Pages:
Author

Topic: generating seed phrases offline and which wallets support custom passprhases? (Read 453 times)

member
Activity: 351
Merit: 37
use openssl.exe to generate 32 random bytes then you can use my tool https://github.com/alexeyneu/base58_2048
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Overly long and complicated passphrases don’t offer much added security, so usually 15-25 characters are more than enough...
You should also take into consideration that you need to input an optional mnemonic passphrase to unlock your wallet when you use a hardware wallet where you usually have a very limited input interface. Having to input a rather long and complex mnemonic passphrase can be a pain with most of hardware wallets I know.

I don't consider online hot software wallets as safe enough to secure substantial amounts of coin value, therefore the usability of a wallet setup with a hardware or air-gapped wallet is of importance for me.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Ok, I've found some more explanations. Just it is too bad that Metamask and majority of other wallets do not support seed phrase customization.
It feels like our replies are getting ignored by you OP.

Four of the previous replies, including mine have already addressed that
and one part of my reply in particular suggests that it's not proper to use the term "customization" because it'll just cause confusion.
Use the term "BIP39 Passphrase" or "Passphrase" like what's used by every user in this thread and in the article that you linked.
The latter may be mixed up with with the wallet encryption password, in topics about wallet encryption and mnemonic, I'd suggest to use the former.
legendary
Activity: 2730
Merit: 7065
Can we use any word of our choice as that additional word (i.e. a word that is not included in the list of 2048 words)?
You can use anything you like. It doesn't have to be real words at all. For example, Hgjdl=)87 could be a passphrase. You can hit any keyboard combinations you feel like. But I still recommend using something relatively normal because you don't want to find yourself in a situation where you or your heirs have trouble recovering your coins because of a complicated passphrase. The length is important as you noticed doing some additional research. When I set up a passphrase on one of my hardware wallets, I could only use X words because I reached the maximum character length.   
newbie
Activity: 17
Merit: 1
Ok, I've found some more explanations. Just it is too bad that Metamask and majority of other wallets do not support seed phrase customization.

https://getcoinplate.com/blog/what-is-a-bip39-passphrase-enhancing-the-security-of-your-crypto-wallet/

...Is there a limit to how long my passphrase can be?
No, there is no technical limit to the length of your passphrase. However, for the sake of memorability and practicality, it’s generally recommended to keep your passphrase relatively short, while still maintaining a high level of complexity and uniqueness. Furthermore, each wallet can have it’s own length limit so make sure to check if that’s the case. For example Ledger wallets allow 100 characters while Trezor 50 characters. Overly long and complicated passphrases don’t offer much added security, so usually 15-25 characters are more than enough...
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
By the term "custom passphrase" I actually mean creating a seed phrase with one additional word (13 words, 16 seed phrase etc.).

It's still a bit ambigous what you say, but I assume you're speaking of the optional mnemonic passphrase that extends the usually 12 or 24 mnemonic recovery words.

The optional mnemonic passphrase isn't restricted to be just one word or sequence of non-space symbols. It can be anything and every unique optional mnemonic passphrase will derive an unique wallet. (I wouldn't use leading, trailing or multiple consecutive spaces, though. IIRC by definition every symbol should be honored in optional mnemonic passphrases but the devil may lurk around in some wallet's input sanitizing code.)

While a wallet can check the correct sequence of mnemonic recovery words due to the embedded checksum, it can't know which is your "correct" optional mnemonic passphrase leading to your intended wallet. The smallest error in the optional mnemonic passphrase gives you a different and empty wallet.

Do not fail to properly document both the mnemonic recovery words and the optional mnemonic passphrase(s) or you'll have a recipe for later desaster.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
By the term "custom passphrase" I actually mean creating a seed phrase with one additional word (13 words, 16 seed phrase etc.). Can we use any word of our choice as that additional word (i.e. a word that is not included in the list of 2048 words)?
Hmm, this made the question in the OP even more confusing.
In the OP, it's more towards asking about "BIP39 Passphase", but this made it look like you're actually asking about seed phrase with additional word.

Perhaps you're familiarized with that term due to your experience with Electrum? (seen in your other topic)
If that's the case, then you're talking about the 'Passphrase' which can be any character, including whitespace if you fancy multiple extensions.
For topics that isn't exclusively about Electrum, choose not to use those terms because it's just how Electrum named their mnemonic's Passphrase.

But if that is about actual additional word; then it wont work because the checksum will be invalidated due to a couple of reasons:
e.g.: 13 or 16 words wont be broken down to the correct length which each checksum bit represents every 32bits of entropy
and the original checksum will be part of the entropy if you just added a word next to it.

