Pages:
Author

Topic: BIP39 vs Electrum Mnemonic seed - page 2. (Read 695 times)

legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
February 14, 2023, 01:26:03 AM
#21
So, if an address appears on public, for example, bc1q00msv0lt4hhaks47yy2d26kg269r0r06vnccsp, how do we know that address is not standard generated?

or how to know the address is used BIP39 or electrum seed?
Address contains neither sensitive data nor the information about the approach that was employed to create it in the first place. Addresses are designed to be publicly revealed, otherwise it would be impossible to make transactions on the blockchain. You can't even convert a bitcoin address back to a public key (that is also considered relatively safe to share on the Internet), which makes it an impossible task to extract private keys directly from addresses. However, in the case of insecurely generated bitcoin wallet, an attacker doesn't need to break your address to guess your private key. He already knows that you used an insecure password when created your wallet, otherwise he wouldn't spend time and resources trying to brute force it. The first thing he will do is gather all your personal information available on the Internet such as your name, occupation, pet name, etc and he will use it to guess a custom seed phrase. You will be surprised when you find out how many people use personal information for passwords.
hero member
Activity: 868
Merit: 737
February 13, 2023, 11:56:56 PM
#20
You can use it for testing purposes but always create a random seed when it comes to storing real money.
Of course, for testing only, I never used seed without standards procedure.

or maybe safe if only keep the private key?.
It's not safe at all. All this is is a glorified brain wallet, which instead of performing one hash to turn your string in to an individual private key is performing a few more hashes to turn your string in to a entire wallet. Either way, the result is highly insecure.
So, if an address appears on public, for example, bc1q00msv0lt4hhaks47yy2d26kg269r0r06vnccsp, how do we know that address is not standard generated?

or how to know the address is used BIP39 or electrum seed?
legendary
Activity: 2268
Merit: 18771
February 13, 2023, 05:17:40 AM
#19
Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"
All Electrum is doing here is ignoring the incorrect word list and incorrect checksum, and running your inputted text through the usual 2048 rounds of PBKDF2 in order to generate a wallet. This has nothing to do with the difference between Electrum seed phrases and BIP39 seed phrases.

or maybe safe if only keep the private key?.
It's not safe at all. All this is is a glorified brain wallet, which instead of performing one hash to turn your string in to an individual private key is performing a few more hashes to turn your string in to a entire wallet. Either way, the result is highly insecure.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
February 13, 2023, 02:10:16 AM
#18
Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"

so, is it dangerous when still keep an address; "bc1quql5me288nquwhjr432wakq949quwszzg4h588"?. because it's not normally seed, or maybe safe if only keep the private key?.
No, it is not safe at all to use custom seed phrases "generated" with the help of your brain because the randomness generated by the human brain is not cryptographically-secure. What you did was create a simple "brain wallet" with a very weak password which will take a couple of seconds to crack and steal all your money. Electrum is thus not unique in this sense, there are many other ways to create unique seed phrases and weak entropy but it also doesn't mean that you should use this functionality if given an option to do so. You can use it for testing purposes but always create a random seed when it comes to storing real money.
hero member
Activity: 868
Merit: 737
February 13, 2023, 01:11:49 AM
#17
Electrum is unique, it's different from the BIP39 seed, in electrum I can create an address with a custom seed like " Sarah Azhari" and get the address "bc1quql5me288nquwhjr432wakq949quwszzg4h588", it's different on BIP39 wallet, when I write that custom seed, I received "Sarah not in the wordlist, did you mean arch?"



so, is it dangerous when still keep an address; "bc1quql5me288nquwhjr432wakq949quwszzg4h588"?. because it's not normally seed, or maybe safe if only keep the private key?.
legendary
Activity: 2268
Merit: 18771
February 11, 2023, 06:50:02 AM
#16
Interesting. I did not know that Electrum applied this normalization to passphrases, which as you say, doesn't really make sense.

So a bit more testing on the standard Latin alphabet plus diacritics, Electrum will also use NFKD normalization, but it will also do the following: Make everything lowercase, remove all accents and turn the accented letter back to the "base" letter, reduce all white spaces of any length to one space only. This means that the following two passphrases produce the exact same wallet:

Code:
HÈLLÖ     thérê     $!?
hello there $!?

