BIP39 vs Electrum Mnemonic seed - page 2.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: Sarah Azhari on February 13, 2023, 11:56:56 PM

So, if an address appears on public, for example, bc1q00msv0lt4hhaks47yy2d26kg269r0r06vnccsp, how do we know that address is not standard generated?

or how to know the address is used BIP39 or electrum seed?

Address contains neither sensitive data nor the information about the approach that was employed to create it in the first place. Addresses are designed to be publicly revealed, otherwise it would be impossible to make transactions on the blockchain. You can't even convert a bitcoin address back to a public key (that is also considered relatively safe to share on the Internet), which makes it an impossible task to extract private keys directly from addresses. However, in the case of insecurely generated bitcoin wallet, an attacker doesn't need to break your address to guess your private key. He already knows that you used an insecure password when created your wallet, otherwise he wouldn't spend time and resources trying to brute force it. The first thing he will do is gather all your personal information available on the Internet such as your name, occupation, pet name, etc and he will use it to guess a custom seed phrase. You will be surprised when you find out how many people use personal information for passwords.

Sarah Azhari

hero member

Activity: 868

Merit: 737

Quote from: witcher_sense on February 13, 2023, 02:10:16 AM

You can use it for testing purposes but always create a random seed when it comes to storing real money.

Of course, for testing only, I never used seed without standards procedure.

Quote from: o_e_l_e_o on February 13, 2023, 05:17:40 AM

Quote from: Sarah Azhari on February 13, 2023, 01:11:49 AM

or maybe safe if only keep the private key?.

It's not safe at all. All this is is a glorified brain wallet, which instead of performing one hash to turn your string in to an individual private key is performing a few more hashes to turn your string in to a entire wallet. Either way, the result is highly insecure.

So, if an address appears on public, for example, bc1q00msv0lt4hhaks47yy2d26kg269r0r06vnccsp, how do we know that address is not standard generated?

or how to know the address is used BIP39 or electrum seed?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Sarah Azhari on February 13, 2023, 01:11:49 AM

Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"

All Electrum is doing here is ignoring the incorrect word list and incorrect checksum, and running your inputted text through the usual 2048 rounds of PBKDF2 in order to generate a wallet. This has nothing to do with the difference between Electrum seed phrases and BIP39 seed phrases.

Quote from: Sarah Azhari on February 13, 2023, 01:11:49 AM

or maybe safe if only keep the private key?.

It's not safe at all. All this is is a glorified brain wallet, which instead of performing one hash to turn your string in to an individual private key is performing a few more hashes to turn your string in to a entire wallet. Either way, the result is highly insecure.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: Sarah Azhari on February 13, 2023, 01:11:49 AM

Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"

so, is it dangerous when still keep an address; "bc1quql5me288nquwhjr432wakq949quwszzg4h588"?. because it's not normally seed, or maybe safe if only keep the private key?.

No, it is not safe at all to use custom seed phrases "generated" with the help of your brain because the randomness generated by the human brain is not cryptographically-secure. What you did was create a simple "brain wallet" with a very weak password which will take a couple of seconds to crack and steal all your money. Electrum is thus not unique in this sense, there are many other ways to create unique seed phrases and weak entropy but it also doesn't mean that you should use this functionality if given an option to do so. You can use it for testing purposes but always create a random seed when it comes to storing real money.

Sarah Azhari

hero member

Activity: 868

Merit: 737

Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"

so, is it dangerous when still keep an address; "bc1quql5me288nquwhjr432wakq949quwszzg4h588"?. because it's not normally seed, or maybe safe if only keep the private key?.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Interesting. I did not know that Electrum applied this normalization to passphrases, which as you say, doesn't really make sense.

So a bit more testing on the standard Latin alphabet plus diacritics, Electrum will also use NFKD normalization, but it will also do the following: Make everything lowercase, remove all accents and turn the accented letter back to the "base" letter, reduce all white spaces of any length to one space only. This means that the following two passphrases produce the exact same wallet:

Code:

HÈLLÖ     thérê     $!?
hello there $!?

At least knowing this you could then apply the same rules to non-English letters and words to regenerate your wallet elsewhere, if you needed to.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on February 11, 2023, 04:13:55 AM

Good point. BIP39 uses NFKD - what does Electrum use? A very quick test shows that a passphrase of lower case letters and numbers will generate the same wallet between Electrum and an edited version of Ian Coleman, but upper case letters or symbols lead to different wallets.