Creating the 13 word mnemonic starting from the entropy wont work as well since the entropy should be divisible by 32bits so the checksum will be 15bits which isn't the correct length:
13 words x 11 bits (per word) = 143 bits
143 bits - 128 bits (entropy divisible by 32) = 15, so: 15Bit checksum and 128bit entropy
15 ≠ 128 / 32
Quote from: BIP39
The mnemonic must encode entropy in a multiple of 32 bits.
-snip-
CS = ENT / 32
MS = (ENT + CS) / 11
legendary
Activity: 3472
Merit: 10611
Can we use any word of our choice as that additional word (i.e. a word that is not included in the list of 2048 words)?
It is passphrase so you can use anything you like, in some tools they even accept special characters like emojis although I wouldn't recommend it because the way they normalize the input in different tools may be different and it could complicate future recovery if you don't use the same tool (like using Electrum but wanting to recover it using another app).
hero member
Activity: 994
Merit: 1089
By the term "custom passphrase" I actually mean creating a seed phrase with one additional word (13 words, 16 seed phrase etc.). Can we use any word of our choice as that additional word (i.e. a word that is not included in the list of 2048 words)?
If i understood you correctly, you are asking if you can choose any word as your passphrase. Yes, your passphrase is chosen or set by you, and you can select any word or even sentence that you like. However, you must be careful in selecting a passphrase, ensuring that it is strong enough not to be easily brute forced, and that you correctly back it up in a different location from your seed phrase.

Take note that passphrases are also case-sensitive, so you must be careful to back it up exactly as you set it, so you don't permanently lock yourself out of your funds.
newbie
Activity: 17
Merit: 1
Hi. I have two questions.

How could I safely generate custom seed phrases offline, and which tools are good for this operation?

What software supports generating seed phrases with  custom passphrases, and in which software wallets such phrases could be imported?

One of the best methods I was told of was the one that uses /dev/urandom and a copy of Ian Coleman's tool on an offline Linux machine:
https://bitcointalksearch.org/topic/m.63228430
This returns standard BIP39 seed and all proper wallets that work with seed will accept it.

Another, much easier method is to create a new seed with Electrum wallet. But this will work only on Electrum.
On the other hand, Sparrow wallet creates BIP39 seed, but it's not as widely available as Electrum or the first method I've linked.

Flipping a coin or rolling a dice is also a method, but you better search on the forum because it seems it's pretty easy to do it wrong.

Of course, hardware wallets also generate BIP39 standard seed, but some of them have lately... trust issues.


PS. Ian Coleman's tool also does this, but afaik in-browser random generator is not considered good enough for the job. That's why method 1 uses /dev/urandom separately.


This is interesting. I just hope we can 100% trust in hexdump and in bip39-standalone code.     Cheesy
newbie
Activity: 17
Merit: 1
What software supports generating seed phrases with  custom passphrases, and in which software wallets such phrases could be imported?
Every passphrase is custom and it acts as salt on top of your seed words, there is no such thing as predefined passphrase for bitcoin wallets.
I think this is a language barrier issue and that OP wasn't asking about wallets that allow you to customize your passphrases. Passphrases wouldn't make sense if the end-users didn't have the freedom to make the selection themselves. I think OP considers passphrases to be a custom feature. That's why he used the phrase "custom passphrases", trying to say that it's an optional feature that you can but don't have to use. But yeah, the word "custom" shouldn't be there at all.

By the term "custom passphrase" I actually mean creating a seed phrase with one additional word (13 words, 16 seed phrase etc.). Can we use any word of our choice as that additional word (i.e. a word that is not included in the list of 2048 words)?
legendary
Activity: 2730
Merit: 7065
What software supports generating seed phrases with  custom passphrases, and in which software wallets such phrases could be imported?
Every passphrase is custom and it acts as salt on top of your seed words, there is no such thing as predefined passphrase for bitcoin wallets.
I think this is a language barrier issue and that OP wasn't asking about wallets that allow you to customize your passphrases. Passphrases wouldn't make sense if the end-users didn't have the freedom to make the selection themselves. I think OP considers passphrases to be a custom feature. That's why he used the phrase "custom passphrases", trying to say that it's an optional feature that you can but don't have to use. But yeah, the word "custom" shouldn't be there at all.
legendary
Activity: 2212
Merit: 7064
What software supports generating seed phrases with  custom passphrases, and in which software wallets such phrases could be imported?
Every passphrase is custom and it acts as salt on top of your seed words, there is no such thing as predefined passphrase for bitcoin wallets.
So if you and me use the same passphrase, we are still going to have totally different addresses generated because we have different seed words.

