Parman - Activate OP_GFY now!! on Nostr: Parman's Bitcoin Wallet fun facts, please enjoy... When you make a BIP39 wallet with ...
Parman's Bitcoin Wallet fun facts, please enjoy...
When you make a BIP39 wallet with no passphrase, the text "mnemonic" is used in the code under the hood.
If you do have a passphrase, eg HFSP, then under the hood it becomes "mnemonicHFSP".
That combined with the seed phrase (however long) goes through 2048 rounds of a HMAC function with SHA-512 at it's code - not SHA256!
So the resulting output, called the seed, is a 512 bit (not 256!) binary number (or expressed as 64 bytes, or 128 hex characters) - it's not a cryptographic key! Just a big number called a seed - ie the entropy that goes into making the key.
Of note, the seed/passphrase text is converted to numbers first and held as bytes, but how is it converted? It doesn't go back to the BIP 39 word list numbers which is what many people would think and what I initially thought. In fact the text is converted to ASCII, which is a completely different way to map text to numbers.
So when you roll dice or toss a coin, you produce numbers which map in the BIP39 protocol to words first, but then those words are mapped to numbers again, but using ASCII, so totally different numbers. Why, IDK.
Anyway so going through this elaborate process might seem completely useless, why not just start with the 512 bit number/seed? Short answer is that it's harder to write down than words. It's much easier to write down text, leaving the hard stuff to the coders to do in the background.
Also interesting is that although there are protocol words used to produce the 512-bit seed, technically you can use any text you want to put into the HMAC function and produce a 512-bit seed. You still get a resulting wallet and the Bitcoin protocol will not know anything about whether your wallet is to BIP39 protocol or not (BIP 39 has nothing to do with the Bitcoin consensus rules, it's something external, for wallet generation and compatibility between hardware in software). The problem occurs when you try to input this invalid seed into a BIP39 compliant hardware wallet or software wallet.
But if you write your own code, you can do whatever you want and live dangerously. You can take BIP39 non-compliant words and convert them to a BIP32 (HD wallet pritocol) 512-bit seed and from there perform the necessary cryptography to produce a wallet. But when you fuck up and lose your bitcoin, the rest of humanity will thank you for your loss.
More interesting things... The hierarchical deterministic wallet BIP is number 32 and existed before BIP 39 which included words. When making a HD wallet before BIP 39, it was possible to use a 128-bit seed or 256-bit seed or 512-bit seed.
The BIP39 protocol took the longest option, 512.
The way I am describing all this might sound like I was around at the time, but no, I'm just interpreting things from reading the protocol, an interested latecomer, trying to build ParmaWallet.
When you make a BIP39 wallet with no passphrase, the text "mnemonic" is used in the code under the hood.
If you do have a passphrase, eg HFSP, then under the hood it becomes "mnemonicHFSP".
That combined with the seed phrase (however long) goes through 2048 rounds of a HMAC function with SHA-512 at it's code - not SHA256!
So the resulting output, called the seed, is a 512 bit (not 256!) binary number (or expressed as 64 bytes, or 128 hex characters) - it's not a cryptographic key! Just a big number called a seed - ie the entropy that goes into making the key.
Of note, the seed/passphrase text is converted to numbers first and held as bytes, but how is it converted? It doesn't go back to the BIP 39 word list numbers which is what many people would think and what I initially thought. In fact the text is converted to ASCII, which is a completely different way to map text to numbers.
So when you roll dice or toss a coin, you produce numbers which map in the BIP39 protocol to words first, but then those words are mapped to numbers again, but using ASCII, so totally different numbers. Why, IDK.
Anyway so going through this elaborate process might seem completely useless, why not just start with the 512 bit number/seed? Short answer is that it's harder to write down than words. It's much easier to write down text, leaving the hard stuff to the coders to do in the background.
Also interesting is that although there are protocol words used to produce the 512-bit seed, technically you can use any text you want to put into the HMAC function and produce a 512-bit seed. You still get a resulting wallet and the Bitcoin protocol will not know anything about whether your wallet is to BIP39 protocol or not (BIP 39 has nothing to do with the Bitcoin consensus rules, it's something external, for wallet generation and compatibility between hardware in software). The problem occurs when you try to input this invalid seed into a BIP39 compliant hardware wallet or software wallet.
But if you write your own code, you can do whatever you want and live dangerously. You can take BIP39 non-compliant words and convert them to a BIP32 (HD wallet pritocol) 512-bit seed and from there perform the necessary cryptography to produce a wallet. But when you fuck up and lose your bitcoin, the rest of humanity will thank you for your loss.
More interesting things... The hierarchical deterministic wallet BIP is number 32 and existed before BIP 39 which included words. When making a HD wallet before BIP 39, it was possible to use a 128-bit seed or 256-bit seed or 512-bit seed.
The BIP39 protocol took the longest option, 512.
The way I am describing all this might sound like I was around at the time, but no, I'm just interpreting things from reading the protocol, an interested latecomer, trying to build ParmaWallet.