Topic: Seed phrases or backup files (Read 156 times)

ELI5, those 12 words act as generator.


Backup/wallet file already contains generated data (such as private key, address and transaction history) and user data (such as label for address or transaction).


Both are proper and it's better if you have both of them, however
1. Backup/wallet file is more useful if you want to backup user data (such as label for address or transaction).
2. If you only have backup/wallet file, you need to remember hte password used to encrypt the file.
3. While it's easier to restore using seed phrase, you need to make sure it's stored securely.

Using address derivation.

As others have explained above, the 12 words encode a number of bits, which are then ran through the PBKDF2 function which "stretches" the bits to be 256 bits long and this result is called a master private key.

From this key, you can generate arbitrary numbers of what we call "child" private keys using some elaborate elliptic curve cryptography defined in BIP38.

From these private keys it's possible to derive their associated addresses.


A wallet file usually contains all the private keys and addresses written verbatim so they don't have to be computed again.

You can use the seed phrase for wallet keys and addresses recovery as BlackHatCoiner explained, that is how HD (hierarchical deterministic) wallets work. The seed phrase generate a seed. From the seed, a master private key is generated which will lead to generation of child keys. The child keys are numerous and each has its own bitcoin address. To understand more about this, you can use mastering bitcoin 'wallet', 'keys and addresses' for it.

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04.asciidoc
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc


Backup file contains information to recover your wallet too, it will even be in a way your wallet name will be recovered along, but if you have password enabled, you will need to input the password during the recovery process. About seed phrase backup, offline backup is also best for safety, once the seed phrase is imported into the wallet on the new device too, it will recover back all the keys and addresses, and synchronized with the blockchain to get back your coins.

Yes, you are right, 12 words seed phrase has 128 entropy. But the longer the entropy with the addition of 32 bits, and also with the addition of 1 more checksum, the longer the words that will be generated

CS = ENT / 32
MS = (ENT + CS) / 11

|  ENT  | CS | ENT+CS |  MS  |
+---------+----+---------------+--------+
|   128   |  4 |      132     |  12  |
|   160   |  5 |      165     |  15  |
|   192   |  6 |      198     |  18  |
|   224   |  7 |      231     |  21  |
|   256   |  8 |      264     |  24  |

ENT= Entropy
CS= Checksum
MS= Mnemonic sentence in words

It doesn't. A seed phrase is used to generate a BIP32 seed which can then be used to generate the private keys for the addresses that you need. As mentioned, it is one of the variables when generating your addresses and keeping it constant allows the same addresses to be generated again, provided that the way that you're generating it remains the same.

Seed phrase cannot serve as a backup to anything else other than the addresses generated using the seed phrase. Some things that are not covered by this includes your address labels, transaction descriptions, LN channels, etc. If you send funds to and from your addresses and everything else is unimportant, you can choose to only backup your seed phrases using a piece of paper or any other physical backup methods (metal etching). If the labels and other miscellaneous stuff is also important, you can choose to keep another encrypted backup of the wallet file. The wallet file is prone to mechanical failure due to the fact that it's stored on an electronic medium unlike the seed phrase which is usually stored on a physical medium.

It depends on the wallet.
There are wallets that don't show the seed and don't allow recovery by seed.
Also seed works for HD wallets (Hierarchical Deterministic Wallets). Really old wallets didn't "know" this.

So in some cases making backup of the wallet file is the only way.

If the wallet is new, in most cases the 12 or 24 words seed is almost enough.
In theory you should also know the derivation path, that tells some more details, since based on the seed there can be made a lot of addresses in a lot of ways.
If you don't do anything unusual with the wallet (like for example creation of wallet #2, or #3 at Ledger, or 2FA at Electrum), this should simply mean that you have to know the first letter of your address.

Keep in mind that if you know what addresses hold money, saving their private keys is also an option.
Also, a simple way to know if you are keeping the right seed and info is to try to re-create the wallet yourself.

If you want less-generic information, best it to also tell what wallet you plan to use  

These twelve words represent a 128-bit entropy in which you derive every other address. Let me explain that to you. Every wallet software, that provides you a mnemonic, follows a standard and most of them follow the BIP39 standard [Try it!]. By generating a random entropy you can simply change some values in the derivation path, and you'll get a different address each time, but with the same entropy.

Thus, if we just keep the entropy we can derive nearly unlimited addresses without having to store their private key every single time. The private keys are derived through the derivation path (and some cryptographic functions) which makes the entire procedure easier for the user. Before that implementation, it was too tedious to write down your private keys when you wanted to have a new address. By knowing that you can derive as many addresses as you want, you're pulling through a lot of time and you also improve your privacy.

But how can you do that with 12 words? As I said before, an entropy is 128 bits. By extending it with its checksum we end up with 132 bits. A perfect number to divide with 12, which leaves us with 12 pairs of 11 bits. So if we found a way to represent every possible combination of these 11 bits to words, we'd have what we want.

All the possible combinations of 11 bits are 2¹¹ = 2048. Here's the 2048 words list: english.txt

Both of them are proper, because both of them recover your coins. The backup contains the mnemonic (or the master private key).

Hello I am new to this technology, so i find sth interesting about Backup files and Seed phrases, and i'm not sure how good i thought it,
Is it true that with only 12 seed phrases you can recover your private key and other data about wallet in a new device, it's cool, but how technically 12 word save a lot of information?  if so, what is the difference between backup file and seed ? which one is proper ?