Have you ever wondered how mnemonic seed phrases are generated for a crypto wallet?

This post is for people curious what's going on under the hood of an app when it is generating a seed phrase.

The method used by most wallets today is to use 12 or 24 word seed phrases. Not any combination of words will work, however. The underlying rule for selecting these words is a standard called bip39. This post aims to walk through an example of generating the smallest possible seed phrase you can make with this standard (You won’t be able to use this for a crypto wallet, and you shouldn’t want to it’s not secure enough).

First and foremost to generate a mnemonic with bip39 there is a requirement that you use a multiple of 32 bits for entropy. Just take my word for it for now, it'll become apparent why in a little bit.

A bit in binary is a 1 or a 0, so 32 bits would be 32 1s or 0s. In order for this to be secure you want the possibility of each spot being a 1 or a 0 to be as random as possible. Strong entropy is a fun topic and an awesome rabbit hole. But for the case of this example, this is a cryptographically securely randomly generated 32 bits, tada! 10101000101110000011100101011011

Now the next step is to take the SHA256 hash of that binary and convert the result into binary. Hashing and specifically SHA256 is all over crypto, and is a fun topic on it’s own. However, just to keep things simple again for this example, I’ll just do it and save the topic for another day ,tada! 1101010010110101111001100100011100100010111101001001000011100100111110011000111001101100110111100101110001010111101111000111100100011111111101000011011010011001111011010100010001010000110010000001100011011101011111010011000110000010011100001001100010101100

Now remember the requirement for the number of bits to be a multiple of 32? That’s because now that we have the hash we need to pick how much of it to use. So we divide the length of the entropy by 32, in our case 32/32 is 1 and use that many pieces of the binary, in this case just the first digit: 1 If you ever hear the term “checksum” that is this last piece we just found. The SHA256 hash will always be the same if made from the same binary, and we’re taking a piece of that and adding it in.

You take that and add it to end of the your original entropy 101010001011100000111001010110111

You then chop that up by a length of 11, we have a total length of 33 above so we get three results of equal length: 10101000101 11000001110 01010110111 Convert those three sets of binary into numbers 1349 1550 695 Then go look up the corresponding word for each of those numbers in the bip39 word list (if your word list starts counting at 1 add 1 to each of the above, computers start counting at 0): post scrub finger The check sum added 1 as the last digit, so we know that we can’t use 694 “fine” (one less) ever as the last word because the checksum for that entropy will never end in 0 and in order to get those three words exactly the rest of the binary sequence must be exactly the same.

If you want to generate a valid wallet, say 12 words long for example, you just do the exact same thing except you start with a 128 long sequence of random binary instead of the 32 long sequence I used in the example to get a list of words four times as long.