Crypto Wallet Security: Understanding Entropy, Seed Phrases & Passphrases for Ultimate Protection

By Published on

Introduction

In the crypto space, security is everything. So, if you want to protect your cryptocurrencies that you bought using your hard-earned money, then you should have a good understanding about how entropy, seed phrases and passphrases are related. 

While you may have heard these terms in the crypto space, getting a solid understanding of these terms is crucial when it comes to securing your crypto.

In this article, we’ll break down each term using simple language and analogies, explore the technical aspects, and explain how they are all connected.

Before you dive in, its best to have some idea about private and public keys in cryptocurrency. You can refer my article Understanding Private and Public Keys for a quick overview.


What is an Entropy in Crypto?

In the information technology field, Entropy refers to the randomness of data. In the crypto space, Entropy means when a crypto wallet generates a very large random number that is impossible to guess.

The higher the entropy (randomness) the harder for someone to guess the number therefore the higher the security.


A Simple Analogy to Understand Entropy

Entropy is like shuffling a deck of cards, imagine you bought a brand-new deck of cards. Since the card pack is new, the cards are arranged in order from Ace to king, sorted neatly by suits.

If someone asked you to guess the next card, it would be easy, because the order of the cards is predictable. But now imagine you take that deck and start to shuffle it, when you shuffle, the order becomes random.

A good shuffle will make the order of the cards completely random, making it very hard for someone to guess the next card.


Randomness of Entropy

Entropy is measured in bits. A bit is a 0 or 1. The higher the bits, the higher the possible combinations or outcomes. Let's see how:




As shown in the table above, 128 bits and 256 bits result in extremely large outcomes/combinations. These numbers represent the possible outcomes of 128-bit and 256-bit values. So higher the bits, higher the randomness, therefore stronger the entropy. 

So, what does this mean? this actually means that when your wallet generates 128 bits or 256 bits number, the possibility of the same 128- and 256-digit number to appear twice is extremely low, it's almost impossible

Think about it: how can the same 128-bit number appear twice when there are 1 septillion trillions in an undecillion possible combination? For a 256-bit number, the number of possible combinations is even greater, so vast that it is beyond imagination!

So, in summary, this means that whatever Entropy your wallet generates, it is truly unique. 

And the initial Entropy that your wallet generates is the beginning or the start of the creation of the seed phrase


What is a Seed Phrase?

The seed phrase or recovery phrase is actually 12 or 24 random words that is provided to you by the wallet as a recovery method to access your crypto in case you lost your wallet or accidentally deleted your wallet.

Your seed phrase is derived by the Entropy your wallet generates. Your wallet based on your instruction creates a bit Entropy for a 12-word seed phrase and 256-bit number for a 24-word seed phrase. 

Entropy is converted into a seed phrase using a standard called BIP-39 (Bitcoin Improvement Proposal 39), which was introduced in 2013. This standard defines a fixed list of 2,048 words, allowing users to back up and restore their wallets using human-readable words instead of complex binary strings.

The selection and order of words in a BIP-39 seed phrase are entirely determined by the initial entropy. The entropy is divided into segments, and each segment produces a specific number. This number is then mapped to a word from the predefined list of 2,048 words. 


What is a Seed Phrase - Summary

  • Your Seed phrase or recovery phrase is used to recover your access to your crypto in case you lost or accidently deleted your wallet. 

  • Seed phrase is derived by the Entropy the wallet generates. BIP-39 standard converts the Entropy into a 12- or 24-word seed phrase based on some calculations.


What is a Passphrase?

Passphrase is an optional security feature that you can add as an extra layer of security for your crypto wallet accounts. 

We now know that Entropy is generated within a wallet, and that Entropy is then translated into a 12- or 24-word seed phrase using BIP-39 standard.

Adding a passphrase effectively creates an additional custom word—a 13th word for a 12-word seed phrase or a 25th word for a 24-word seed phrase. This passphrase acts as an extra layer of security, as it is not part of the fixed 2,048-word BIP-39 list but rather a completely custom string chosen by the user.

Therefore, remembering or securely storing the passphrase is absolutely critical. If you forget it, you won’t be able to recover your wallet, even if you have the correct seed phrase. The passphrase is combined with the seed phrase to generate your wallet, so losing it means losing access permanently.


What is a Passphrase - Summary

  • Passphrase is an additional custom string that you can provide as an addition to your seed phrase.

  • If you set up a passphrase, then you need both the seed phrase and passphrase to recover your wallet.



How Entropy, Seed Phrase and Passphrase all Work together to generate Private and Public Keys in BIP-39 Standard

Scenario: Let's say you downloaded a software wallet that follows the BIP-39 standard to generate a seed phrase. When prompted to choose the length of your seed phrase, you opted for a 12-word seed phrase. And you also decided to have a passphrase of your own.


This is how your wallet will end up with the final seed (Master Key)


Step 1: The wallet generates 128 random bits (entropy).

Step 2: It runs these 128 bits through SHA-256 to get a hash (256 bits).

Step 3: The first 4 bits of this hash are taken as a checksum and added to the entropy, making it 132 bits total.

Step 4: These 132 bits are split into 11-bit chunks.

Step 5: Each 11-bit chunk represents a number (0–2047), which matches a word in the    BIP39 word list.

Step 6: The wallet maps each 11-bit chunk to its corresponding word in the BIP-39-word list, forming a 12-word seed phrase. (This is also called the mnemonic phrase).

Step 7: The wallet now has a 12-word mnemonic phrase, which is simply a human-readable version of the entropy. This is the moment when the wallet displays the 12 words for you to write down and keep safe.

Step 8: Since the user also decided to add a passphrase, the wallet allows the user to add a passphrase of their preference. This can be any password that you can remember.

Step 9: The wallet takes the 12-word mnemonic + passphrase and runs them through a special function called PBKDF2-HMAC-SHA512. This function strengthens security by repeatedly hashing the mnemonic and passphrase 2048 times. The result is a 512-bit seed.

Step 10: This 512-bit seed is the final seed that is used to derive the Master Private Key

Step 11The final seed is passed through HMAC-SHA512 to generate the Master Private key. This is the key that is used to generate all child private keys and public keys.


Entropy, Seed Phrase and Passphrase Relationship - Summary

  • Entropy = Random Bits Generated by Wallet
  • Seed Phrase = Entropy + Checksum
  • Final Seed=PBKDF2-HMAC-SHA512(Seed Phrase, Passphrase)
  • Master Private Key is derived by Final Seed
  • All child private keys and public keys is derived from Master Private Key


Flowchart: From Entropy to Crypto Keys – Seed Phrase, Passphrase & Key Derivation










The Master Private Key is the Key that your wallet uses to generate private keys and corresponding public addresses. These private keys give access to the actual crypto that is stored in public addresses in the blockchain.

When you create accounts of different cryptocurrencies, your wallet uses the Master Private Key to generate the relevant private keys and public addresses to that specific crypto!


Crypto Security Unveiled: Must-Know Tips for Safeguarding Your Assets

💡Your passphrase is never stored inside the wallet, but some Crypto software wallets like MetaMask may store the master private key (Seed phrase + Passphrase) in an encrypted manner.

💡Most hardware wallets only store your seed phrase inside them in an encrypted manner, they do not store the master key due to security and other reasons. 

💡If you opt for a passphrase, then your hardware wallet will always request your passphrase when you want to access your crypto. The wallet reconstructs the final master key using the seed phrase and passphrase every time you access your hardware wallet.

💡If you provide a wrong passphrase, then a wrong Master key will be generated with an empty wallet. The wallet won't validate the accuracy of your passphrase because it won't store the passphrase for any authentication.

💡In any case if you lost your hardware wallet, you don't necessarily need to buy the same hardware wallet to recover your crypto. You can simply install a software wallet that uses the BIP-39 standard, provide your seed phrase and recover your crypto!

💡Don't panic if your new wallet doesn't recover your crypto right away. Some wallets use different standards for master key generation, such as BIP-32 and BIP-44, which operate differently from BIP-39. For instance, these standards don’t generate entropy in the same way. To avoid confusion, always double-check that the wallet you're using follows the same standard as the one you used before. This ensures compatibility and proper recovery of your crypto.

💡You don't have to actually know all the steps involved in master key generation, just get the simple idea about the relationship of entropy, seed phrase and passphrase so that you are well equipped to handle crypto securely.



Final Thoughts

Many people in the crypto space don’t fully understand the relationship between entropy, seed phrases, and passphrases. In fact, most are only familiar with the basic idea that they need to protect their seed phrase to recover their crypto. 

While this is true, it’s equally important to familiarize yourself with concepts like entropy and passphrases and understand how they contribute to crypto security.

If you're someone looking to self-custody your crypto, having a solid grasp of these concepts is essential.

If you found this blog helpful, feel free to share it with others and leave your thoughts!

 


Disclaimer: The contents of this article are for informational purposes only and are not financial advice. The views here are just the author’s opinions. The crypto market is volatile, so be sure to do your own research before investing.









Comments

Post a Comment

Trending Now on the Blog

ISO 20022 Compliant Cryptos: The Future of Money While the Rest Will Fade?

By Published on
Introduction There are many cryptocurrencies in the crypto space. Many of them are present to make noise and distract you from investing in real utility-driven crypto projects. This is a fact that only a few people in this space know. So, if you are reading this article, consider yourself lucky! While the media creates hype around the greatest cryptocurrency or the "father of all cryptocurrencies," which is Bitcoin, you would be surprised to know that Bitcoin is only considered a store of value based on the perception of people.  Bitcoin does not offer real-world utility, it does not offer smart contract functionalities, it is slow, expensive and it does not have any place in the new financial world that is going to take place in the future. In this article I will break down: What ISO 20022 is Why ISO 20022 is special What ISO-compliant cryptocurrencies mean The list of ISO-compliant cryptos Why most other coins could be left behind What is ISO 20022? ISO 20022 is a universal...
Dive In »

Understanding Stablecoins: Stability in an Unstable Market

By Published on
In the stormy waters of crypto, prices are highly volatile, and this is considered a norm in this space. But despite the price swings, how do some cryptos manage to stay stable. Well, let’s explore how stability is achieved in the world of crypto. What Are Stablecoins? Stablecoin is a type of cryptocurrency designed to maintain a stable value by being pegged to a stable asset such as a national currency like the U.S. dollar or a commodity like gold.  Pegging means tying the value or fixing the value of the stablecoin to a more stable asset, like the U.S. dollar. Most stablecoins are blockchain-based versions of fiat currencies.  Dollar-Pegged or Currency-Pegged Stablecoins Dollar-pegged stablecoins like USDT, USDC, and DAI, all designed to maintain a 1:1 peg with the U.S. dollar, meaning 1 USDT, 1 USDC, or 1 DAI equals 1 USD. If a stablecoin is pegged to the U.S. dollar or if its value is fixed to the U.S. dollar, this means that stablecoin value is kept as close to $1 as po...
Dive In »

Market Capitalization Myths: Understanding Liquidity, Price Action, and True Value in Crypto

By Published on
Image
Key Takeaways Market Capitalization (Market Cap) represent the total market value of an asset. Market Cap does not mean total money invested. Market Cap does not determine price action. Market Price is determined by supply, demand and liquidity. What is Market Capitalization? Market Capitalization or Market Cap is a measure of the total market value of a single cryptocurrency, or all cryptocurrencies combined. It is calculated as: Market Cap = Current Price × Circulating Supply 💡Circulating supply means the amount of cryptocurrency that has been created and released and currently in circulation in a market by a certain cryptocurrency project. For example, Bitcoin circulating supply currently is 19.83 million, price of bitcoin is currently 83,000, therefore, total market cap of bitcoins would be 19.83M x $83,000 = 1.64 trillion. But what is the point of this concept? Actually, the main idea of this concept is to reflect the Importance, value or the size of the market for a certain asse...
Dive In »