Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Technical Discussion => Topic started by: examplens on February 05, 2025, 02:05:18 PM
-
For a long time now, I have been using exclusively a hardware wallet. When I first set up a hardware wallet, I always automatically generated a seed, made a backup on paper and that was it.
Now I need to create a new hardware + Electrum wallet, so I'm interested in what is the best practice for generating BIP39 Mnemonic. I know there are various tools, online and offline, but how reliable are they?
-
For a long time now, I have been using exclusively a hardware wallet. When I first set up a hardware wallet, I always automatically generated a seed, made a backup on paper and that was it.
Now I need to create a new hardware + Electrum wallet, so I'm interested in what is the best practice for generating BIP39 Mnemonic. I know there are various tools, online and offline, but how reliable are they?
When you create a new wallet on Electrum combined with a hardware wallet (keystore -> use a hardware device), you will not find the option to generate a BIP39 Mnemonic.
As far as I know, the generate seed phrase process (including when recovering the seed phrase on a hardware wallet) can only use the default software from the hardware wallet.
The following is an example of the recovery process on the Trezor suite (and a process like this you will not find in Electrum):
(https://i.imgur.com/JlNohQq.png)
-
Now I need to create a new hardware + Electrum wallet, so I'm interested in what is the best practice for generating BIP39 Mnemonic. I know there are various tools, online and offline, but how reliable are they?
What exactly do you mean by new hardware + Electrum wallet?
1. You only use hardware wallet to store your coin, where Electrum only used to "bridge" between you and hardware wallet?
2. You want to store your coin on both hardware wallet and Electrum wallet?
While i don't know your criteria of best practice, both Electrum and good hardware wallet use secure RNG when generating recovery words.
-
What exactly do you mean by new hardware + Electrum wallet?
1. You only use hardware wallet to store your coin, where Electrum only used to "bridge" between you and hardware wallet?
2. You want to store your coin on both hardware wallet and Electrum wallet?
While i don't know your criteria of best practice, both Electrum and good hardware wallet use secure RNG when generating recovery words.
This is the initial setup of the new wallet (https://satochip.io/product/satochip/), which does not have its software, It is in the form of a credit card. (I initialized it with Sparrow wallet)
At the first start, Electrum asked for a BIP39 Mnemonic, which only made me think what is the safest way to generate a new seed. I briefly looked for solutions, but with each one, there was always that sceptical "but" somewhere.
(https://talkimg.com/images/2025/02/06/eYFjj.png)
As I said, I mostly use Trezor for my needs, Electrum or any other wallet mostly just for various tests.
-
What exactly do you mean by new hardware + Electrum wallet?
1. You only use hardware wallet to store your coin, where Electrum only used to "bridge" between you and hardware wallet?
2. You want to store your coin on both hardware wallet and Electrum wallet?
While i don't know your criteria of best practice, both Electrum and good hardware wallet use secure RNG when generating recovery words.
This is the initial setup of the new wallet (https://satochip.io/product/satochip/), which does not have its software, It is in the form of a credit card. (I initialized it with Sparrow wallet)
At the first start, Electrum asked for a BIP39 Mnemonic, which only made me think what is the safest way to generate a new seed. I briefly looked for solutions, but with each one, there was always that sceptical "but" somewhere.
(https://talkimg.com/images/2025/02/06/eYFjj.png)
As I said, I mostly use Trezor for my needs, Electrum or any other wallet mostly just for various tests.
You think their software[1] or Sparrow Wallet[2] isn't secure enough to generate BIP39 words? I expect both of them use OS CSPRNG though. If so, how about download https://iancoleman.io/bip39/ (https://iancoleman.io/bip39/), run it offline and enter entropy you create by yourself (e.g. using dice or coin)?
[1] https://satochip.io/satochip-utils/ (https://satochip.io/satochip-utils/)
[2] https://satochip.io/satochip-sparrow-wallet/ (https://satochip.io/satochip-sparrow-wallet/)
-
You think their software[1] or Sparrow Wallet[2] isn't secure enough to generate BIP39 words? I expect both of them use OS CSPRNG though. If so, how about download https://iancoleman.io/bip39/ (https://iancoleman.io/bip39/), run it offline and enter entropy you create by yourself (e.g. using dice or coin)?
Yes, I saw iancoleman.io, but I found somewhere that it might not be the most reliable method (although I know that may not be true). That is why I started this discussion, there is not much information about such an important matter.
-
You think their software[1] or Sparrow Wallet[2] isn't secure enough to generate BIP39 words? I expect both of them use OS CSPRNG though. If so, how about download https://iancoleman.io/bip39/ (https://iancoleman.io/bip39/), run it offline and enter entropy you create by yourself (e.g. using dice or coin)?
Yes, I saw iancoleman.io, but I found somewhere that it might not be the most reliable method (although I know that may not be true). That is why I started this discussion, there is not much information about such an important matter.
Do you remember the reason other people says it's not most reliable method? AFAIK there are 2 common reason,
1. RNG on browser is less secure/random. It doesn't apply when you enter entropy manually.
2. You may accidentally run it online. It can be avoided if you download the page and run it on airgapped/offline device.