At least knowing this you could then apply the same rules to non-English letters and words to regenerate your wallet elsewhere, if you needed to.
legendary
Activity: 3472
Merit: 10611
February 11, 2023, 05:44:40 AM
#15
Good point. BIP39 uses NFKD - what does Electrum use? A very quick test shows that a passphrase of lower case letters and numbers will generate the same wallet between Electrum and an edited version of Ian Coleman, but upper case letters or symbols lead to different wallets.
The method is called "normalize_text"[1] and the behavior you found here is because for some reason Electrum calls the normalize_text method on both the mnemonic and its passphrase which treats them both the same. And although this method makes sense for the mnemonic, it makes no sense for the passphrase.
This means it will not only lower case all letters in your passphrase but also it will remove extra spaces from it (ie. pass="aB....cd" is the same as "ab.cd", I used dots instead of space to visualize it better).

The code looks pretty straight forward but last time I tried to reproduce it in c# I failed the part that affects CJK character:
[1] https://github.com/spesmilo/electrum/blob/df842af0b6b48074a510155fbfd28df295c200d4/electrum/mnemonic.py#L40-L90
legendary
Activity: 2730
Merit: 7065
February 11, 2023, 05:19:30 AM
#14
Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.
Electrum's version numbering system was created before BIP39 seeds became a thing. Therefore, Electrum didn't have anything to fix in a time where BIP39 seeds and their workings didn't exist.

No one would throw away a seed they wrote down and stored themselves, especially when they are sure that they have Bitcoin in that address.
It happens, and we have seen such stories. It's usually old seeds to empty wallets the owners no longer plan to use. Unfortunately, they give their counterparties an address that belong to such a wallet and receive BTC in an address whose seed they threw away. Or someone sends them money to an address they used in the past by mistake.

Does Sparrow wallet not already support importing Electrum wallets?
Blue Wallet supports importing Electrum-native seeds. In the past, the wallet couldn't be empty for the import process to work, but now it works on empty wallets as well.
legendary
Activity: 2268
Merit: 18771
February 11, 2023, 04:13:55 AM
#13
-snip-
Good point. BIP39 uses NFKD - what does Electrum use? A very quick test shows that a passphrase of lower case letters and numbers will generate the same wallet between Electrum and an edited version of Ian Coleman, but upper case letters or symbols lead to different wallets.

Still, it's not outside the realms of possibility to edit the code of some other piece of wallet software to use the same normalization method as Electrum does in order to recover Electrum wallets, in the incredibly unlikely scenario that all copies of Electrum some disappear from the internet. Does Sparrow wallet not already support importing Electrum wallets?
legendary
Activity: 3472
Merit: 10611
February 09, 2023, 10:52:07 PM
#12
And if you don't have any old copy of Electrum, then literally the only difference between turning a BIP39 seed phrase in to a wallet and an Electrum seed phrase in to a wallet is the word that is concatenated with your passphrase prior to PBKDF2. BIP39 uses "mnemonic", while Electrum uses "electrum". You could take any open source wallet and change the code very easily to recover Electrum seed phrases.
This works for 99% of the cases where you are using a simple seed phrase with no passphrase and with default English word-list. Anything other than this and things get complicated. For example if you were using a passphrase or if you were using a different word-list like the default French list since the normalization method is different (in this case removes diacritics or accents) your BIP32 seed will be different and you'll end up with a different wallet.
(BIP39 only performs a very simple KD normalization.)
legendary
Activity: 2268
Merit: 18771
February 09, 2023, 09:50:05 AM
#11
Easy enough to just recover your seed phrase in any old copy of Electrum you have and then export your raw private keys or xprv to be imported in to another wallet, in the very unlikely event that Electrum ceased to be maintained.

And if you don't have any old copy of Electrum, then literally the only difference between turning a BIP39 seed phrase in to a wallet and an Electrum seed phrase in to a wallet is the word that is concatenated with your passphrase prior to PBKDF2. BIP39 uses "mnemonic", while Electrum uses "electrum". You could take any open source wallet and change the code very easily to recover Electrum seed phrases.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
February 09, 2023, 07:04:02 AM
#10
Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum.
I think that's unlikely. What reason would someone have for backing up an invalid seed phrase to begin with? If they can't recover their wallet via BIP39, then they are going to search for other answers, not just immediately throw away their back up and assume their coins are permanently lost.

Note that Electrum isn't the only alternative to BIP39 either. There are others, such as AEZEED.

The problems start rolling in when other wallets do not implement these additional kinds of seed phrases besides BIP39, and then Electrum or whatever the custom seed software is ceases to be maintained. It will make recovering your funds in a different wallet a massive PITA as few wallets actually know how to recover Electrum seeds correctly.
legendary
Activity: 2268
Merit: 18771
February 09, 2023, 05:08:11 AM
#9
Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum.
I think that's unlikely. What reason would someone have for backing up an invalid seed phrase to begin with? If they can't recover their wallet via BIP39, then they are going to search for other answers, not just immediately throw away their back up and assume their coins are permanently lost.

