Does this kind of wallet generated by electrum word seeds have any flaw?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Saltius on April 13, 2021, 09:37:21 PM

I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.

It's not a perfect solution, but it is much better than just picking words yourself and probably good enough provided the other 121 bits of your entropy remain completely secure.

Quote from: Pmalek on April 14, 2021, 04:31:09 AM

You can restore a BIP-39 recovery phrase on Electrum mobile as well.

But you cannot restore a BIP39 phrase with an invalid checksum on mobile, which is why OP needed to change the last word of his Electrum seed phrase to give a BIP39 seed phrase with a valid checksum. You can proceed with an invalid checksum on desktop, but not on mobile.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Saltius on April 13, 2021, 09:37:21 PM

My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.

You can restore a BIP-39 recovery phrase on Electrum mobile as well. You are probably using an old version of the Electrum app on your offline device. I just downloaded the newest version to try it out. When you click on the gear icon to enter the options menu, you have the possibility to extend your seed by entering a passphrase or restoring a BIP-39 seed.

Take a look:

Saltius

member

Activity: 166

Merit: 16

Quote from: o_e_l_e_o on April 13, 2021, 04:06:13 PM

I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.

I divided the wordlist into 216 pieces(9 or 10 words each) then rolled a 6 face dice 3 times to locate which piece I should picked up words from.
(I actually rolled 9 times as first two rounds returned no valid word.)
Maybe that method is sufficient of covering up the last 7 bits of entropy needed by bip39.

My offline signer is a phone and it uses electrum android. The next button would grey out if the checksum of seed phrase fails.
However what you said is true on desktop version, I generated some seeds for testing, they indeed could generate BIP39 wallets dispite of the failure of checksum.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

I am inclined to agree with pooya87, that although this is obviously non-standard if the last word was actually picked randomly (and you didn't just work alphabetically down the BIP39 list starting at abandon) then you still have 128 bits of entropy.

However, you also didn't need to do this at all. When importing seed phrases in to Electrum with the view of generating a BIP39 wallet, although you will get a "checksum: failed" warning with an incorrect checksum, you can still proceed with your incorrect checksum and generate a normal functioning wallet and addresses.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: Saltius on April 13, 2021, 02:03:57 AM

I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.

Still, the best way is to generate a new wallet or update the old one, Electrum now even support segwit by default, and you will need to transfer your funds from the old wallet (legacy) to new wallet which is segwit.

And hope you update the latest version of Electrum from electrum.org, and verify the signature. Hope you are not using the old version that did popup scam update? Do not click on any update pop up. If the signature is verified, then install it. Better to run the latest version.

Saltius

member

Activity: 166

Merit: 16

Quote from: pooya87 on April 13, 2021, 12:08:52 AM

I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.

Good explaination about the entropy and randomicity. Thanks!

Quote from: HCP on April 13, 2021, 12:36:16 AM

Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh

Did you specifically require a BIP39 compatible seed for some reason? Huh

I just want new wallets supporting native segwit while I don't need to update my existing backups in multiple locations.
It once cost me quite a bit effect to make and place those backups.

HCP

legendary

Activity: 2086

Merit: 4314

Any particular reason why you didn't just generate a new Electrum native segwit seed? Huh

Did you specifically require a BIP39 compatible seed for some reason? Huh

pooya87

legendary

Activity: 3444

Merit: 10558

I don't think so.
The original seed phrase you are working with has to have been selected randomly and it represents 132 bits of entropy. When you drop the last word you still have 121 bits of randomly generated entropy, then when you randomly select a new word and brute force your checksum you are adding 7 more bits to the original entropy (making it 128 bit as defined by BIP-39 with 4 bit checksum) so it could be considered safe.

In other words you are reducing the size of the initial entropy but not by a lot and if the new word is also selected randomly it shouldn't matter.

Saltius

member

Activity: 166

Merit: 16

I have setuped an offline electrum standard wallet years before(Lagacy one, segwit not supported). I have written down the 12 word seeds as backup.
Days ago, I tried to generate a bipxx standard wallet on electrum by these seeds.
Of coz these electrum 12 word seeds won't match the checksum required by bip39.
So I picked the first 11 words then added another word picked randomly by myself from the bip39 2048 word list. I picked that last word about 20+ times to pick up one just meet the checksum with the first 11 words.
Then I choose 84/0/0 path to generate a bip84 native segwit supported wallet.

So my question is does this wallet generated by above steps have any flaw? (Say, its randomicity or anything else.)

Topic: Does this kind of wallet generated by electrum word seeds have any flaw? (Read 121 times)