-
What exactly do you mean by new hardware + Electrum wallet?
1. You only use hardware wallet to store your coin, where Electrum only used to "bridge" between you and hardware wallet?
2. You want to store your coin on both hardware wallet and Electrum wallet?
While i don't know your criteria of best practice, both Electrum and good hardware wallet use secure RNG when generating recovery words.
This is the initial setup of the new wallet (https://satochip.io/product/satochip/), which does not have its software, It is in the form of a credit card. (I initialized it with Sparrow wallet)
At the first start, Electrum asked for a BIP39 Mnemonic, which only made me think what is the safest way to generate a new seed. I briefly looked for solutions, but with each one, there was always that sceptical "but" somewhere.
(https://talkimg.com/images/2025/02/06/eYFjj.png)
As I said, I mostly use Trezor for my needs, Electrum or any other wallet mostly just for various tests.
Most hardware wallets usually include default software for generating the hardware wallet's seed phrase process. Even if wallets such as Satochip or other hardware wallet do not provide default software, they must recommend which software is safe and compatible with their products, such as Satochip (https://satochip.io/software/ (https://satochip.io/software/)).
As ABCbits mentioned, you can use an alternative tool (offline) from iancoleman.
(https://github.com/iancoleman/bip39/releases (https://github.com/iancoleman/bip39/releases)).
You can also use /dev/urandom to get Hex characters*.
32 hex digits = 16 bytes (12 BIP39 words);
hexdump -vn16 -e'4/4 "%08X" 1 "\n"' /dev/urandom
64 hex digits = 32 bytes (24 BIP39 words);
hexdump -vn32 -e'4/4 "%08X" 1 "\n"' /dev/urandom
* (https://stackoverflow.com/a/34329057 (https://stackoverflow.com/a/34329057)).
Example:
(https://i.imgur.com/u8yyvQA.png)
Then, use the entropy to get the BIP39 Mnemonic at iancoleman's Tool.
(https://i.imgur.com/7z5F7o1.png)
-
For a long time now, I have been using exclusively a hardware wallet. When I first set up a hardware wallet, I always automatically generated a seed, made a backup on paper and that was it.
Now I need to create a new hardware + Electrum wallet, so I'm interested in what is the best practice for generating BIP39 Mnemonic. I know there are various tools, online and offline, but how reliable are they?
As far as I know, the seed will be generated by your hardware wallet.
Electrum shouldn't have any participate in it. All security from the hardware wallet comes from the fact that the keys are generated inside the device and never leave the device.
-
-snip-
As far as I know, the seed will be generated by your hardware wallet.
Electrum shouldn't have any participate in it. All security from the hardware wallet comes from the fact that the keys are generated inside the device and never leave the device.
As far as I know, too.
Even if Satochip (it does not have default software) is connected to Electrum or another compatible wallet, the seed phrase generated is from the hardware wallet itself, not Electrum's standard seed phrase.
The private key is stored in the hardware wallet. In this case, the private key on Satochip is stored in the EAL6+ secure element.
-
-snip-
As far as I know, the seed will be generated by your hardware wallet.
Electrum shouldn't have any participate in it. All security from the hardware wallet comes from the fact that the keys are generated inside the device and never leave the device.
As far as I know, too.
Even if Satochip (it does not have default software) is connected to Electrum or another compatible wallet, the seed phrase generated is from the hardware wallet itself, not Electrum's standard seed phrase.
The private key is stored in the hardware wallet. In this case, the private key on Satochip is stored in the EAL6+ secure element.
But OP already mention Satochip doesn't generate it's own seed phrase/recovery words, which is very unusual. And as i stated earlier, Satochip actually have it's own software called Satochip utils.
-
But OP already mention Satochip doesn't generate it's own seed phrase/recovery words, which is very unusual. And as i stated earlier, Satochip actually have it's own software called Satochip utils.
Although using Electrum Satochip Client?
I see here: https://satochip.io/setup-use-satochip-with-electrum-bitcoin/ (https://satochip.io/setup-use-satochip-with-electrum-bitcoin/). In the 'Setup your seed phrase' section, it states, 'Insert your existing seed phrase or generate a brand new one.' It is the process after using the 'Use a hardware device' option and 'Setup your PIN code'.
Therefore, generating new phrase seeds should be available when using a Satochip on the Electrum Satochip client (https://github.com/Toporin/electrum-satochip/releases (https://github.com/Toporin/electrum-satochip/releases)). It would be a bit strange if the option did not exist.
While in Electrum Standard, as far as I know, there is no generate seed phrase option when choosing a hardware device option.
-
But OP already mention Satochip doesn't generate it's own seed phrase/recovery words, which is very unusual. And as i stated earlier, Satochip actually have it's own software called Satochip utils.
Now that you mentioned Satochip utils, it is interesting that that software is not on their official download page. At least I couldn't find a link to the page, only through a search engine. https://satochip.io/satochip-utils/
Yes, there seems to be everything needed to set up a wallet.
