Inherit, back up and recover your digital assets. Download the Vault12 app today.

Building blocks with seed words on them
Basics of Crypto Security

What are BIP39, BIP32, and BIP44?

Explaining BIP39, the standard that defines how seed phrases are made, and summarizing how BIP32 and BIP44 standards allow wallets to supercharge seed phrases to support many more keys.


Articles about cryptocurrency wallets are sprinkled with references to a mysterious-sounding "BIP39." Once you learn a little about it, you see that BIP39 is not mysterious at all - in fact, its very purpose is to make encryption keys less mysterious for us humans to work with.

TL;DR

BIP39 is a common and useful standard in crypto wallets.

BIP39 defines how wallets create seed phrases and generate encryption keys.

It is critically important that the numbers selected to create the BIP39 seed phrase be random!

A BIP39 seed phrase created with appropriate randomness can not be guessed through brute force, because there are simply too many permutations.

A BIP39 passphrase adds a moderate amount of additive protection in case your BIP39 seed phrase is stolen or otherwise accidentally exposed - but because it also adds some risk, it is for experienced users.

BIP32 and BIP44 are related standards that have paved the way to other wallet features that make it more convenient for users to manage crypto assets.

In a nutshell, what is "BIP39?"

BIP39 is a design implementation that defines how cryptocurrency wallets produce the set of words (or "mnemonic codes") that make up a mnemonic sentence, and how the wallet turns them into a binary "seed" that is used to create the encryption keys that are used to execute cryptocurrency transactions.

In establishing guidelines for how wallets do this, BIP39 simplifies cryptocurrency for us. (Imagine how complicated it would be if every wallet had its own way of doing things.)

It is not necessary to understand all of the details of BIP39 in order to use cryptocurrency - but you would benefit from knowing a few things.

Why should you know about BIP39?

BIP39 is a great conversation starter at cocktail parties! Well, maybe not, but if you want to buy some cryptocurrency, and have decided to establish your own cryptocurrency wallet, it becomes relevant whether your choice of wallet supports BIP39. Because BIP39 is supported by so many wallet manufacturers, if you use a wallet that implements BIP39, and in the future, you decide to migrate your keys to a different wallet, you can re-create your crypto holdings in your new BIP39-supporting wallet by feeding it your original BIP39 mnemonic sentence. As a result, not only does BIP39 satisfy its original intent to simplify wallet and key management, it also opens the door to simpler wallet migration. Although it is a "Proposal," in practice, BIP39 is a de facto standard that has greatly evolved the cryptocurrency industry.

Why is it called "BIP39?"

BIP39 is one of a set of technical design documents introduced by the cryptocurrency developer community since Bitcoin's inception. As you might guess from its name, it was the 39th Bitcoin Improvement Proposal (BIP). It has a longer and slightly-catchier formal title: "Mnemonic code for generating deterministic keys," but that gets a bit cumbersome to say, so you can think of "BIP39" as its nickname. BIP39 has turned out to be one of the most widely-used BIPs, and it is now implemented by many wallet manufacturers, and used for more cryptocurrencies than just Bitcoin.

What Is a BIP39 mnemonic sentence / seed phrase?

A BIP39 mnemonic sentence is a set of words (most commonly 12 or 24) that humans can interact with more successfully than we do characters that are not words. BIP39's purpose in introducing the use of mnemonic words is to reduce the errors that often occur when we type, speak, or otherwise communicate long strings of unfamiliar characters. The wallet handles the heavy lifting of converting the mnemonic words through complex hashing, salting, and checksum operations into a binary "seed," which is then used to generate the all-important private and public encryption keys.

It is very important that mnenomic sentences are generated from randomly-selected numbers! These numbers can be generated in a variety of ways, which are described in other articles, like "What is an RNG," and Seed Phrase Generation Articles.

What is a BIP39 Passphrase?

BIP39 defines an option for users to add a passphrase as well as having a seed phrase.

