Pages:
Author

Topic: Is Iancoleman BIP39 Site Changed Domain from .io to .ch? (Read 589 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
and why we have to follow the standard even with non-standard we can still got the private key?
Because following the standard is the established, recognizable and proper manner to do something. There are nearly infinite non-standard ways you can generate a seed, or derive private keys in a deterministic process, but following a standard means you have someone to address a problem in case an issue emerges. Also, standard is being reviewed by people who potentially know more than you do, and are more eligible to define the correct process.
legendary
Activity: 2268
Merit: 18711
so in this case if checksum failed, is better i just kept the private key than that seed?
Neither. If the checksum failed, it is better that you abandon that seed phrase (and whatever method you used which generated an invalid seed phrase), and create a new valid one via a better method.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
yes that look bad and dangerous, i tried non-standard seed "nama saya sarah azhari" when i put it on iancoleman tool I got error: nama not in wordlist, did you mean name?, but when put that seed on electrum by check bip39 tab i got the address.
Even if you input any incorrect word and any numbers of words, it also generate the keys and addresses on electrum, but it said many times on this thread that seed phrase that is not up to 12 words should not be used, and also follow the seed phrase generated by default on a reputed wallet. If you are not an expert in the field, let wallet generate the seed phrase for you, or if you know how to use Iancoleman appropriately on an airgapped device.

so in this case if checksum failed, is better i just kept the private key than that seed?
and why we have to follow the standard even with non-standard we can still got the private key?
When the seed phrase is not secure, how would the private key be secure? Not secure. This has been pointed to before, why kind of repeating it to ask question.
hero member
Activity: 868
Merit: 737
I would never recommend using a non-standard seed phrase.
yes that look bad and dangerous, i tried non-standard seed "nama saya sarah azhari" when i put it on iancoleman tool I got error: nama not in wordlist, did you mean name?, but when put that seed on electrum by check bip39 tab i got the address.
so in this case if checksum failed, is better i just kept the private key than that seed?
and why we have to follow the standard even with non-standard we can still got the private key?
legendary
Activity: 2268
Merit: 18711
So if irrelevant, we can generate less than 24 word like 9, or 3 and still get those type address.
Perhaps I should have said irrelevant within the confines of BIP39, which specifies a seed phrase should be 12/15/18/21/24 words long.

Since the seed phrase is simply used as the input to 2048 rounds of HMAC-SHA512 (alongside a salt), you could use any length of seed phrase you want, with any words, in any language, with an invalid checksum or no checksum at all, and still generate a wallet and addresses. I definitely wouldn't recommend it though, and almost all wallets would refuse to recover from your non-standard seed phrase.

I also admit if i create random seed, (i mean i create without using iancoleman tool) the wallet still generate with correct address, but i still confused about meaning of failed checksum.
Most wallet software, if you insert a seed phrase which contains an invalid checksum, will simply refuse to proceed, as I've just mentioned. Electrum on the other hand does allow you proceed, albeit with the warning that your checksum is invalid. The same invalid seed phrase will always generate the same addresses when entered in to Electrum, however I would strongly suggest nobody deliberately uses a seed phrase with an invalid checksum.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Electrum allows you to import a seed phrase with less than 12 words. It would display a message saying checksum is failed, but it generates the wallet with correct addresses successfully.
Electrum even allows you to generate seed phrases including less than 12 words using console tab.
I was close to my mobile device (mobile Electrum) which was what I used to test it, it did not actually work. I used closed source wallet, Trustwallet (not recommended) to test it and it did not work. Normally, it supposed to work, but those wallets are designed for it not to work just for the safety of people.

Because of this (I mean your post), I checked it also on desktop electrum, but it worked, you are not wrong, but it did not work on mobile Electrum.

