Seed Phrase Deep Dive — BIP 39, Entropy, and Why 24 Words Matter

Seed Phrase Deep Dive

Those 12 or 24 words that generate your Bitcoin wallet aren't random English words — they're a precise encoding of cryptographic entropy defined by BIP 39. Understanding how they work helps you understand what you're protecting.

BIP 39 — The Standard

BIP 39 (Bitcoin Improvement Proposal 39) defines how mnemonic seed phrases are generated and used:

Step 1: Generate Entropy

The wallet generates random data (entropy):

• 128 bits of entropy = 12-word seed phrase
• 256 bits of entropy = 24-word seed phrase

Step 2: Add Checksum

A SHA-256 hash of the entropy is computed, and the first few bits are appended as a checksum:

• 128-bit entropy + 4-bit checksum = 132 bits
• 256-bit entropy + 8-bit checksum = 264 bits

Step 3: Map to Words

The bit string is divided into 11-bit chunks. Each 11-bit value (0-2047) maps to one of the 2,048 words in the BIP 39 wordlist. This is why 132 / 11 = 12 words and 264 / 11 = 24 words.

Step 4: Derive the Seed

The mnemonic phrase (plus optional passphrase) is fed into PBKDF2-HMAC-SHA512 with 2,048 iterations, producing a 512-bit seed. This seed is then used to derive all your keys via BIP 32 (hierarchical deterministic wallets).

How Strong is 24 Words?

256 bits of entropy means there are 2^256 possible seed phrases. That's approximately 1.16 x 10^77 — more than the estimated number of atoms in the observable universe (10^80). Brute-forcing a 24-word seed is physically impossible with all the computing power that will ever exist.

What About 12 Words?

128 bits of entropy gives 2^128 possibilities ≈ 3.4 x 10^38. Still astronomically secure — no computer can brute-force this. But 24 words provides a much wider margin against future advances (quantum computing, for example).

The Wordlist

The BIP 39 English wordlist was carefully chosen:

• 2,048 words total
• Each word is uniquely identified by its first 4 letters (no ambiguity)
• Similar-sounding words are avoided
• Words are sorted alphabetically
• Wordlists exist in multiple languages (Spanish, Japanese, Chinese, etc.)

Common Seed Phrase Mistakes

• Storing digitally: Screenshots, cloud notes, email drafts — all compromised if your device/account is hacked
• Partial backups: Writing only the first 12 of 24 words. The remaining 12 are NOT the checksum — they contain half the entropy
• Word order: The order matters. Shuffling the words creates a different (invalid) seed
• Using a brain wallet: Choosing your own words instead of random generation. Human-chosen entropy is catastrophically weak

Advanced: Generating Your Own Entropy

For maximum paranoia, you can generate entropy yourself using dice rolls (BIP 39 dice method). Roll a casino-grade die 100 times for 256 bits of entropy. The Coldcard and SeedSigner both support dice-roll entropy input. This eliminates trust in any random number generator.

Your seed phrase is a 256-bit number wearing a human-readable disguise. Treat it like what it is: the master key to your financial sovereignty. If it's compromised, everything derived from it is compromised.

Seed phrase best practices and backup guides at our learning center.