Topic: How do I identify the valid checksums for bip39 if I generate 11/12 of the word? - page 2. (Read 791 times)

Update:  I've installed both Debian and Kali for Windows and upgraded both distros.  That said when entering your command it seems as though the windows version of linux does not recognize shasum as the output states the following:

└─$ echo -n "hello world" | shasum -a 256 -0
-bash: shasum: command not found

Perhaps these versions don't include the shasum command?  Or perhaps the Windows versions don't?

Either way any suggestions on this issue or also any recommendations on any specific Linux distributions that can let me perform the above would be appreciated.  Thanks.

Hmm you all may end up forcing me into the world of Linux and python after all.  Either way I'm going to first try to enable to turning on Windows Subsystem for Linux just so I can try to run those commands as you mentioned.  I'll give this a try and report back.  Thanks!

I also don't use Windows, but a quick internet search seems that there is no obvious way to use Windows Powershell to compute the hash you need. If you were running Linux, then you just open terminal and enter the following very simple command:

Which will return the following output:

And then you take the fist character (9) and convert it to 1001 and append as your checksum.

Here's another open source tool you can use to input your coin flips and generate your seed phrase: https://bitcointalksearch.org/topic/handydandy-a-tool-to-work-with-entropy-5373505

Windows is very limited in using commands and stuff like that to compute hashes, etc. Linux is better. But in any case it is a lot better if you learn and use a programming language instead of trying to make it work with commands. Something like Python is easy to learn and you can use it for such purposes, not to mention there are many open source projects on github.com in python you can use.

Hey, no not yet. However the whole thing for me here is that I want to understand what's occurring in the background and how it happens so that I can learn for myself and be comfortable with what's going on and why.

If anyone out there can help me out with suggestions on what programs / commands I can use built in Windows offline that will allow me to convert my 128 bit entropy to a hexadecimal number and then also perform a SHA 256 on the hexadecimal output it would be very helpful. Thank you.

Have you tried out my software? You're not going to mess with hex values, hash functions and mnemonic standards at all. That's technical stuff that happens on the background. You'll just flip a coin, and submit the results. Once done, it'll return you your BIP39 seed phrase, as well as some addresses of every type (legacy, nested segwit, native segwit) with their responsive private keys.

Alternative to my software (and more reviewed): https://iancoleman.io/bip39/

Hi BlackHatCoiner / all,

I agree there are several software items I am trusting.  The trick I'm trying to pull off is minimizing my sphere of trust to only encompass the essentials and of course as you said avoid the RNG.  That said I'm only interested in performing the OS stuff relating to generating the BIP 39 in an offline machine that will never see the internet which should help reduce that trust further. 

As to what I'm ultimately trying to do is figure out exactly how best to take my own derived entropy that I create offline and then create a 12 word BIP 39.  To me it sounds like flipping a coin 128x or rolling dice is the way to go (at least for testing).  Where I get confused is once I have that 128 bits (ones and zeros) what exactly do I do in Windows to:

1) identify the Hex value for the 1s and 0s of the entropy (offline), and then

2) once I have the Hex value, how do I perform a SHA256 hash for this Hex value in windows (offline) in the hex value of the entropy so I can then convert the first value of this SHA256 digest value back to binary (first 4 bits) to get the checksum that I would need to append to the 128 bits of entropy.

TIA

Okay, but note that you do rely on lots of things that I'm not sure you're aware of. First of all, you rely on Microsoft. There's absolutely no way to prove that your OS won't betray you, unless Microsoft released the source code and let developers across the world confirm they haven't inserted a backdoor. Secondly, there's a higher chance that your OS has a 0-day, compared to Linux, because it isn't so broadly reviewed. Thirdly, you rely on software developers, cryptographers, and mathematicians.

But, yes. You do avoid the firmware RNG.

With coding. But since that's not your field, I recommend you to use my software. Otherwise, tell me exactly what you want to do. You might be a victim of an XY problem.

Again, please don't do this. It isn't secure, like, at all.

I wouldn't use dice at all. Dice are more prone to bias than coins, the bias takes longer to detect, and is also harder to detect. All of these things become more true the more faces your dice has. It would take hundreds of rolls to be relatively sure of detecting even a fairly large bias on a 16 sided dice. It will be simpler, quicker, and more secure to flip a coin 128 times.

Thank you again BlackHatCoiner.  I certainly appreciate all of your replies.  That said however I am not a coder and not presently looking to be one but rather someone who likes to tinker with bitcoin and is trying to get to the point where I can create my own entropy and generate my own BIP 39 seed word without any reliance on the available software that does it. The idea is that as a non coder that can't verify code independently (and even if I could, I am not an encryption expert to fully understand all the intricacies there).

That all said, I feel I'm right on the cusp of knowing how to build my own BIP 39 seed word list for use an offline wallet that uses this standard and PSBT files that is compatible with Bitcoin core.  In my mind this is probably one of the safest ways to transact with sovereignty and that's what I'd like to be able to achieve here.   I'm just getting stuck in a few areas being a non coder windows user.  I can easily create my own entropy and understand that I need to be able to figure out how to perform some of the steps that yo mentioned here:

"You don't hash the hexadecimal, and that's why you don't need to convert the binaries to hexadecimal. Hash functions take input as bytes. You need to convert your 128-bit string to bytes, and then hash that. It's just that most libraries do this conversion in the background, which brings some confusion."