Some cryptocurrency wallets by default disable the use of the optional passphrase because although it can add some security, it also adds complexity. If you set a passphrase, your backup strategy has just gotten more complicated: you now have two important pieces of information - your mnemonic sentence and your passphrase - which are critical to securely store. This additional complexity increases the risk of misplacing the passphrase, and losing your cryptocurrency.

How much security does a passphrase add? Because the BIP39 seed phrase itself offers an incredibly high level of protection against being guessed, the addition of a passphrase does not significantly reduce the risk of a brute-force guessing attack. Instead, the primary purpose for a passphrase is to add a layer of security to protect against the possibility that your seed phrase may be accidentally revealed to someone.

However, being shorter and less-random than the seed phrase, the passphrase likely could be guessed eventually with a brute-force attack, so if someone did gain access to your seed phrase, the level of protection that a passphrase offers is only temporary - you would have a chance of saving your cryptocurrency from theft only if you noticed that someone had gained access to your seed phrase before they were able to brute-force guess your passphrase (which could be days or weeks, depending on how hard to guess it was). Is that limited increase in security worth the increased risk of loss of the passphrase? You decide, based on your individual situation, but you can see why many experts recommend that many users not bother setting a passphrase.

How likely is your BIP39 seed phrase to be guessed?

A mnenomic sentence constructed from random inputs is more unique than most people can imagine. For a 24-word BIP39 sentence, there are 2048 to the 24th power possible combinations of words - or stated another way, around 3 times 10 to the 79th power. To try to comprehend how enormous this number is, it is often compared to estimates of the total number of atoms in the known universe. It is effectively unguessable with today's technology.

Why are BIP39 words chosen from a limited dictionary?

BIP39 wordlists may seem arbitrary, but they are not - they are carefully chosen to reduce the chance of mis-specification. In any defined language, words in a BIP39 wordlist are selected in such a way that they do not have synonyms, do not have alternative spellings, do not have just 1 character variation with other words in the list, and are not profane. Additionally, the first four characters of each word are unique to each wordlist, which is a convenience when typing them into hardware wallets with limited input mechanisms, stamping them onto steel cards, or backing them up in any form.

BIP39 wordlists can be seen here: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md).

Also, you don't have to remember this detail, but BIP39 wordlists have 2048 words in them because it aligns with how BIP39 uses 32-bit blocks of entropy (random inputs) plus a checksum bit concatenated into a long binary string that is divisible into 11-bit numbers, each of which can hold up to 2048 bits. In short, 2048 words are all that are needed to achieve extremely high levels of entropy.

Do you need to understand BIP39 mathematics?

As a user of a cryptocurrency wallet, you don't need to understand the precise details of BIP39 calculations, but you might want to understand that they include the generation of a checksum of the random numbers, and this checksum is used as an integrity check. The checksum is included in the last mnemonic code word, and it helps wallets to verify the validity of mnemonic sentences. If a user types in a set of words and it fails validation because the checksum isn't as expected, there is likely a typo in what the user entered.

BIP39's other mathematical functions transform its inputs (the random numbers, and the optional passphrase) through one-way functions that guarantee that they can not be reverse-engineered from the public key.

If you would like to understand the exact mechanisms of how BIP39 wallets convert mnemonic codes into a binary seed, there is a description in the design document at https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki.

Vault12 has a more-detailed description in "How to Generate a Seed Phrase."

BIP32 and BIP44

As described in this article, the BIP39 standard describes how a seed phrase is constructed.

The most prominent related BIP wallet standards include BIP32 and BIP44:

BIP32 ("Hierarchical deterministic wallets") lays out a framework for Hierarchical Deterministic wallets (HD Wallets) so that they can be shared.

BIP44 ("Multi-account hierarchy for deterministic wallets") defines an organizational hierarchy for managing multiple accounts in deterministic wallets.

