The basics of mnemonic security

When using the mnemonic to restore your wallet, there is a very small chance that you will enter a word erroneously (not in the backup, but in the mnemonic database) and still be able to restore it using the blockchain wallet.

Here are some examples and explanations of this extremely unlikely scenario.

To begin, we must first comprehend the process of constructing a mnemonic in order to comprehend why a mnemonic can be used even if it is inputted wrongly.

Create mnemonic:

Using the normalization procedure outlined in BIP-39, the wallet generates the mnemonic automatically. The wallet begins with an entropy source, then adds a checksum before mapping random numbers to a list of words:
1. Create a 128 to 256-bit random number.
2. Use the checksum of this random number as the first few bits of the SHA256 hash (the first four bits are taken from the 12-bit assistance bits).
3, At the end of the random sequence, add the checksum.
4. Separate the sequence into 11-bit halves.
5, Each number bearing the 11-bit component corresponds to a dictionary that already has 2048 words.
6. The mnemonic is the resultant sequence of syllables.

And when the wrong word is entered, as in the following example (only the first position is entered incorrectly).

The wallet generates the mnemonic as:ribbon voice frame black oppose galaxy divide either tube maximum tired obvious

Hash of SHA256: 00101011 11111111


The artificially incorrectly entered mnemonic is:rib voice frame black oppose galaxy divide either tube maximum tired obvious

Hash of SHA256:00101011 11101010


The first four bits of each SHA256 pairs are identical, indicating that the checksum is likewise identical.

Because both pairs of mnemonic comply with BIP39, they can both be recovered using blockchain wallets.

If we do a basic explanation in terms of probability: first pick a random word as the last mnemonic word, and then randomly pick the other 11 mnemonic words when the mnemonic word is 12 bits, we can find a set of right ones 16 times, while the 24-bit helper word is 256 times.

It is therefore typical to "input the erroneous word and receive a working mnemonic," but this does not imply that mnemonic security is inaccurate.

Mnemonics are sometimes mistaken with "brain wallets," although they are not the same thing.

The primary distinction is that brain wallets are made up of words chosen by the user, whereas mnemonics are generated at random and presented to the user.

The most significant distinction between the two is the aspect that makes mnemonic more secure; after all, humans have a limited ability to generate random numbers.

This means that just because a BIP39-compliant mnemonic has been artificially tested does not mean that using a wallet-generated mnemonic is insecure; the two types of mnemonics are different in terms of security; a wallet-generated mnemonic is more random (i.e., more secure), whereas a brain wallet (with the wrong mnemonic) is less likely to be randomly generated and used.

The wallet generates truly random numbers using cryptographically safe methods (e.g., hardware TRNG), thus the quality of randomness cannot be guaranteed by the user's usual choice of mnemonic.

Was this article helpful?
2 out of 3 found this helpful