Overview
A seed phrase is the human-readable master secret from which an entire HD wallet is derived. Standardized by BIP39, it consists of 12 or 24 English words selected from a fixed list of 2,048 words. From this single sequence of words, a wallet can deterministically regenerate every private key, public key, and address it has ever used or will ever use, making the seed phrase the ultimate backup and the most critical piece of data in any self-custody setup.
From Seed Phrase to Keys
Seed Phrase Derivation Chain:
12/24 Words + optional Passphrase
│
▼
┌──────────────┐
│ PBKDF2 │ 2048 rounds of HMAC-SHA512
│ (BIP39) │
└──────┬───────┘
│
▼
┌──────────────┐
│ 512-bit │ Master seed
│ Seed │
└──────┬───────┘
│
▼
┌──────────────┐
│ Master Key │ HMAC-SHA512 derivation
│ + Chain Code│ (BIP32)
└──────┬───────┘
│
┌──────┴──────────────────────┐
│ │
▼ ▼
m/84'/0'/0' m/84'/0'/1'
(Account 0) (Account 1)
│ │
┌─┴───┐ ┌─┴───┐
▼ ▼ ▼ ▼
/0/* /1/* /0/* /1/*
Receive Change Receive Change
addresses addresses addresses addresses
Why 12 vs. 24 Words
- 12 words encode 128 bits of entropy, providing security of 2^128 (approximately 3.4 x 10^38 possible combinations). This is considered secure against all known attack methods, including theoretical quantum computers for brute-force search.
- 24 words encode 256 bits of entropy, providing 2^256 combinations. This provides an even wider security margin but is harder to back up and more error-prone to transcribe.
Most modern wallets default to 12 words, as 128 bits of entropy is more than sufficient for practical security.
Storage Methods
| Method | Durability | Cost | Notes |
|---|---|---|---|
| Paper | Low (fire, water) | Free | Most common, easy to create |
| Metal plate | High | $20-100 | Resistant to fire, water, corrosion |
| Metal washers | High | $10-30 | DIY approach with stamped washers |
| Split storage | High | Varies | Distribute across multiple locations |
What NOT to Do
- Never store digitally (no photos, screenshots, cloud documents, password managers, or email drafts)
- Never enter into a website or form that is not your own verified wallet software
- Never share with anyone claiming to be "support"
- Never generate on a device you do not fully trust
Relationship to Recovery Phrase and Mnemonic
The terms "seed phrase," "recovery phrase," and "mnemonic phrase" are used interchangeably throughout the Bitcoin ecosystem. They all refer to the same BIP39 word sequence. The distinction is purely one of emphasis: "seed" highlights its role as the root of key derivation, "recovery" highlights its use in wallet restoration, and "mnemonic" highlights its human-readable nature.
Common Misconception
A seed phrase alone may not be sufficient to restore a wallet if the passphrase feature was used. A BIP39 passphrase (sometimes called the "25th word") produces a completely different wallet when combined with the same seed phrase. Users must back up both the seed phrase and the passphrase if one is in use, and clearly document that a passphrase exists.