I am an enormous proponent of bitcoin AND self-custody. I’ve owned bitcoin for over a decade. At the moment, my bitcoin is in paper wallets, the usual again within the day. I even went as far as to purchase an outdated printer on Craigslist to get one that did not have networking, since that was a danger on the time.
Now I am trying into migrating to the ‘new factor’. From what I’ve learn, meaning getting a {hardware} pockets. So I have been researching them. It seems bip39 is the ‘normal’, so I began researching that. And I’ve some considerations.
In Abstract:
> BIP39, which most {hardware} wallets are basing their mnemonic deterministic keys on, has a standing of “Proposed”.
>
> https://github.com/bitcoin/bips
>
> Another statuses are Rejected, Changed, Withdrawn, Deferred, or Out of date. Till the standing of the BIP {that a} mnemonic secret’s primarily based on is “Closing”, how assured can we actually be that this will probably be supported long-term? If its going to be supported long-term, why is not it marked “Closing”??
>
> /r/Bitcoin/feedback/ywrqf6/remark/iwl572f/
>
> > BIP39 is a extremely dangerous “normal” (will not be even correctly a regular, although it does intend to be that). For some bizarre motive, it obtained mass adopted however. The BIP reviewers made it abundantly clear to “Unanimously Discourage for implementation”. https://github.com/bitcoin/bips/wiki/Feedback:BIP-0039
Gregory Maxwell u/nullc commented:
> The dearth of versioning is a severe design flaw on this proposal. On this foundation alone I’d advocate towards use of this proposal. The overall design is a thinly disguised brainwallet. Expertise with consumer habits exhibits that the consumer of consumer passphrases is kind of unconditionally unsafe and but very enticing to customers. If this proposal is applied it shouldn’t be applied with out the checksum enforced. With out it this proposal is a gorgeous nuisance which has immediately precipitated funds loss.– Greg Maxwell 2017-03-14
That is from 2017. In 2020, he reiterated
https://outdated.reddit.com/r/Bitcoin/feedback/jp2fp3/opinion_regarding_security/gbbzqu7/
> I do not suppose very extremely of {hardware} wallets.
Has bip39 addressed any of those considerations? Has it change into the “normal” regardless of these considerations? (in that case, may the bip simply be finalized…) Is the rest ‘within the works’?
Hardware wallets are trusted these days. If you like paper wallets do paper wallets. ???? don’t lose or give our your keys.
There are so many wallets that support it that it will no doubt continue to be supported. In the future event that people start migrating to a better system (my hope is for Shamir seed backups become standard) you’ll be able to migrate to that when ready.
I salute you for digging into the standards rather than blindly trusting the general sentiment that any hardware wallet is better than none.
As you’ve discovered, BIP-39 is not new (created in 2013) but is still in “Proposed” status. The official Bitcoin Core client doesn’t use mnemonics and probably never will. Nonetheless, BIP-39 seed phrases have become ubiquitous amongst software wallet authors and hardware wallet manufacturers, with 12-word (128 bit) and 24-word (256 bit) becoming the de facto standards.
As for “long term support”, not to worry. Even if, 50 years from now, no one uses seed phrases to initialize or recover wallets, the unique 128- or 256-bit number that a BIP-39 phrase represents will still be a valid seed. It’s trivial to convert a BIP-39 seed phrase into a numeric seed; all you need to do is look up each word in the 2048-word BIP-39 word list, note the index number of the word, convert the index numbers to 11 binary digits and assemble them in order to recover the 128- or 256-bit seed. It’s simple enough that you can do it by hand, and even if BIP-39 goes out of favor I guarantee you’ll be able to find the word list in numerous historical archives.
EDIT: Oops. I forgot there’s more to converting the words to a numeric (binary) seed than just assembling the 11-bit parts. You also need to run it through 2048 iterations of a PBKDF2 function, which obviously isn’t something you’d want to do “by hand”:
> A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string “” is used instead.
> To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string “mnemonic” + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).
Still, the conversation method is open source and should be easy to reproduce in code at any point in the future.
What year is this?
BIP39 is a good security measure for an active wallet that keeps generating addresses regularly. For long term storage nothing beats a paper wallet with an actual private key on it.