Note that Electrum isn't the only alternative to BIP39 either. There are others, such as AEZEED.
legendary
Activity: 3472
Merit: 10611
February 09, 2023, 01:18:05 AM
#8
Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.
It has nothing to do with safety. Security of both algorithms are pretty much the same.
Read the link in first reply by @witcher_sense, in simple terms it is about the fact that BIP39 lacks certain features such as telling the software what type of address it should derive and at what derivation path (fixed by including a version number). That makes recovery using seed phrase a lot easier for users which is what Electrum aims for (ie user friendliness).
BTW Electrum seed algorithm existed before BIP39.
hero member
Activity: 644
Merit: 661
- Jay -
February 09, 2023, 12:50:43 AM
#7
...
No one would throw away a seed they wrote down and stored themselves, especially when they are sure that they have Bitcoin in that address.
You might get confused as to why it is marked invalid (although Electrum does not give an 'invalid' response when importing a seed that is not compatible) and ask on a forum, from a friend or just directly try another wallet.

About a thief discovering your bitcoins, if someone can look through your backups then you are not storing them securely.
It does not matter if you tag it "BIP39", simply seeing a list of keywords and knowing how popular crypto is right now, they would most probably know it has something to do with it.

- Jay -
hero member
Activity: 868
Merit: 737
February 08, 2023, 08:09:05 PM
#6
There is no way you can tell if a seed is BIP39 or Electrum simply by looking at it, if they are both using the same wordlist. You simply have to try to import the seed phrase and see if it has an valid/invalid BIP39 checksum or a valid/invalid Electrum version number.
Yes, only that 1 way we know the difference, but if kept long and someone forgets if it's a different seed, he will throw it away after checking its invalid sum. If we write specific "this is bip39 seed" and "this is electrum seed", a snatcher will find out if that word is bitcoin bag.
legendary
Activity: 2212
Merit: 7064
February 08, 2023, 01:03:13 PM
#5
Why Electrum doesn't use BIP39 seed? even use and have the same wordlist as BIP39 (2048 words).
Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings.
I know this could be confusing to some users, and I would suggest writing extra information when you are generating seed words, by simply writing small note like Electrum or BIP39.
In same way I would write derivation path that is not standard, passphrase, and anything that could help recover coins.

How to know if no.1 is bip39 seed and no.2 is electrum seed?
You can only know by importing words and checking your balance after that.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
February 08, 2023, 12:54:02 PM
#4
Adding this just to clarify the ETFbitcoin post above when you are trying to import your seed to Electrum with BIP39 the next button is grayed out you can't able to click next until you check BIP39 under the option.

Unlike Electrum seed when you import and paste the seed the next button is clickable. That's the easiest way to check if you have BIP39 seed or Electrum seed.
legendary
Activity: 2268
Merit: 18771
February 08, 2023, 06:22:53 AM
#3
It's worth noting that Electrum's seed phrase system pre-dates BIP39 by several years. Also, Electrum does not use a fixed wordlist like BIP39 does. BIP39 seed phrases will only work with the BIP39 wordlist. Electrum seed phrases will work with any wordlist you want. It uses the BIP39 one simply out of convenience, but you can replace the wordlist in the Electrum directory and use any wordlist you like.

There is no way you can tell if a seed is BIP39 or Electrum simply by looking at it, if they are both using the same wordlist. You simply have to try to import the seed phrase and see if it has an valid/invalid BIP39 checksum or a valid/invalid Electrum version number.

legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
February 08, 2023, 12:05:36 AM
#2
Why Electrum doesn't use BIP39 seed? even use and have the same wordlist as BIP39 (2048 words).
Check the "Motivation" section of their docs: https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation
And also this https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007642.html
In short, BIP39 doesn't include a version number which would allow software to determine the scheme of key derivation. A wallet needs to try different derivation paths in order to find where coins are located. Users, on the other hand, are risking to never find their coins if wallets suddenly stop supporting certain derivation paths. The other reason is that BIP39 has a fixed wordlist which is being used in a very inconsistent way: you don't use wordlist for key and addresses derivation, but you use it to calculate a checksum. Moreover, BIP39 standard suggest to use one wordlist per language, which is terrible for portability.
Quote
so What the difference and how to differentiate between them? for example:
Just check the documentation I linked.
Pages:
Jump to: