script to find the checksum word in a bip39 seed made of 12 or 24 words
If you didn’t know you can create a bip39 seed picking whatever words you want from the bip39 words list for the first 11 (12 words seed) or 23 words (24 words seed).
The last word is a checksum word and can’t be everything. In a 12 words seed it can be only 128 words of all the 2048 in the words list, while in a 24 words seed there are only 8 possible candidates.
This mean you could create a seed **randomly** (**if it’s not random your seed will be cracked easily**) picking 11 or 23 words from a hat. It is a perfectly fine method to create a seed as long that your hat contains all the 2048 bip39 words and you pick them up **really randomly**.
But now you need to know the checksum word (last word). It can’t be picked randomly.
I made a python script opensource that giving it all the words you picked up in the correct order, it will calculate all the possible candidates checksum word for you seed.
It also gives you a sequence of bits for each of the candidates so that you can randomly pick one flipping a coin (7 times for a 12 words seed and 3 times for a 24 words seed) where 1 is head and 0 is tail. The sequence you get, the word you find. So also the checksum word is random.
**DISCLAIMER: Don’t trust the script I made and don’t use it with your real seed if you are not able to review the whole code and understand what it does!!! Use it only in a safe environment offline, like tails! Again: don’t use it if you can’t read and understand the whole code!**
This is a link to the script: https://github.com/91DarioDev/bip39-checksum-words-finder
> If you didn’t know you can create a bip39 seed picking whatever words you want from the bip39 words list for the first 11 (12 words seed) or 23 words (24 words seed).
you need to generate all 12 words. If you only generate 11 then you will be short 7 bits of entropy!
Also, dont bother with 24 word mnemonics, they are not any stronger in practical terms, but twice as hard to memorize.
> This is a link to the script: https://github.com/91DarioDev/bip39-checksum-words-finder
I would fix the script to only accept exactly 12 18 or 24 word mnemonics (or just 12, to guide users to the best choice)
Taking 11 words means you are exposing your users to weaker entropy in their mnemonics. Dont do that, print an error in that case.
What you can do is suggest a “correction” for the last word, keeping the entropy in it but replacing the last bits with the right sized checksum.