F*ck the mnemonic sentence checksum!

TL;DR The checksum causes more harm than good. Make BIP39 checksum optional to improve security.

Thread 👇👇👇 1/10
The checksum is between 4 (for 12 words) and 8 (24 words) bits. This is a very weak checksum. For 12 words, this would mean 1/16 probability of failure to detect a mistyped sequence of VALID words! 2/10
The words themselves are a much stronger checksum. Any misspelled word has a much higher probability to be detected due to word missing in wordlist; It's unlikely to misspell a word so that it becomes another valid word. 3/10
When does the checksum help you? It's not when you write down the mnemonic on paper. The paper/pencil doesn't check the checksum. 4/10
The checksum could help when you want to recover the wallet. If the checksum is wrong AND all words exist in the wordlist, it will help you realize there's something wrong with it. 5/10
But you'll also realize there's something wrong with it if there are no transactions or bitcoin in your "recovered" wallet, or that you don't recognize the addresses generated in it. The checksum, at best, only helps you realize it earlier. 6/10
The checksum also has a major turnoff: It's hard to generate a mnemonic without a computer. You can roll dice to generate 128 bits of entropy, but then you need to put those bits into a computer to calculate the checksum, "the final word". 7/10
This "final word" step is a security risk. If you're a novice, it's very hard to do the final word generation in a secure way. This risk is far worse than the dubious benefit explained above. 8/10
If wallets would accept mnemonics without checksum you could create a mnemonic with ONLY dice and a wordlist and give it to a hardware wallet or airgapped computer and be done with it. You don't have to setup a secure environment to generate a nearly useless checksum. 9/10
Exactly how BIP39 could be modified to make checksum optional is another question, but it's doable. 10/10
You can follow @kallerosenbaum.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.