Topic: Adding a seed phrase to your wallet on Electrum? (Read 300 times)

I'm guilty of not providing any details to what I wrote "if done right" regarding the decoy wallet. Needless to say that you need to disconnect carefully your main stash from coins of your decoy wallet. It's imperative that you have to break the link between both wallets!

A single transaction funding the decoy wallet isn't very convincing, that's a given. Don't be like Scrooge McDuck with your decoy wallet, little "pennies" in your decoy wallet don't look convincing, too. A few transactions over time and in parallel to your "main" stash from exchanges which don't reveal your other transactions might make up a reasonable history. Just be careful to avoid linking wallets!

The amount in the decoy wallet should hurt you a bit which may help to convince the attacker that you're a small shrimp. (If you don't keep a low profile about your crypto stash, you're just stupid. Good luck then with any physical attacker...)

And I wish anybody that your decoy wallet isn't ever needed as true decoy!

Another point to note is that the wallet without a passphrase is a decoy wallet, a plausible deniability in cases where we are forced to provide it, but what if the attacker notices that it's a decoy wallet? He may not find it sufficient and will want you to provide another wallet.

For example, if the decoy wallet is only topped up once, this may raise suspicion, so I think it's a good strategy to keep some funds there.

unless your SEED is in the hands of stranger. Should this happen an extra passphrase would safe your life. For those who have multiple backups which at the same time are geographically distant the passphrase added to SEED may serve as a lifesaver which will assure their  sleep well at night.

I partially agree, 12 words are entropically secure so adding an extra passphrase won't change anything, making the passphrase complex will increase the chance of losing access your bitcoin.

creating a passphrase of 3-5 words is a compromise in case you forget it and it's also an ideal solution for physical attacks, will delay whoever manages to find the wallet seed for a short time until you can send bitcoin from another wallet.

If you forget it, the cost of brute force will not be expensive.

That's one option to have plausible deniability (if done right) with a sacrificial wallet for an empty mnemonic passphrase, while your main wallet(s) are hidden behind complex strong different mnemonic passphrase(s). Of course, you can't store a physical backup of your mnemonic passphrase any near your wallet or its mnemonic recovery words. Good separation is key here.

Another important option is to hide your main wallet should your separate storage location of your physical backup of your recovery words become compromised. The sacrificial wallet with the empty mnemonic passphrase could act as a canary when it's emptied by a thief.

I don't recommend to try to memorize your optional mnemonic passphrase(s). Sooner or later your memory will fail you and you'll be screwed if your wet memory was your only backup. Always have one or more physical (non-digital) backups, completely separate from your wallet's mnemonic recovery words.

Yeah, that is true, if you set a BIP39 passphrase, it must be one that is difficult to bruteforce, it isn't recommended to set a passphrase that is easy for you to remember or memorize, as some newbies might do, because if it is easy for you to memorize, it would probably be easy for an attacker who already has your seed phrase to bruteforce. It should be a strong passphrase and then backed up in a different location from the seed phrase, that's when it can be useful in protecting ones funds.

Does anyone know why?
There are some libraries that can be used to convert electrum seed to XPRV seed and then it can be used with any BIP32 wallet.


The main benefit of passphrase is for physical attacks.

You're right, I just did the test here, to import an electrum wallet into sparrow, only with the keystore file. Another point worth highlighting is that Sparrow does not import electrum keystore derived from a BIP39 seed (imported)

You may be right about the term.

It's true that when extending the seed with a passphrase, we will get a completely different wallet but, technically, it's not a password. A password is used to encrypt the seed or the wallet file while the passphrase is part of the seed itself.

However, it's worth noting that extending the seed with a passphrase is not going to add much security if it's not too complex or if it's stored with the seed in the same place.

You can't "add" a seed phrase to a private key because it only works the other way around, cryptographically speaking.

A seed phrase generates an extended private key which in turn can generate more private keys, and other extended private keys.

As far as I know, the only wallet that supports electrum seed phrase is bluewallet.
If you want to import your electrum wallet to Sparrow, you have to import the wallet file. You can't import the seed phrase that has been generated by electrum to Sparrow.

The extension word is a password that together with the electrum seed phrase will create a new completely unique wallet that is only accessible with the seed phrase + custom word which is also known as a Passphrase, each wallet gives a name to it , but the technical term is Passphrase (salt).

Electrum generates seed phrases different from the BIP39 standard, so only Electrum and some wallets like Sparrow wallet and bluewallet provide support for the electrum seed phrase standard.

Bitcoin core works differently in relation to wallet generation, it follows the BIP32 standard which generates a seed, but the seed does not encode BIP39 words, Bitcoin core uses descriptors.

If you want, you can import the same electrum wallet or a BIP39 wallet with or without passphrase via descriptor. You must import using the wallet's xpriv, knowing xpriv it is possible to import into Bitcoin core.

Bitcoin Core is not a suitable example here as it doesn't use the concept of mnemonic recovery words. In core you could import descriptors based on a master private key (xpriv) which itself is derived from a set of mnemonic recovery words and an optional mnemonic passphrase.