It depends on how the wallet is designed, and what we need most to keep in mind is not to use any seed phrase that is less than 12 words.
legendary
Activity: 2380
Merit: 5213
Is the wallet will generate different address in future when failed checksum? Or only warn us to carefull where nothing happen with that seed
It will be possible to generate the same addresses in the future. Electrum's source code is public and even if there's some changes in the next updates, it will be still possible to generate the same addresses.
For detecting errors, BIP39 seed phrases include a checksum and you should always use a seed phrase with correct checksum, because it's standard and it's accepted by other wallets as well. I would never recommend using a non-standard seed phrase.
hero member
Activity: 868
Merit: 737
But if the seed phrase is less than 12 words, likely it would be rejected on reputed wallets as they are designed in a way they can not accept less than 12 word seed phrase. I have tested it on some wallets, like electrum, if less than 12, it would be rejected.
Electrum allows you to import a seed phrase with less than 12 words. It would display a message saying checksum is failed, but it generates the wallet with correct addresses successfully.
Electrum even allows you to generate seed phrases including less than 12 words using console tab.
Yes i admit that after i check on bip39 on tab. I also admit if i create random seed, (i mean i create without using iancoleman tool) the wallet still generate with correct address, but i still confused about meaning of failed checksum. Is the wallet will generate different address in future when failed checksum? Or only warn us to carefull where nothing happen with that seed
legendary
Activity: 2380
Merit: 5213
But if the seed phrase is less than 12 words, likely it would be rejected on reputed wallets as they are designed in a way they can not accept less than 12 word seed phrase. I have tested it on some wallets, like electrum, if less than 12, it would be rejected.
Electrum allows you to import a seed phrase with less than 12 words. It would display a message saying checksum is failed, but it generates the wallet with correct addresses successfully.
Electrum even allows you to generate seed phrases including less than 12 words using console tab.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Know that less than 12 word seed phrases are not secure.

So if irrelevant, we can generate less than 24 word like 9, or 3 and still get those type address
Yes

but, if use only 3 word, can we able to recovery it using bip39 wallet when the wallet only able 12 and 24 word seed?. That look confusing for me, if I tried to generate only with 3 word, I must keep the private key save on other place.
Again, know that less than 12 word seed phrases are not secure.

If you use a reputed wallet, and the wallet is generating 12 word seed phrase by default, that does not mean you can not import 15, 18, 21 or 24 word seed phrase on the wallet. It would be successfully imported.

But if the seed phrase is less than 12 words, likely it would be rejected on reputed wallets as they are designed in a way they can not accept less than 12 word seed phrase. I have tested it on some wallets, like electrum, if less than 12, it would be rejected. Unless you use a tool like Iancolemane for it, but less than 12 words seed phrase is not secure, so why generating it.
hero member
Activity: 868
Merit: 737
I tried that all with one of 24 word mnemonic.
The length of the mnemonic phrase is irrelevant when considering the derivation path or address type.
So if irrelevant, we can generate less than 24 word like 9, or 3 and still get those type address. but, if use only 3 word, can we able to recovery it using bip39 wallet when the wallet only able 12 and 24 word seed?. That look confusing for me, if I tried to generate only with 3 word, I must keep the private key save on other place.
legendary
Activity: 2268
Merit: 18711
Because you mentioned the derivation path, I just curious about is difference BIP 32 and BIP 44, because when I look at the front address is both starts with 1 and also BIP 44 and BIP 141 both is start with 3.
BIP32 is the BIP which first described HD wallets and derivation paths. There is no standard BIP32 path, but most wallets which don't use BIP44/49/84 would use either m/0' or m/0'/0'.

BIPs 44/49/84 are the standard derivation paths which most wallets now use. These are m/44'/0'/0' for P2PKH addresses starting with 1, m/49'/0'/0' for P2SH addresses starting with 3, and m/84'/0'/0' for P2WPKH addresses starting with bc1q.

Iancoleman uses the BIP141 tab to allow creation of P2WSH and nested segwit addresses, at arbitrary derivation paths.

I tried that all with one of 24 word mnemonic.
The length of the mnemonic phrase is irrelevant when considering the derivation path or address type.

and, why there is no update about taproot bc1p?, where I can find BIP 341 derivation path in iancoleman tool?
He hasn't implemented it yet.
hero member
Activity: 868
Merit: 737
If done correctly nothing can go wrong and his tools can be very useful to get different derivation Paths and addresses.
Because you mentioned the derivation path, I just curious about is difference BIP 32 and BIP 44, because when I look at the front address is both starts with 1 and also BIP 44 and BIP 141 both is start with 3. I tried that all with one of 24 word mnemonic.

and, why there is no update about taproot bc1p?, where I can find BIP 341 derivation path in iancoleman tool?
legendary
Activity: 2212
Merit: 7064
Forget iancoleman, why do you need this website anyways? Oh, yes, to get private keys out of recovery seeds, but you don't need to do so this days, newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.
Forget closed source Trust wallet that is used mostly for shitcoins, and stop spreading misinformation to people that official Ian Coleman website is not safe to use.
Phishing websites with different domains mentioned in this topic have nothing to do with real Ian Coleman, and they should never be used.
Unlike Trust wallet, Ian Coleman code is fully open source, you can see what is happening behind the scenes, and you can verify everything.
If done correctly nothing can go wrong and his tools can be very useful to get different derivation Paths and addresses.
legendary
Activity: 2268
Merit: 18711
I can't even imagine typing my recovery seed into any so called safe platform of any kind
...
newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.
And how are you going to get your private keys from Trust wallet if you don't type your seed phrase in first, which you've just said you would never do? If I need to enter my seed phrase somewhere to derive my private keys, then 100% of the time I'm going to choose an open source and verifiable tool downloaded from GitHub and ran on an offline machine, such as Iancoleman, over a closed source and unverifiable tool downloaded from an app store, such as Trust wallet.

Iancoleman's site is perfectly legit and perfectly safe if used properly - downloaded, verified, and airgapped. The existence of a malicious version is not a reason not to use it, otherwise you shouldn't be using this forum, your browser, your OS, or pretty much any piece of software at all.
hero member
Activity: 868
Merit: 737
Forget iancoleman, why do you need this website anyways? Oh, yes, to get private keys out of recovery seeds, but you don't need to do so this days, newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.

STAY AWAY FROM IANCOLEMAN
Sure, stay away from phishing Iancoleman (.ch) site.
But for fun and to learn something you have to try this, that tool is very useful for beginner to learn how the seed work and how you create a wallet and address with only one mnemonic. I am sure this tool is as the start of a trust wallet. This tool makes developer think to create a wallet like trust wallet where with 1 seed can create multi-coin wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Forget iancoleman, why do you need this website anyways? Oh, yes, to get private keys out of recovery seeds, but you don't need to do so this days, newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.
You can try and read previous posts, you do not have to use a online site to do it, just use the html file using a text editor on an airgapped device. This has been repeated many times just on this thread.

Stay away from Trust wallet, please. For God's sake. It's not open-source, not secure, and neither private. It's one of the worst wallet software to use.
He mentioned multi coin wallets also, but almost all the multi coin wallets are close source too. Exodus, Atomic, Coinomi, Coinbase noncustodial and many others are all close source wallets too. Only some hardware wallets are open source which can be gone for if looking for an open source multi coin wallet.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I can't even imagine typing my recovery seed into any so called safe platform of any kind, as far as crypto wallet security is a concern you have to do everything offline
You can utilize Iancoleman's site offline.

newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.
Stay away from Trust wallet, please. For God's sake. It's not open-source, not secure, and neither private. It's one of the worst wallet software to use.
sr. member
Activity: 952
Merit: 275
I can't even imagine typing my recovery seed into any so called safe platform of any kind, as far as crypto wallet security is a concern you have to do everything offline, offline only is the way to keep your wallet safe, I made sure that the current wallet I am using will never be imported into any online platform.

Forget iancoleman, why do you need this website anyways? Oh, yes, to get private keys out of recovery seeds, but you don't need to do so this days, newest updates from Trust wallet and other multi coins wallet have given users access to private keys per wallet addresses you created.

STAY AWAY FROM IANCOLEMAN
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Since it POSTs the seed to the attacker's server, you can DoS the server by automatically generating thousands of seeds per second on a fast connection. Just make sure that you use something like Selenium to press the generate button, then clicks on the text box with the seed, and then back to the button again - that should be sure to trigger the attacking code.

Even if it does not take down the website, it will leave the attacker with gigabytes of garbage seed phrases to sift through and might crash whatever database is storing them all, or at least slows it to a crawl. The attacking script is written in PHP after all.
Pages:
Jump to: