HOLD up partner! I know you’re anxious to get down to that sweet comment section and leave your mark. You’re probably already thinking of something clever, like “bold of you to assume I can count to 8”. But we’re about to learn some interesting things, which you can later use to amaze and impress your parents, friends, or significant others.
So you’ve got yourself some crypto, and since you’re no chump you created a wallet (or three) to move it to. During the process, the software presented you with a list of words and told you to write them down and keep them safe*! But did you know*
The idea to use a list of regular words (a mnemonic sentence) for generating cryptographic wallets was proposed in 2013. It was formally adopted as a Bitcoin Improvement Proposal (BIP) called BIP-39. Prior to that, wallet seeds were just a long, randomly generated string of digits, which was difficult to use due to the fact that it’s easy to introduce errors when reading or writing it down. Some subsequent implementation following BIP-39 is now used by just about every wallet on every blockchain, because it’s just that good of an idea.
I know all the words in your seed phrase! All modern wallets that use BIP-39 use words from the same list of 2048 official seed words. There are different lists for other languages, but every wallet that uses English language is derived from this list of words: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
Each word in the list was chosen to minimize the chance of mistaking one word for another. For example, no two words on the list start with the same four letters, so technically if you can read the first four letters you can recover the wallet.
Humans are terrible at generating randomness, which is why when you create a new wallet, the software doesn’t let you “choose” your seed words. Basically, you would pick words that someone (or a good computer to be more specific) could easily guess if given a few million (or billion) tries. What the wallet does instead is generate a highly random sequence of bits (0’s and 1’s) and then chop it up into a series of 11 bit values, each of which then identifies a single word in the word list (2^11 = 2048, the number of words in the list). So for example if a particular 11-bit chunk of the random sequence is “00000000101”, that is the number 5, so the 5th word in the list is used, which is “above”. When you recover a wallet using your seed phrase, the software looks up each word to find it’s position on the list and then converts that place number back to the value (i.e. if you enter “moon” it finds that word at position 1149, which in binary is 10001111101). The fact that OG BIP39 wallets work this way, by the way, is considered technically to be a flaw, because the seed words themselves don’t actually contain the information to recover the wallet. You have to look up the word in a particular list of words. So if the word list is unavailable or changes, your recover phrase would not work. Some software like that used by the Electrum wallet, solves this issue by using the seed words themselves to produce the seed value and hence the public/private keys. In the meantime, when you record your seed phrase you really should also write down the wallet software (including version number) that was used to produce the keys, so that when they unthaw you in 100 years and you want to recover your vault of moons, you can get an archival copy of the correct software you will need (hopefully someone stored a copy on IPFS). You remembered to have your seed phrase stored with your frozen body, right?
The last word in your seed phrase is actually dependent on the previous words. This is another level of error detection built into the mnemonic seed phrase. After that series of random 0’s and 1’s is generated, the software calculates a checksum and combines it with the last 11-bit sequence, which then determines the last word in the list. So if you know the first 11 words, you can figure out the 12th word fairly easy by trial and error (which is how I know “moon moon moon moon moon moon moon moon moon moon moon tomorrow” is not a valid seed phrase but “moon moon moon moon moon moon moon moon moon moon moon able” is).
The same seed phrase will produce a different wallet on different blockchains. This is because a subsequent proposal, known as BIP-44, adopted in 2014, added an additional field to the seed value which identifies the coin type. This was done so that there would not be a case where the same public/private key pair existed on multiple blockchains if the user used the same word list to generate, say, separate bitcoin and ethereum wallets. Since you usually use a wallet which is designed for a particular blockchain (e.g. metamask, which supports Ethereum, or Yoroi for Cardano) you aren’t aware of the addition of that key value; the software just does it for you. Related to that flaw in BIP39 pointed out in #4 above, this enhancement is related to what are called derivation paths. Which is why technically, your seed phrase is not enough to recover your wallet. To emphasize this point again, for long term archiving of your seed phrase, be sure to also record what software produced it and for what coin you created the keys.
Some blockchains use more than 12 words. Algorand and Monero, for example, use 25 words (the last word includes the checksum similarly to the 12 word version). This is to increase the length of the public key/private key pair to 256/512 bits, respectively. Cardano supports either 15 or 24 word mnemonic phrases. (No, I don’t actually know why they chose 15, I guess just to be weird)
There are 5,444,517,870,735,020,000,000,000,000,000,000,000,000 possible 12-word seed phrases. To put that in perspective, there are approximately 7,500,000,000,000,000,000 grains of sand on the earth. So you would have a much (much!) greater chance of selecting a single specific grain of sand from somewhere on the earth than guessing someone’s 12 word seed phrase. And for 24 words? Just don’t think about it. For fun, visit https://keys.lol/ and spin the wheel.
Try not to let your brain explode with all this new information, cryptofriends!
If there is one TLDR here, it’s this: when you record your seed phrase, also record information about the software that produced the keys with it.
submitted by /u/mjrice
[link] [comments]