These standards work together to add flexibility, privacy, and interoperability to HD Wallets. HD Wallets extend the capabilities of deterministic wallets to allow for the management of a huge number of keys, all of which are derived from the original BIP39 mnemonic sentence (seed phrase).

For the purposes of this set of guides, we will focus on BIP39, as most crypto wallets support this standard, however, you will run across wallets like Coinomi which also use BIP44, and default to 24-word seed phrases.

Recover, Back Up, and Inherit Digital Assets

(including Cryptocurrency Seeds, NFTs and Art)

Every digital asset you own should be backed up, protected and remain accessible. Cryptocurrency in particular is difficult to secure. With natural disasters, hackers, to badly implemented security, you are always at the mercy of others.

Vault12 Personal Digital Asset Security helps you recover, backup and provide legacy inheritance for all your digital assets, including Bitcoin, Ethereum, NFTs, other cryptocurrencies, private keys, seed phrases, digital art and of course, your crypto wallets.


Learn More


Download Vault12 today – Try the free plan:

Recover, Back Up, and Inherit Digital Assets

Introducing Digital Inheritance

Pass on your Digital Assets to future generations

Vault12 Digital Inheritance is the first solution to offer a simple, direct, and secure way to ensure digital assets can be accessed by future generations. Digital Inheritance enables investors to designate an individual who will inherit their entire portfolio of digital assets stored in a secure Vault once the time comes, eliminating undue risk and the need to continually update an inventory or continually issue updated instructions.


Learn More


Personal Security for your Cryptocurrency and Digital Assets

Designed to be used alongside traditional hardware, software and online wallets, Vault12 helps cryptocurrency owners, ICO investors, professional cryptocurrency traders, and high net worth investors safeguard their digital assets without storing anything in the cloud or in fact any one single location. This increases the protection and decreases the risks of loss.


Learn More


Personal Security for your Cryptocurrency and Digital Assets

Easy to setup, easy to secure, easy to access.

A digital Vault containing your digital assets is assigned to trusted people or devices, known as Guardians. Your Guardians can be adjusted as needed in real-time so that the appropriate number are always guarding your digital assets. No one can access your assets and only you get access when you need.


Learn More


The Winklevosses came up with an elaborate system to store and secure their private keys. They cut up printouts of their private keys into pieces and then distributed them in envelopes to safe deposit boxes around the country, so if one envelope were stolen the thief would not have the entire key.

Nathaniel Popper, New York Times, December 19, 2017

20% of all Bitcoin is lost forever. That's $20B, in fact, in 2018 alone, $1.1B has been stolen.

Elliott Krause, The Wall Street Journal, July 5, 2018

The idea behind Vault12 is how do we essentially split that responsibility, make that problem of key control less a technological one by essentially making it into a social one with networks of people that they trust.

Terence Spies, former CTO, HP Enterprise, Data Security

Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange with a product like Vault12.

Joe DiPasquale, BitBull Capital

Security and usability are inextricably linked, the former cannot exist without the latter. Vault12 understands the need for end-to-end management of this experience as well as the importance of integrating into the prevailing crypto ecosystem

Sathvik Krishnamurthy, Founder and Managing Partner, Security Leadership Capital

As we move to a more open financial system driven by advanced blockchain technology and cryptocurrency, we need smarter ways to ensure that the system is trustworthy. Vault12 does this by addressing a foundational need -- ensuring that your crypto assets are not only protected by decentralized security, but also by your trusted inner circle. Your private key never exists in one place or with one entity, reducing risks from hackers as well as everyday accidents.

Vinny Lingham, Entrepreneur and Advisor

Security is the lifeblood of industry, commerce, and leisure. As more people use decentralized applications, they will need a way to back up their crypto wallets and exchange accounts. Vault12 provides a simple and natural way to reduce risks and combat the fear of forgetting seed phrases and private keys.

Jon Callaghan, co-founder of True Ventures

Get started now.

The Vault12 app is now available from iOS and Android app stores.