What is seed phrase?

A seed phrase, seed recovery phrase or backup seed phrase is a list of words which store all the information needed to recover crypto funds on-chain. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user’s computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their cryptos back.

Anybody else who discovers the phrase can steal the cryptos, so it must be kept safe like jewels or cash. For example, no one should ask you for it on social networks or messenger, it must not be typed into any website.

Seed phrases are an excellent way of backing up and storing cryptos.

How does it work?

A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.

The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Ethereum private keys, so most experts consider it to be sufficiently secure.

Your own seed phrase – good or bad?

It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.

As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The word list that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw private key where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).