Author

Topic: Does this kind of wallet generated by electrum word seeds have any flaw? (Read 150 times)

legendary
Activity: 2268
Merit: 18771
I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.
It's not a perfect solution, but it is much better than just picking words yourself and probably good enough provided the other 121 bits of your entropy remain completely secure.

You can restore a BIP-39 recovery phrase on Electrum mobile as well.
But you cannot restore a BIP39 phrase with an invalid checksum on mobile, which is why OP needed to change the last word of his Electrum seed phrase to give a BIP39 seed phrase with a valid checksum. You can proceed with an invalid checksum on desktop, but not on mobile.
legendary
Activity: 2730
Merit: 7065
My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.
You can restore a BIP-39 recovery phrase on Electrum mobile as well. You are probably using an old version of the Electrum app on your offline device. I just downloaded the newest version to try it out. When you click on the gear icon to enter the options menu, you have the possibility to extend your seed by entering a passphrase or restoring a BIP-39 seed.

Take a look:

member
Activity: 166
Merit: 16
I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.

I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.

My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.
legendary
Activity: 2268
Merit: 18771
I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.
Still, the best way is to generate a new wallet or update the old one, Electrum now even support segwit by default, and you will need to transfer your funds from the old wallet (legacy) to new wallet which is segwit.

And hope you update the latest version of Electrum from electrum.org, and verify the signature. Hope you are not using the old version that did popup scam update? Do not click on any update pop up. If the signature is verified, then install it. Better to run the latest version.
member
Activity: 166
Merit: 16
I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.

Good explaination about the entropy and randomicity. Thanks!



Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh Did you specifically require a BIP39 compatible seed for some reason? Huh

I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.
HCP
legendary
Activity: 2086
Merit: 4363
Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh Did you specifically require a BIP39 compatible seed for some reason? Huh
legendary
Activity: 3472
Merit: 10611
I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.
member
Activity: 166
Merit: 16
I have setuped an offline electrum standard wallet years before(Lagacy one, segwit not supported). I have written down the 12 word seeds as backup.
Days ago, I tried to generate a bipxx standard wallet on electrum by these seeds.
Of coz these electrum 12 word seeds won't match the checksum required by bip39.
So I picked the first 11 words then added another word picked randomly by myself from the bip39 2048 word list. I picked that last word about 20+ times to pick up one just meet the checksum with the first 11 words.
Then I choose 84/0/0 path to generate a bip84 native segwit supported wallet.

So my question is does this wallet generated by above steps have any flaw? (Say, its randomicity or anything else.)
Jump to: