What makes a vaild wallet passphrase?

Good evening everybody… I just played around with the thought of creating a wallet by importing one with some random words from the list, but yoroi keeps telling me to enter a valid passphrase… what am I missing?

Are there certain combinations of words that are deemed not random enough and thus no allowed, or, am I only allowed to import wallets that actually exists on chain?

The seed phrases contain a checksum in the last word.

Arbitrary combinations are possible for the first 11, 14, or 23 words, but for the last word you then only have 128, 64, or 8 possibilities that make a correct checksum.

These get less, because for longer seed phrases the checksum gets longer and less of the bits in the last word are freely chosen.

Since the 2048 words on the list can encode 11 bits – 2^11=2048. 12 words encode 132 bits in total, 15 words 165 bits, and 24 words 264 bits.

For 12 words the secret entropy is 128 bits, the checksum 4 biits, so 7 of the 11 bits of the last word are still freely chosen, which means 2^7=128 possibilities.

For 15 words, secret entropy is 160 bits, checksum 5 bits, 6 bits of the last word freely chosen, 2^6=64 possibilities.

For 24 words, secret entropy is 256 bits, checksum 8 bits, 3 bits of the last word freely chosen, 2^3=8 possibilities.

The details of the algorithm are in: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

To show you which seed phrases for a beginning chosen by your exactly are these possibilities, you need some tool that implements this.

Or you randomly choose not words, but directly the secret entropy and convert that back to a seed phrase, but you’d also need an inplementation of BIP-39 for that.


Good explanation HeptaSean! :slight_smile:

Yes indeed!

For more info

  • Due to Cardano’s recovery phrase generation method according to BIP039 standard.
  • The value of the secret words converted to binary is from 128-256 bits. In your case, the words were entered incorrectly due to the binary conversion value if complete the whole secret phrase will not correct its default value.

For example,
a correct 12-word phrase has the value 00000000000…10101010000 = 132 bits
your case: 00000000001…10101010000 = 133 bits

note: 00000000000 = 0 in decimal value
00000000001 = 1 in decimal value

No, the number of encoded bits does not change just because there is a wrong word in the seed phrase. A wrong 12-word seed phrase encodes 132 bits just as a correct one does.

The seed phrase encodes a few bits more than are needed for the desired length of entropy (and again always the same whether it’s a correct or an erroneous seed phrase). Those extra bits are a checksum which matches for a correct seed phrase and does not match for an erroneous one.

Thank for your reply,

I just explain why Yoroi notices “valid” when a user inputs the wrong word. The reason is the value by binary doesn’t equal 132 bits.

According to my understanding.
In the case of 128-bit entropy, the 4 checksum digits make the sequence unique, and the last 11 binary digits make the last word unique.
It means, when a user tries to input a wrong word that makes the value of the sequence in binary doesn’t equal 132 bits.

And I’m telling you that is not how it works. The length in bits doesn’t differ between valid and invalid seed phrases at all.

1 Like

Thank you for explaining,

I will research BIP0039 document.

Great discussion :+1: