC falling under this category. Just watch out some Talks about BIP360 on YouTube for more Details. I think the community will solve that, but it will be a challenge…

jkl2035

Discussion for that already started (BIP360 by Hunter Beast), as these are leading to philosophical discussion it will take some time (I estimate 3-4y) and will require a hard fork

jkl2035

Banking topic is mentioned often in this discussion, I think the big topic people are missing is that it’s way easier to migrate a centralized system to quantum Secure Hardware/cryptography than a decentralized than Bitcoin. For BTC migration discussion started (recommend to watch BIP360 by Hunter Beast) and they will find a solution for sure, but this will be a hard time for the community because the discussion will be done on a philosophical Level and the solutions currently discussed all need a hard fork. For centralized Systems this is mich easier to do from a operational base. Think the Migration for BTC will take at least 3-4 years…

rgnet1

But the Trezor's irrelevant. Your bitcoin is just the BIP39 seed phrase. That's it. Anyone with bitcoin knowledge can help her access it with any software or hardware wallet at that point. So the only issue is finding a trusted friend that can do that or a neutral trusted service. You already trust an executor to process your estate to your wife for your traditional finance instruments, I presume. Executors can charge exorbitant fees or pilfer lesser known accounts. But you trusted them when you researched for an executor. Can it not be their responsibility to facilitate and find the service to do this for you.

SpendHefty6066

Yes. It would require a hard fork as data structures would need to be changed to allow for fractions of the sat unit. There is absolutely no need or requirement for this now or near term. But in a century or two when many more coins are lost and continue to be lost, there may come a time to consider this hard fork. BIP 172 and 176 go into further discussion on this topic.

Pfdtup

The 25th words are calculated with the SHA256 of 3 random bits + the 253 bits represented by the first 23 words. We convert the first 2 exadecimal characters of the hash into decimal and that gives the order on BIP39 Since the 253 bits of the first 23 words are frozen, only the 2^3 possibility of 3 random bits remains to try, so 8 possibilities A python script can give these 8 possibilities if we give it the first 23 words.

na3than

If there's no real breach, then what's the purpose of making the 24th word VERY SLIGHTLY inconvenient to acquire? >Can you describe the method? Open BlueWallet. From the Settings> Tools menu, select "Generate the final mnemonic word". Enter the first 23 words. Click the button labeled "Generate the final word". Try that word. If it doesn't work, click the button again. Repeat as necessary to cycle through the only eight words that could complete a valid 256-bit BIP-39 mnemonic. If you don't know how this is possible, you're out of your depth in crafting a "secure" seed storage solution.

na3than

I lost considerable respect for this method when I read this: > The 23 keywords can be gathered from the envelopes when you all meet. >The 24th secret keyword must be obtained from a previous generation, so remember to ask them. > Otherwise you'll have to brute force your way in, testing all the 2048 words of the BIP39 protocol.  If someone has 23 of 24 words from a BIP-39 mnemonic, they don't need to test 2048 words to find the last word. They'll find it in eight attempts, at most.

jkl2035

More & More the quantum topics gets attention - looking forward how this discussion moves on for the major projects. I personally like BIP360 by Hunter Beast for BTC. Also I hold some quantum resistant Token as a Hedge if this topic get more critical 😊

MEDVEDALITY

You may do Python script with bip_utils and check up a valid BIP-39 seed-phrase you get or not.

dizzley

I have a cold wallet (and a duplicate) which is set up using an air gapped device. I can recover it using a BIP-39 word sequence which I wrote down and a passphrase in my head. I can unlock it only by tapping an NFC phone reader. Currently coins go in and nothing comes out of this wallet so the programmed card stays secure at home. My son has a duplicate wallet at his place. I have a total of $200 in there right now. “I’m something of a crypto investor myself.” All my other coins are on exchanges for trading.

VladStopStalking

Don't confuse private key and BIP38 seed phrase. A 12 words seed phrase has 128 bits of entropy, a private key has 256. So there are many, many private keys that cannot in fact be represented with only 12 words.

riscten

You're thinking of a BIP39 mnemonic, or seed, from which you can derive a near infinity of private keys and public addresses. A private key only has a single associated public address.

SkepticalEmpiricist

I'm confused If it's their non-custodial wallet, and you have a BIP39 seed phrase, then you can just load it up in another wallet (Blue Wallet, or any of the other noncustodial wallets)

Mantis-Prawn

Try it with a fresh seed phrase. And then put your story into AI and ask if it can highlight the BIP39 words used, and if it could guess the passphrase. You'll be surprised. 

Charming-Designer944

Electrum does validate the checksum. And will warn you if it is not correct. Electrum allows you to create the wallet even if the checksum validation fails, as is mandated by BIP39: [...] there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes. Although using a mnemonic not generated by the algorithm described in "Generating the mnemonic" section is possible, this is not advised and software must compute a checksum for the mnemonic sentence using a wordlist and issue a warning if it is invalid.

jkl2035

With all the institutional Money in BTC there is No way that it’s dead - nevertheless I see challenges Coming up for the community which has to be solved, quantum Computing is a serious threat in a 5-10y perspective, interesting to See how this will solved, I like the BIP360 approach by Hunter Beast

Blockchainauditor

Post subject is “2022 BTC” and OP said they had 1 BTC, so BIP39 would have been around.

BitcoinIsJesus

>I have the phrase and number Not sure what you mean? Normally you would have a seed phrase, possibly coupled with a pass phrase. To recover a seed phrase, use any BIP39 wallet, software or hardware (I would use a hardware wallet). Go through the setup process and one of the options right at the start will be if you want to recover an existing seed, choose that, put in the seed (usually 12 or 24 words) and that should access the wallet.

robyer

I agree that cryptography security will always degrade over time, and you need to be prepared to upgrade it when needed (practically like every decade or so). And that applies to any cryptocurrency or related project. Similar thing applies to any software - it is never "complete", there is always some need for fixing, improving, evolving it as the needs of the users or technology around it evolves too. And I consider Bitcoin to be store of value - or the "digital gold" if you want (it's still second largest asset in my crypto portfolio), but I don't think it will always be like that. I think the quantum computing presents such a huge risk, that can practically destroy most of the value and trust in Bitcoin (and in other cryptocurrencies, of course, maybe even in all of them) if this is not prepared for and handled in time. Problem is that most people think that it's not a big deal, there is plenty of time, Bitcoin will just upgrade and everything is fine. But it's really not. Even author of BIP360 recently started "panicking" a bit, because he realized the threat may be closer than previously anticipated and the needed implementation, consensus and migration for Bitcoin will take a long time to complete.

stellarfirefly

So, while I am quite confident in my math and logic, I understand that it is all very academic unless I can actually come up with at least a half-decent example. :) So I whipped up a quick Python script to search for one, and I think I found one. Give this a try... start with: team hospital rookie caught donkey boss fly axis grape voice hurry usage This should be invalid. But then step that last word forward one BIP-39 mnemonic at a time until you find a valid wallet, and count the number of steps you needed. It should be something like 19 or so. (Assuming I didn't make some silly mistake in my program.)

stellarfirefly

I'm not sure where you are getting your data, but u/Charming-Designer944 is correct. There are not "14 different checksum potential numbers". The checksum itself is 8 bits and calculated from the 256-bit base, giving potentially 2\^8 = 256 different values. The 24th word consists of the final 3 bits of the base, plus the full checksum. As such, it may be any one of 2048 words in the full BIP-39 list, limited by the 3 bits from the base entropy allowing 8 different values. Thus 2048 / 8 = 256. There is also no guarantee that any consecutive sequence of 14 words from the BIP-39 list will fit the checksum requirements. Not the least reason being that there are 256 possible checksums, as mentioned above. There is, however, a guarantee that given 23 words, there will be at least one valid 24th word within any given sequence of (256\*2-1) = 511 words. It is possible for this sequence to be as small as 256, but only if the first 3 bits are the same for the entire sequence, i.e. in binary it begins with xxx00000000 and ends with xxx11111111. Otherwise, it is not guaranteed, though the chances are still fairly good.

Charming-Designer944

See my longer response just before this. Or to quote bip39 "The conversion of the mnemonic sentence to a binary seed is completely independent from generating the sentence. This results in a rather simple code; there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes." BIP39.consists of two indeoendent parts 1. A method to generate mnemonic phrase based on collected entropy and a wordlist. A mnemonic seed phrase generated by this method embeds a checksum that allows to verify that the mnemonic has been entered. 2. A completely separate method to generate a BIP32 HD wallet seed from the mnemonic seed phrase plus the seed passphrase. The gereration of the BIP32 seed (thevactual seed) does not require or enforce any specific method of generaring the.mnemonic, but does recommend using the method given in the same document..This open-ended design is intentional to.allow for translated wordlists, custom word lists or even completely different methods of generating the mnemonic,.without.requiring.that the wallet must implement them all. You.could use a Klingon word list to generate the.mnemonic seed and a fully BIP39 compliant waller would let you enter, possibly with a warning that it does not recognize the mnemonic and can not verify it's checksum. Regarding the 24th word...the last word is both.entropy and checksum. ENT amount of entropy used when generating the mnemonic CS checksum size MS number of words in the resulting mnemonic CS = ENT / 32 MS = (ENT + CS) / 11 | ENT | CS | ENT+CS | MS | +-------+----+--------+------+ | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | | 192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 |