(https://talkimg.com/images/2025/02/15/qSEFJ.png)
While in Electrum Standard, as far as I know, there is no generate seed phrase option when choosing a hardware device option.
You're right. Electrum did not offer the option of seed generation for Satochip in this case. That's why I became interested in the topic of safe options for generating seed phrases.
-
But OP already mention Satochip doesn't generate it's own seed phrase/recovery words, which is very unusual. And as i stated earlier, Satochip actually have it's own software called Satochip utils.
Now that you mentioned Satochip utils, it is interesting that that software is not on their official download page. At least I couldn't find a link to the page, only through a search engine. https://satochip.io/satochip-utils/
-snip-
ABCbits has mentioned about Satochip Utils link above:
You think their software[1] -snip-
[1] https://satochip.io/satochip-utils/ (https://satochip.io/satochip-utils/)
-snip-
While in Electrum Standard, as far as I know, there is no generate seed phrase option when choosing a hardware device option.
You're right. Electrum did not offer the option of seed generation for Satochip in this case. That's why I became interested in the topic of safe options for generating seed phrases.
Do you use the standard Electrum (https://www.electrum.org/#download (https://www.electrum.org/#download)) or the Electrum Satochip Client (https://github.com/Toporin/electrum-satochip/releases (https://github.com/Toporin/electrum-satochip/releases))?
If you use the Electrum Satochip Client, the new generate seed phrase option should be available when you connect it with the Satochip Wallet Hardware.
https://satochip.medium.com/electrum-bitcoin-client-set-up-a-hardware-wallet-in-10-easy-steps-99d932817d9e (https://satochip.medium.com/electrum-bitcoin-client-set-up-a-hardware-wallet-in-10-easy-steps-99d932817d9e)
(https://miro.medium.com/v2/resize:fit:640/format:webp/0*6gH7ZVJhWeC_y2Q2.png).
If you use a standard Electrum, as far as I know, the Electrum does not generate a BIP39 seed phrase.
-
If you use a standard Electrum, as far as I know, the Electrum does not generate a BIP39 seed phrase.
The standard version of Electrum Wallet does not support Satochip. Even after basic setup, the current 4.5.8 version does not recognize Satochip hardware.
I used Electrum 4.5.4.0.12, which contains the Satochip plugin. https://satochip.io/setup-use-satochip-with-electrum-bitcoin/
-
If you use a standard Electrum, as far as I know, the Electrum does not generate a BIP39 seed phrase.
The standard version of Electrum Wallet does not support Satochip. Even after basic setup, the current 4.5.8 version does not recognize Satochip hardware.
I used Electrum 4.5.4.0.12, which contains the Satochip plugin. https://satochip.io/setup-use-satochip-with-electrum-bitcoin/
You are right; I tried to look at https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES (https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES), but I did not find Satochip on the Hardware Wallet list that Electrum has supported.
Some hardware wallets that Electrum has supported include:
Trezor One, Btchip (Ledger), Keepkey, Ledger Nano S, Digital Bitbox, Trezor T, Coldcard, Archos Safe-T Mini, Bitbox02, Ledger Nano S Plus, Jade, Trezor Safe 5, Ledger Flex.
Is the new generate seed process not found in your Electrum Satochip Client as in the following screenshot?
(https://miro.medium.com/v2/resize:fit:640/format:webp/0*6gH7ZVJhWeC_y2Q2.png)
https://satochip.medium.com/electrum-bitcoin-client-set-up-a-hardware-wallet-in-10-easy-steps-99d932817d9e (https://satochip.medium.com/electrum-bitcoin-client-set-up-a-hardware-wallet-in-10-easy-steps-99d932817d9e)
-
I still use the mnemonic generated by my Trezor model T to this day. You can ensure randomness by generating your mnemonic yourself using data, like flipping a coin, but for me, devices with good entropy sources and open source code are enough...
We can add more entropy by extending the wallet with a passphrase BIP39, which is the ideal level of security.
-
I still use the mnemonic generated by my Trezor model T to this day. You can ensure randomness by generating your mnemonic yourself using data, like flipping a coin, but for me, devices with good entropy sources and open source code are enough...
The risk of generating entropy by yourself is where will you store that seed.
When you generate the seed in the coin and note down on paper, all is fine. But when you write that seed in your computer and generate the wallet, the risk begins.
Using a hardware wallet is much safer, because the seed never leaves the device, which is totally unhackable (at least until today nobody was able to hack it)
-
The risk of generating entropy by yourself is where will you store that seed.
When you generate the seed in the coin and note down on paper, all is fine. But when you write that seed in your computer and generate the wallet, the risk begins.
Using a hardware wallet is much safer, because the seed never leaves the device, which is totally unhackable (at least until today nobody was able to hack it)
Yes, if someone owns a hardware wallet but stores it electronically and without an air-gapped environment, they have defeated the main purpose of using such a device.
The recovery phrase should always be written down offline and kept securely.