Respectfully, a "black box" is not trusted to generate mnemonic passphrases, the standard is well-defined and generally followed across wallets.
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic Users can create their own mnemonics in a trustless way following the BIP39 standard published in 2013. Using any entropy source a user can perform a SHA256 hash on the entropy to get a 256 bit string, then convert that to binary. Perform another SHA256 hash on the binary, take the first 8 bits and solve for checksum and then solve the rest of mnemonic words. On Fri, May 23, 2025, 6:15 AM Eric Kvam <[email protected]> wrote: > *Motivation* > Make it easy for users to manually create their seed phrase so that they > don't have to trust a "black box" and allow for encoding derivation path in > seed phrase to simplify recovery > > *How* > Use every eighth word from the wordlist to generate 16 word phrases with > 128 bits of entropy (no checksum). The most significant eight bits of each > word are used as entropy. The least significant three bits of each word > specify the derivation path. > > - *000* Derivation Path Not Specified > - *001* m/44'/0'/0' > - *010* m/49'/0'/0' > - *011* m/84'/0'/0' > - *100* m/48'/0'/0'/2' > - *101* m/86'/0'/0' > > Up to seven derivation paths can be specified if all words have the same > least significant bits. If the least significant bits of each word vary, > there are 48 bits that can be used to encode meta-data. As long as > meta-data is limited to certain allowable values, this provides a mechanism > for error detection, similar to a checksum. > > *Benefits of Suggested Implementation* > > - The word length determines how the seed phrase should be > interpreted. User only needs to know how many words they have and how many > words the wallet supports to check for compatibility with this extension > - Uses same wordlist to represent the same entropy as a 12 word phrase > (could be a revision to BIP39 instead of a new BIP) > - Manual procedure is very simple, each derivation path can use a > shortened 256 word list which enjoys improved alphabetical separation of > words > - May prevent naive word selections which aren't limited to every > eighth word (similar to what checksum does) > - Can be extended further. For example, a 32 word phrase with the > same entropy as a 24 word phrase could also be added. We can keep adding > formats with unique word length and keep adding uses for the meta data as > needed. > > -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e68013fdb7cen%40googlegroups.com > <https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e68013fdb7cen%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAL9hkF1ptPqvjNqpBHv3_WkEf0cL5HhNudT9SNXZ9DfzpupyOA%40mail.gmail.com.