The method is called "normalize_text"[1] and the behavior you found here is because for some reason Electrum calls the normalize_text method on both the mnemonic and its passphrase which treats them both the same. And although this method makes sense for the mnemonic, it makes no sense for the passphrase.
This means it will not only lower case all letters in your passphrase but also it will remove extra spaces from it (ie. pass="aB....cd" is the same as "ab.cd", I used dots instead of space to visualize it better).

The code looks pretty straight forward but last time I tried to reproduce it in c# I failed the part that affects CJK character:
[1] https://github.com/spesmilo/electrum/blob/df842af0b6b48074a510155fbfd28df295c200d4/electrum/mnemonic.py#L40-L90

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: dkbit98 on February 08, 2023, 01:03:13 PM

Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.

Electrum's version numbering system was created before BIP39 seeds became a thing. Therefore, Electrum didn't have anything to fix in a time where BIP39 seeds and their workings didn't exist.

Quote from: un_rank on February 09, 2023, 12:50:43 AM

No one would throw away a seed they wrote down and stored themselves, especially when they are sure that they have Bitcoin in that address.

It happens, and we have seen such stories. It's usually old seeds to empty wallets the owners no longer plan to use. Unfortunately, they give their counterparties an address that belong to such a wallet and receive BTC in an address whose seed they threw away. Or someone sends them money to an address they used in the past by mistake.

Quote from: o_e_l_e_o on February 11, 2023, 04:13:55 AM

Does Sparrow wallet not already support importing Electrum wallets?

Blue Wallet supports importing Electrum-native seeds. In the past, the wallet couldn't be empty for the import process to work, but now it works on empty wallets as well.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: pooya87 on February 09, 2023, 10:52:07 PM

-snip-

Good point. BIP39 uses NFKD - what does Electrum use? A very quick test shows that a passphrase of lower case letters and numbers will generate the same wallet between Electrum and an edited version of Ian Coleman, but upper case letters or symbols lead to different wallets.

Still, it's not outside the realms of possibility to edit the code of some other piece of wallet software to use the same normalization method as Electrum does in order to recover Electrum wallets, in the incredibly unlikely scenario that all copies of Electrum some disappear from the internet. Does Sparrow wallet not already support importing Electrum wallets?

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on February 09, 2023, 09:50:05 AM

And if you don't have any old copy of Electrum, then literally the only difference between turning a BIP39 seed phrase in to a wallet and an Electrum seed phrase in to a wallet is the word that is concatenated with your passphrase prior to PBKDF2. BIP39 uses "mnemonic", while Electrum uses "electrum". You could take any open source wallet and change the code very easily to recover Electrum seed phrases.

This works for 99% of the cases where you are using a simple seed phrase with no passphrase and with default English word-list. Anything other than this and things get complicated. For example if you were using a passphrase or if you were using a different word-list like the default French list since the normalization method is different (in this case removes diacritics or accents) your BIP32 seed will be different and you'll end up with a different wallet.
(BIP39 only performs a very simple KD normalization.)

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Easy enough to just recover your seed phrase in any old copy of Electrum you have and then export your raw private keys or xprv to be imported in to another wallet, in the very unlikely event that Electrum ceased to be maintained.

And if you don't have any old copy of Electrum, then literally the only difference between turning a BIP39 seed phrase in to a wallet and an Electrum seed phrase in to a wallet is the word that is concatenated with your passphrase prior to PBKDF2. BIP39 uses "mnemonic", while Electrum uses "electrum". You could take any open source wallet and change the code very easily to recover Electrum seed phrases.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: o_e_l_e_o on February 09, 2023, 05:08:11 AM

Quote from: Sarah Azhari on February 08, 2023, 08:09:05 PM

Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum.

I think that's unlikely. What reason would someone have for backing up an invalid seed phrase to begin with? If they can't recover their wallet via BIP39, then they are going to search for other answers, not just immediately throw away their back up and assume their coins are permanently lost.

Note that Electrum isn't the only alternative to BIP39 either. There are others, such as AEZEED.

The problems start rolling in when other wallets do not implement these additional kinds of seed phrases besides BIP39, and then Electrum or whatever the custom seed software is ceases to be maintained. It will make recovering your funds in a different wallet a massive PITA as few wallets actually know how to recover Electrum seeds correctly.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Sarah Azhari on February 08, 2023, 08:09:05 PM

Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum.