Software wallets I know have passphrase support are: Blue wallet, elecrtum wallet, blockstream green wallet, nunchuk wallet, sparrow, stack wallet, wasabi wallet.
Most hardware wallets also have support for multiple passphrases.
legendary
Activity: 2604
Merit: 2353
Well, that "few" trial and error is anywhere between 1 and 2047 attempts, I'd say. So .. hmm...
[...]
Yes if you have a terrible bad luck, you could fail dozens or hundreds times theoretically. But Electrum seeds are on 12 words, it's 128bits for BIP39 seed.
128 mod 11 = 7 The last word is 7bits long (the 4bits remaining are used for the checksum).
27 = 128 So 128 words should work.
2048/128 = 16 It's 1/16th of the list.
legendary
Activity: 3472
Merit: 10611
If you need a bunch of SEEDs for other networks wallets I would advocate the use of BIP85 child seeds generated from the single master SEED.
The problem with BIP85 is that it is not popular enough for users to find it in popular wallets. There are just implementations on Github that lack enough reviews hence they are not as safe as you'd want them to be.

The better option is to stick to a multi-coin wallet, or even hardware wallets, that supports this and you only need to rely on that one time seed phrase generation.
legendary
Activity: 2730
Merit: 7065
I was not sure, hence the question mark. Now I've checked on their page and:
* Sparrow supports importing Electrum wallet files, but not the seed (sorry, I guess I've mixed some things up)
Now I remember that I have seen that GitHub issue being mentioned on the forum in the past. I totally forgot about it, but I will make sure to keep it in mind. So, they don't support recovering an Electrum wallet from seed, but if you have an Electrum-native wallet file, Sparrow will recognize its format and let you recover it in its app.

Good to know, thanks!
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
However, as I said, generating the seed with Electrum only is OK if one plans to use it with Electrum only (or maybe very few others; Sparrow?), which is quite usual actually.
Wait, are Electrum-native seeds supported by Sparrow wallet? I know that Blue Wallet is compatible with Electrum's seed format, but their greatest focus is on their mobile wallet. They have a desktop version as well, but only for macOS. There is sadly no support for Windows and Linux.

I was not sure, hence the question mark. Now I've checked on their page and:
* Sparrow supports importing Electrum wallet files, but not the seed (sorry, I guess I've mixed some things up)
* although Sparrow supports internally Electrum seed, they don't plan to recover an Electrum seed because they consider it confusing for their users (see here)

Thanks for helping clearing this up.
legendary
Activity: 2730
Merit: 7065
However, as I said, generating the seed with Electrum only is OK if one plans to use it with Electrum only (or maybe very few others; Sparrow?), which is quite usual actually.
Wait, are Electrum-native seeds supported by Sparrow wallet? I know that Blue Wallet is compatible with Electrum's seed format, but their greatest focus is on their mobile wallet. They have a desktop version as well, but only for macOS. There is sadly no support for Windows and Linux.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
So since Electrum seeds are generated with the standard BIP39 wordlist why not using Electrum to generate a seed and then just changing the last word in order to have a valid BIP39 checksum and therefore a valid BIP39 seed? Finding a valid last word could be made by calculations or with just few "trial and error" in the import seed feature of the wallet.

Well, that "few" trial and error is anywhere between 1 and 2047 attempts, I'd say. So .. hmm...
Even more, why not use a proper tool and generate the seed properly from start to end instead of "hacking around" and risk to weaken it?

So imho this is not a good approach. However, as I said, generating the seed with Electrum only is OK if one plans to use it with Electrum only (or maybe very few others; Sparrow?), which is quite usual actually.

I've made a list exactly to offer a not-too-bad range of alternatives, anyone can pick any. But no, I don't recommend this hack-around solution, sorry.
legendary
Activity: 2604
Merit: 2353
One of the best methods I was told of was the one that uses /dev/urandom and a copy of Ian Coleman's tool on an offline Linux machine:
https://bitcointalksearch.org/topic/m.63228430
This returns standard BIP39 seed and all proper wallets that work with seed will accept it.

Another, much easier method is to create a new seed with Electrum wallet. But this will work only on Electrum.
On the other hand, Sparrow wallet creates BIP39 seed, but it's not as widely available as Electrum or the first method I've linked.

Flipping a coin or rolling a dice is also a method, but you better search on the forum because it seems it's pretty easy to do it wrong.

Of course, hardware wallets also generate BIP39 standard seed, but some of them have lately... trust issues.


PS. Ian Coleman's tool also does this, but afaik in-browser random generator is not considered good enough for the job. That's why method 1 uses /dev/urandom separately.
Electrum doesn't generate BIP39 seeds but it accepts them and it checks if the checksum is ok(and if words belong to the BIP39 wordlist). So since Electrum seeds are generated with the standard BIP39 wordlist why not using Electrum to generate a seed and then just changing the last word in order to have a valid BIP39 checksum and therefore a valid BIP39 seed? Finding a valid last word could be made by calculations or with just few "trial and error" in the import seed feature of the wallet.
Pages:
Jump to: