Start protecting your digital assets: Free 30-day trial available today. Download now.

Crypto Security How-to's

How to generate a Seed Phrase.

Five possible ways to generate a seed phrase, and a more advanced discussion on the importance of randomness in ensuring security.

Here are some common ways to generate seed phrases - click through the links to get detailed instructions.

Your seed phrase is a mnemonic code consisting of 12-24 words that is used to recover your cryptocurrency wallet. Sometimes called a backup phrase, recovery phrase, or mnemonic sentence - it is the foundation of most modern wallets and the crypto universe in general.


A Mnemonic phrase is an encoded source of entropy (randomness) that identifies your wallet within the digital universe.
TL;DR

Even when you have your own crypto wallet, you have choices for how to generate the seed phrase.

It is extremely important that the seed phrase be randomly selected so that it can not be guessed or reverse-engineered.

Seed phrases with more words have more entropy / randomness than those with fewer words.

You can let the wallet generate a seed phrase for you.

You can use the Vault12 app to generate a seed phrase for you.

You can "roll your own" seed phrase with dice, or use a calculator, as offline methods.

Computer-generated methods of random number or seed phrase generation can be hard to verify as safe and effective.

The BIP39 standard determines how random numbers are securely translated into a seed phrase.

1. Seed Generation with Vault12

Vault12 enables you to create is an encrypted distributed digital vault. Vault12 secures digital assets including cryptocurrency seed phrases, and can also generate your seed phrase for you. As an added benefit, you can be sure that your seed phrase is generated securely and automatically backed up in a secure manner. Read our guide to learn more.

2. Calculator

Generating a seed phrase by using a calculator is done offline, thus removing a wide range of potential attacks. You will need a calculator that has a RANDOM function to generate entropy. It also introduces new risks - instead of using one device to generate your seed phrase, you will need to use two devices, the calculator and an air-gapped computer. Learn more about generating a seed phrase using an offline calculator.

3. Dice

Dice can be used for a truly manual and offline method of seed phrase generation. To do this, you need dice, a pen and paper, the BIP39 word list, and some math. You can use a single die if you want, but it is better to use multiple dice. You will be creating entropy by generating a large random number, using the dice. Learn how to generate a seed phrase with dice.

4. Crypto Wallets

With few exceptions, most modern wallets will create your seed phrase for you during wallet creation. The process is usually automatic, with limited options for setting the parameters of your seed phrase. For most users, this approach will be enough, and it won't be thought of again.

Keep in mind, that in any potentially high net-worth use case, generating seed phrases yourself directly - especially offline - is a good choice for higher security and greater control over the process.

Take a look at the article, "Using crypto wallets to generate seed phrases" to get an overview of how seed generation is done inside wallets during the set up phase.

See Crypto Wallet Guides for step-by-step instructions on how specific wallets accomplish this.

5. Hardware Wallets

Hardware wallets provide an extra level of security compared to software wallets and provide mechanisms to generate a seed phrase within the wallet. Hardware wallets strike a great compromise between usability and extra security. We are working on how-to-guides to take you through the steps needed to securely generate and back up seed phrases - stay tuned.

  • Ledger Nano X
  • Ledger Nano S
  • Trezor One
  • Trezor Model T
  • KeepKey
  • ColdCard MK3
  • BitBox 01/02

Advanced: What goes on behind the scenes of generating a seed phrase?

The process of generating a seed phrase starts with generating random data, called entropy. The entropy is then run through a hashing function, specifically SHA256, to generate the checksum. Part of the checksum is then appended to the random data. The resulting output is then split into chunks of 11 bits, where each 11-bit chunk maps to a single word on the BIP39 word list.

Confused about anything in the above paragraph? Don't worry, each step will be explained in an easy to understand format below. (You could also get a high-level understanding of seed phrase construction by reading "What is BIP39?".)

Generating random data, called Entropy

Generating a seed phrase has to begin with a random source of data, otherwise, an attacker could steal funds by regenerating your seed phrase. Entropy is a measure of how random a set of data is.

What is more random? Rolling 1 dice, or rolling 2 dice? Since 2 dice have more possible outcomes, the measurement of randomness is higher. It is the same for your seed phrase. The more words that are in your seed phrase, the higher the entropy will be.

To successfully generate a seed phrase, the entropy generated has to fit certain parameters. The random data must be between 128 bits and 256 bits of entropy, and divisible by 32.

128 bits of entropy maps to a 12 word seed phrase

160 bits of entropy maps to a 15 word seed phrase

192 bits of entropy maps to an 18 word seed phrase

224 bits of entropy maps to a 21 word seed phrase

256 bits of entropy maps to a 24 word seed phrase

Running the random data through a SHA256 hash function

A hash function is a computer program that takes an input of data and returns a verifiable result, called a checksum. The input can be any source of data, and running the same hash function again will return the same checksum as the result.

For example, running your random source data of 128 bits of entropy through a hash function will always return the same result as the checksum. If you change anything in that source data, you will get a different result from the hash function.

In this step, the random source data is run through a SHA256 hash function. The first X digits of the checksum are then added to the random source data/entropy, where X is equal to the quotient of entropy divided by 32.

256 bits of entropy - add the first 8 bits of the checksum to the random data

224 bits of entropy - add the first 7 bits of the checksum to the random data

192 bits of entropy - add the first 6 bits of the checksum to the random data

160 bits of entropy - add the first 5 bits of the checksum to the random data

128 bits of entropy - add the first 4 bits of the checksum to the random data

It is important to note that BIP39 generates the seed phrase from binary, which is 0's and 1's. The SHA256 hashing function returns a checksum as a sequence of numbers and letters, called hexadecimal. To get the binary bits, you will have to convert the checksum from hexadecimal format to binary format.

  • Slice the result into 11-bit chunks of data. Each 11-bit chunk of data will map to a word from the BIP39 word list

You have seen the word bit used quite a lot in this article. A bit represents 0's and 1's, is the smallest representation of data, and is expressed in language the computer understands.

Your original source of random data, or entropy, plus the SHA256 checksum is divisible by 11. The BIP39 word list contains 2048 words, and each word on the list maps to 11 bits of data. In this step, break your entropy+checksum into sequential chunks of 11 bits.

It is important to slice the 11-bit chunks in sequential order. This means going from left to right, every 11 bits is grouped together. Every 11 bits represents a word in your seed phrase, and the order of the words has to be correct.

Next, convert your 11-bit sequence into decimal format. This will give you a number that maps to the BIP39 word list. In the correct order, map each 11-bit sequence to the matching word in the BIP39 word list. This is your seed phrase!

It is important to highlight that some word lists for BIP39 might start with 1. In code, the first number is always 0. This means, 2048 words are listed as 0-2047. Not 1-2048. If your BIP39 word list starts with 1 instead of 0, you will need to subtract 1 from the word list numbers to get the correct word.

The importance of Random Number Generation

Once you generate the entropy needed, the rest of the process is simply math and cryptography. In practice, this means that when generating a seed phrase, the source of entropy is both the most important step, and also the step in which you have the most control over the result.

There are many ways to generate entropy - flipping a coin, rolling dice, dealing a deck of cards, recording ambient sound, and many more. The goal here is to get as close to true randomness as possible. If you are using a process that is not sufficiently random, an attacker can recreate your seed phrase.

In the following sections of this article, we will cover different approaches for how to generate entropy, and thus generate your seed phrase.

Security Considerations

Taking control over the generation of your seed phrase provides the ability to increase the entropy of your seed phrase, thus increasing the security of your entire wallet. This does not come without risks - a single mistake can result in a less secure wallet, even lost funds.

When generating your own seed phrase, security must be kept in mind throughout the entire process. The most critical part of generating your seed phrase rests with the generation of entropy, which is the first step of generating your seed phrase.

Your seed phrase can have 12, 15, 18, 21, or 24 words. The more words in your seed phrase, the higher the entropy, which means higher security. A correctly generated 24-word seed phrase will always produce a wallet that is more secure than a 12 word seed phrase. Many wallets today only produce 12-word seed phrases in their built-in wallet creation workflow. However, it is important to highlight that 12-word seed phrases are still very secure.

The key word here is `correctly generated`. The only parameter that can be changed is the source of entropy. This is important because if the source of entropy is corrupted, an attacker can potentially regenerate your wallet and steal your funds.

Generating entropy, which is random data, can be done manually or with a computer. Both methods have pros and cons. When generating entropy, care has to be taken to ensure the process is being done correctly and is free from manipulation.

A basic example of manually generating entropy would be flipping a coin. If an attacker gives you a coin that is weighted slightly in favor of heads, your initial source of entropy is corrupted.

When using a computer to generate entropy, the attack vectors are both over the internet and physical in-person attempts. The computer should not be connected to the internet. Being connected to the internet provides an opportunity for attackers to compromise the process. (However, even if the device was ever connected to the internet, this allows for an opportunity to corrupt this process.)

Part of being in a security mindset is to limit opportunities available for bad actors. A device not connected to the internet is considered air-gapped, which means an attacker has to be physically present at the device to be successful.

Don't have a spare device that you can airgap? Don't worry - you can use a "live" Linux environment. Many Linux operating systems are able to be run off of a USB stick or flash drive. These are called `live` distributions and are released with verification signatures, so you can easily verify that the operating system has not been tampered with. The best in class is Tails OS - a portable OS that protects against surveillance and censorship. To run the operating system, plug in the flash drive and boot. When you are done, remove the flash drive and return it to your normal operating system.

Crypto Security How-to's

How to generate a Seed Phrase.

Five possible ways to generate a seed phrase, and a more advanced discussion on the importance of randomness in ensuring security.