I think that's unlikely. What reason would someone have for backing up an invalid seed phrase to begin with? If they can't recover their wallet via BIP39, then they are going to search for other answers, not just immediately throw away their back up and assume their coins are permanently lost.

Note that Electrum isn't the only alternative to BIP39 either. There are others, such as AEZEED.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: dkbit98 on February 08, 2023, 01:03:13 PM

Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.

It has nothing to do with safety. Security of both algorithms are pretty much the same.
Read the link in first reply by @witcher_sense, in simple terms it is about the fact that BIP39 lacks certain features such as telling the software what type of address it should derive and at what derivation path (fixed by including a version number). That makes recovery using seed phrase a lot easier for users which is what Electrum aims for (ie user friendliness).
BTW Electrum seed algorithm existed before BIP39.

un_rank

hero member

Activity: 644

Merit: 661

- Jay -

Quote from: Sarah Azhari on February 08, 2023, 08:09:05 PM

...

No one would throw away a seed they wrote down and stored themselves, especially when they are sure that they have Bitcoin in that address.
You might get confused as to why it is marked invalid (although Electrum does not give an 'invalid' response when importing a seed that is not compatible) and ask on a forum, from a friend or just directly try another wallet.

About a thief discovering your bitcoins, if someone can look through your backups then you are not storing them securely.
It does not matter if you tag it "BIP39", simply seeing a list of keywords and knowing how popular crypto is right now, they would most probably know it has something to do with it.

- Jay -

Sarah Azhari

hero member

Activity: 868

Merit: 737

Quote from: o_e_l_e_o on February 08, 2023, 06:22:53 AM

There is no way you can tell if a seed is BIP39 or Electrum simply by looking at it, if they are both using the same wordlist. You simply have to try to import the seed phrase and see if it has an valid/invalid BIP39 checksum or a valid/invalid Electrum version number.

Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum. If we write specific "this is bip39 seed" and "this is electrum seed", a snatcher will find out if that word is bitcoin bag.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Sarah Azhari on February 07, 2023, 10:44:31 PM

Why Electrum doesn't use BIP39 seed? even use and have the same wordlist as BIP39 (2048 words).

Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.
I know this could be confusing to some users, and I would suggest writing extra information when you are generating seed words, by simply writing small note like Electrum or BIP39.
In same way I would write derivation path that is not standard, passphrase, and anything that could help recover coins.

Quote from: Sarah Azhari on February 07, 2023, 10:44:31 PM

How to know if no.1 is bip39 seed and no.2 is electrum seed?

You can only know by importing words and checking your balance after that.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Adding this just to clarify the ETFbitcoin post above when you are trying to import your seed to Electrum with BIP39 the next button is grayed out you can't able to click next until you check BIP39 under the option.

Unlike Electrum seed when you import and paste the seed the next button is clickable. That's the easiest way to check if you have BIP39 seed or Electrum seed.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

It's worth noting that Electrum's seed phrase system pre-dates BIP39 by several years. Also, Electrum does not use a fixed wordlist like BIP39 does. BIP39 seed phrases will only work with the BIP39 wordlist. Electrum seed phrases will work with any wordlist you want. It uses the BIP39 one simply out of convenience, but you can replace the wordlist in the Electrum directory and use any wordlist you like.

There is no way you can tell if a seed is BIP39 or Electrum simply by looking at it, if they are both using the same wordlist. You simply have to try to import the seed phrase and see if it has an valid/invalid BIP39 checksum or a valid/invalid Electrum version number.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: Sarah Azhari on February 07, 2023, 10:44:31 PM

Why Electrum doesn't use BIP39 seed? even use and have the same wordlist as BIP39 (2048 words).

Check the "Motivation" section of their docs: https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation
And also this https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007642.html
In short, BIP39 doesn't include a version number which would allow software to determine the scheme of key derivation. A wallet needs to try different derivation paths in order to find where coins are located. Users, on the other hand, are risking to never find their coins if wallets suddenly stop supporting certain derivation paths. The other reason is that BIP39 has a fixed wordlist which is being used in a very inconsistent way: you don't use wordlist for key and addresses derivation, but you use it to calculate a checksum. Moreover, BIP39 standard suggest to use one wordlist per language, which is terrible for portability.

Quote

so What the difference and how to differentiate between them? for example:

Just check the documentation I linked.

Topic: BIP39 vs Electrum Mnemonic seed - page 2. (Read 671 times)