Sometimes a pictures allows things to sink in better. What nc50lc is speaking of, you can find in the BIP32 Root Key Derivation


Source: https://raw.githubusercontent.com/EAWF/BTC-Toolbox/3938785f186c76598989cc0aa017ad351483d3b1/Images/KeyDerivationTechnicalOverview.png

So, wallets that do implement BIP39 without bugs should all derive the same Master Private Key from a same set of mnemonic recovery words and an optional mnemonic passphrase.

The devil may be in the details and I can't recall from the top of my head what BIP39 says about input sanitation (if any!) for the optional mnemonic passphrase. E.g. a trailing space should be perfectly valid, but what about two or more spaces? Are they sanitized to one space or not?

I did some experiments long time ago with Electrum but unfortunately can't recall the results either. What I remember was something surprises me... will need to repeat and document results better.

It's just a fancy term used by Electrum, but that's the same as a "BIP39 Passphrase".
There's a "standards" to that which every wallet that supports BIP39 standard should've implemented (standard=the majority is doing the exact same thing)
So you can expect every wallet that support BIP39 seed to support the passphrase unless it's badly written.

I can see that your script creates BIP39 seed, so only apply the logic above to it since Electrum doesn't follow that standard on its native seed phrase.
However, it uses BIP39 standard to restore when 'BIP39 seed' is ticked in the options.

How does that work?
When deriving the seed from the mnemonic phrase, the words are passed throught 2048 rounds of HMAC-SHA512 as 'password' and the string "mnemonic" as salt.
But if you set a "Custom Word" or BIP39 passphrase, that salt will be extended to "mnemonic".
Given that the salt is different in the latter, the computed seed will be different from the former. (as they explained in the previous replies)

Note: The "seed" isn't your 12 words, the mnemonic is your 12 words. It's the HDSeed used to create your master private key.

The custom word you add to your seed phrase is like an extra word. It's also called passphrase and some call it 13th or 25th word.
Take note that with any change to your passphrase, you will have completely different addresses and you won't be able to recover your wallet from seed phrase, if you don't know the passphrase.

It may worth  mentioning that the passphrase doesn't have to be a word and it can be any combination of words or characters.



If you have added a passphrase to your seed phrase and you want to recover your wallet from seed phrase using a different software, you have to use a wallet that supports passphrase.

Take note that electrum uses its own algorithm for generating a seed phrase and if you have generated a seed phrase using electrum, you have to import it in electrum itself or bluewallet. You won't be able to recover your wallet from seed phrase using other softwares, regardless of you have added a passphrase to your seed phrase or not.

Also note that bitcoin core doesn't support seed phrase at all.

Thanks.

I hope is not too off-topic but regarding "Custom Word extensions" to the seed phrase.

How does this work? Because i guess that if i try to import a seed phrase to another wallet, let's say "BitcoinCore" i don't think they will support the extension of custom words i added to my seed phrase?

If you import a BIP39 seed phrase in electrum, it doesn't use its own method for genrating your private keys. Electrum uses a standard algorithm to generate the private keys.


You generated a private key and now you have a private key. If you want to have a seed phrase, you should generate a seed phrase.

Take note that you can derive private key from a seed phrase, but you can't derive seed phrase from a private key.

For people wondering about my script to create a bitcoin address, i actually made a post showing how it works

https://bitcointalksearch.org/topic/--5489456

So yeah, my intention was to use the seed phrase and private key that script created. Because if i just import a seed phrase alone into Electrum. Electrum is creating the private key with it's own method.

What i did was to use the Private key of my script to use Electrum, but when i do that, there is no seed phrase, in case i want to recover my wallet with the seed phrase.

Sorry if this sounds like nitpicking, but confusion arises when terminology is used in a loose way, also for OP.

A private key is in the end a hopefully random 256bit number with some negligible size constraints imposed by the generator point G (private keys must be smaller than G). Edit: It's maybe more the contraint by the order of the finite group used in Bitcoin's elliptic curve; I admit not being too fluent here.

I wouldn't say the seed phrase (the mnemonic recovery words) contains many keys, but rather you can derive many many keys from it by a standardized mathematical procedure (key derivation). The mnemonic recovery words encode an initial hopefully random entropy in human readable form and include a checksum to detect an error in the word sequence.

You're not wrong, but if someone doesn't know how HD wallets work then it may be confusing to say a seed phrase "contains many keys". Or it's just me, nitpicking...  


Why do you start with a private key? A HD wallet usually starts with some random entropy which is represented by the mnemonic recovery words. From there you decide what kind of addresses you want to use (Electrum is fixed on one address type in one particular wallet, eg. native segwit addresses that begin with bc1q....).

When the derivation path is determined, child keys are derived and the HD wallet takes care of that.

You may want to have a read here: https://learnmeabitcoin.com/technical/keys/hd-wallets/

In Electrum you can't add an arbitrary independant private key to a HD wallet, you can only sweep (ie. empty) the independant private key to an address generated and controlled by that HD wallet.

I would say, no.

If your seed phrase (the mnemonic recovery words) is BIP-39 compatible, you can import that to Electrum and choose to have native segwit key derivation with bech32 bc1q... addresses.

Electrum (and all other wallets I know) doesn't allow you to import a public key.
If you want to have a watch-only wallet in electrum, you need to import your address(es) or your master public key.