As far as how to convert my 128 bit entropy to bytes, I understand that would mean just simply deconstructing it to 8 bit chunks.  However specifically how to structure those bytes into a file format that I can use a built in Windows tool. I think my method of execution is off as I was apparently wrong in saving the ones and zeros in a notepad.txt file format.  So if I understand you right, then what I need to do is somehow create a binary file of my entropy.  I'm wondering how I would go about that and that once it's done, how I would then structure the binary file to contain the bytes to be digestible by the SHA 256 hash function that I'm hoping is possible with a build in windows tool.

Thanks.

Building the software from scratch requires a certain degree of technical competence. If you don't feel confident with that, I strongly recommend you to either use code that isn't yours and that you've read it, or study software engineering until you do feel confident enough.

First of all, I want to make it clear that I don't want you to trust me. I want you to verify me. The code isn't difficult to read. Most of it happens in Form1.cs. I make use of the NBitcoin and Bitcoin.Net libraries which are broadly used in other software too.

There are two ways to execute this program. One's to import the source code in Visual Studio 2019, and then have it compiled. The easier way is to download CoinFlippedSeed-v0.3.zip, make sure that the SHA-1 of the zip is 4DA93F3D72A9EB65282650E15D4E3C288A28FD71*, unzip the binaries and run CoinFlippedSeed.exe.

*You can try to skip the integrity verification part (that is the SHA-1 verification) for the moment, just to try out the software, but it's important to do it regularly on most of the software you install. It makes sure that the binaries aren't compromised. Do it if you're about to create a Bitcoin wallet with funds deposited.

Thanks but the idea here was for me to learn how to do as much as possible myself and to avoid putting trust in any particular software relating to building your own bitcoin wallet offline.  That said, can you give me a walk through on how I would do that step manually on windows?  TY

Hash bytes? Sure, but there are programs that let you make a seed yourself completely, not just for this part. That's one I've written: https://github.com/AngeloMetal/CoinFlippedSeed

The above program works on Windows.

Hi BlackHatCoiner,

Thanks for the tips.  When you stated "You need to convert your 128-bit string to bytes, and then hash that. It's just that most libraries do this conversion in the background, which brings some confusion" Do you have any suggestions on the best way to do this in an offline Widows machine?

Also, when you asked "Windows box? You mean Windows Forms in Visual Studio?" I simply meant a Windows PC.  Thanks.

You don't hash the hexadecimal, and that's why you don't need to convert the binaries to hexadecimal. Hash functions take input as bytes. You need to convert your 128-bit string to bytes, and then hash that. It's just that most libraries do this conversion in the background, which brings some confusion.

Note that a 16-side dice is likely to be more prone to return less random results than a 6-side dice, and even less than a 2-side coin. You should run a chi-squared test, to check this.

Windows box? You mean Windows Forms in Visual Studio?

Thanks all.  So if I'm getting this right and I wanted to simply create my own independent entropy for a BIP 39 12 word seed, I can do it by performing the following steps:

1)   Take 128 bit entropy (i.e. 11 randomly selected BIP 39 words and identifying their 11 bit codes + 7 random bits - or perhaps just 128 coin flips).
2)   Convert the binary 128 bit string to hexadecimal.
3)   Perform a SHA 256 hash of the hexadecimal.
4)   Convert this SHA 256 hex digest to a binary number and take the first 4 bits of this binary number output as the checksum.
5)   Append the checksum identified in step 4 to the entropy from step 1 and deconstruct the 132 bits into 12 groupings of 11 bits to get the BIP 39 12 word lists.

Alternatively I imagine I could simply roll a16 sided dice to get 32 unique hex values and skip steps 1 and 2 but would need to add a step between 4 and 5 above to convert the hex I rolled into binary to append the checksum.

That all said, can anyone here give me some insight with how I would perform steps 2 and 3 on a windows box (ideally offline)?

The correct checksum is 1001 and the last 11 bits are 11111001001.
I think you made a typo, because the last word is still "Weird" and your final result is correct.

The correct checksum is 0001, so the last word is 11111000001. The phrase is verify merit vapor prize quiz volume theme lucky young yellow life weird

Everything you did looks, ok except that you cannot use notepad to create the file being hashed because it stores a text version and not the binary itself. If you save a hex value instead of binary with notepad, you may be able to use "CertUtil -decodehex ..." to convert to binary for the sha256 calculation.

You can use this site to check your results: https://iancoleman.io/bip39/

As hosseinimr93 has pointed out, your checksum is incorrect. The correct final word should be "weird", not "west".

Ignoring the fact you calculated the checksum incorrectly, your understanding here is wrong. There is exactly one word ("weird") which will be a valid final word for the 128 bits of entropy you have selected. There will be other words you could replace "weird" with and still have a valid 12 word seed phrase, but given that the last word contains 7 bits of entropy as well as 4 bits of checksum, then if you choose one of these other words then you will have a different 128 bits of entropy. Further, if you choose one of these other valid words, there is no guarantee that the 4 digit checksum would be the same given you are changing the entropy.

For example, the entropy you have given above encodes this seed phrase:

This is also a valid seed phrase:

Weird encodes the following:  11111001001
Debris encodes the following: 00111000011
Checksums are in bold.

Two different valid words, but with different entropy and different checksums.

Your calculation is wrong.
You need to hash your entropy through SHA256 function as a hex input, not as a text.

First, you need to convert your entropy to a hexadecimal number.
The result is F2B173C5D5AAFFEBB80425FF5FE2057C.

The hex number need to be hashed through SHA256 function.
The result is 931258d717865a310cfc24a9161b21f4c0d02e0bb4cf12894516170a10e72339

If you convert the result to a binary number, the first 4 bits would be 1001