Skip to main content

SafeSeed FAQ: Frequently Asked Questions

This page collects the most frequently asked questions about SafeSeed tools, cryptocurrency key management, and security best practices. Questions are organized by topic for easy navigation.

Try It Now

Explore all SafeSeed tools at safeseed.app/tools/seed-generator/ — free, open-source, and client-side.

General Questions

What is SafeSeed?

SafeSeed is a suite of open-source, client-side cryptocurrency security tools. It includes a Seed Phrase Generator, Paper Wallet Creator, Address Generator, and Key Derivation Tool. All tools run entirely in your web browser — no private data is ever sent to any server. SafeSeed is designed for key generation, derivation, and verification, not for storing or transacting cryptocurrency.

Is SafeSeed free?

Yes. All SafeSeed tools are completely free to use, with no premium tiers, subscription fees, or hidden costs. The tools require no account registration or personal information.

Is SafeSeed open-source?

Yes. SafeSeed's source code is publicly available for review and audit. Transparency is a core principle — you should be able to verify that your key generation tool does exactly what it claims and nothing more. You can inspect the code in your browser's developer tools or review the source repository.

Does SafeSeed store my data?

No. SafeSeed does not use cookies, localStorage, sessionStorage, IndexedDB, or any other browser storage mechanism for cryptographic material. When you close the browser tab, all generated data is cleared from memory. There is no server-side storage, no analytics on generated keys, and no telemetry that includes sensitive data.

Can I use SafeSeed on my phone?

SafeSeed tools are responsive and work in mobile browsers (Safari, Chrome, Firefox). However, for generating seed phrases or private keys for real funds, a desktop computer (ideally air-gapped) is recommended. Mobile devices have more background processes, radios, and attack surfaces that are harder to control.

What browsers are supported?

SafeSeed works in any modern browser that supports the Web Crypto API:

  • Chrome 37+ (recommended)
  • Firefox 34+
  • Safari 11+
  • Edge 12+
  • Opera 24+
  • Brave (all versions)

Internet Explorer is not supported.

Does SafeSeed work without JavaScript?

No. SafeSeed tools require JavaScript to perform cryptographic operations (key generation, derivation, encoding). JavaScript is the mechanism that makes client-side operation possible — without it, the computations would have to happen on a server, which would defeat the security purpose.

Security Questions

How does SafeSeed generate random numbers?

SafeSeed uses the Web Crypto API (crypto.getRandomValues()), which is backed by your operating system's Cryptographically Secure Pseudorandom Number Generator (CSPRNG). On Linux, this draws from /dev/urandom seeded by hardware entropy. On macOS, the Security framework's Fortuna-based CSPRNG. On Windows, BCryptGenRandom. These are the same entropy sources used by TLS/SSL, SSH, and other security-critical applications.

Can SafeSeed's randomness be predicted?

No. A CSPRNG is designed so that knowing any amount of past output does not help predict future output. The entropy is gathered from hardware sources (CPU timing jitter, interrupt timing, thermal noise, dedicated hardware RNGs) that are physically unpredictable. Breaking a CSPRNG would require breaking the underlying cryptographic primitives (SHA-256, AES), which are considered computationally infeasible.

Is it safe to generate a seed phrase in a web browser?

For a client-side tool like SafeSeed, the browser is as safe as the environment it runs in. The tool itself does not introduce vulnerabilities — it uses standard browser APIs and established cryptographic libraries. The risks come from the environment:

  • Malware on the device: A keylogger or screen scraper could capture the generated phrase regardless of how safe the tool is
  • Malicious browser extensions: Extensions with broad permissions could read page content
  • Network interception: Not applicable to SafeSeed (no network requests during generation) but a concern for non-client-side tools

For significant holdings, use SafeSeed on an air-gapped computer as described in the Offline Usage Guide.

What if SafeSeed's website is compromised?

If an attacker gained access to SafeSeed's hosting and modified the tool to exfiltrate keys, anyone using the online version could be affected. This is a risk inherent to any web-based tool. Mitigations:

  1. Use SafeSeed offline: Download the tool while it is known-good and use it on an air-gapped machine. The offline copy is immune to future website compromises.
  2. Verify the source code: Before using, inspect the JavaScript for any network requests or data exfiltration.
  3. Compare with other tools: Generate a seed phrase with SafeSeed and verify that the same seed produces the same addresses in a different, trusted tool (like a hardware wallet or Ian Coleman's BIP-39 tool).
  4. Use Subresource Integrity (SRI): SafeSeed uses SRI hashes for external dependencies, preventing CDN-level tampering.

Should I trust SafeSeed with my life savings?

You should not trust any single tool with your life savings — you should verify. Generate your seed phrase with SafeSeed on an air-gapped machine, then verify the derived addresses match what your hardware wallet generates. If they match, you have confirmation from two independent implementations. The seed phrase is a mathematical standard (BIP-39), not a SafeSeed-specific format, and works in any compliant wallet.

Can SafeSeed employees see my seed phrase?

No. SafeSeed tools run entirely in your browser. No data is transmitted to any server. There is no mechanism for anyone — including SafeSeed's developers — to see your generated seed phrases or private keys. This is verifiable by inspecting the source code or monitoring network traffic with your browser's developer tools.

Seed Phrase Questions

What is a seed phrase?

A seed phrase (also called a mnemonic phrase, recovery phrase, or backup phrase) is a sequence of 12 or 24 common English words that encodes the master key for a cryptocurrency wallet. From this phrase, all private keys, public keys, and addresses can be deterministically derived. It is defined by the BIP-39 standard.

For a complete explanation, see the Seed Phrase Generator Tutorial.

Is a 12-word seed phrase secure enough?

Yes. A 12-word BIP-39 phrase encodes 128 bits of entropy, providing 2^128 (approximately 3.4 x 10^38) possible combinations. Brute-forcing this is computationally impossible with current or foreseeable technology. For reference, AES-128 (the same bit strength) is approved for protecting classified government information. The 24-word option (256 bits) provides an even larger margin.

What is the difference between a seed phrase and a private key?

A seed phrase is the master backup that can generate many private keys. It follows the BIP-39 standard (12 or 24 words).

A private key is a single key that controls a single address. It is derived from the seed phrase via the BIP-32/BIP-44 derivation process.

One seed phrase produces an entire tree of private keys — different keys for different blockchains, accounts, and addresses. Backing up the seed phrase backs up everything.

Can I create my own seed phrase by choosing words?

Technically you could choose 12 or 24 words from the BIP-39 wordlist, but this is strongly discouraged. Humans are extremely poor at generating randomness. Our choices are predictable and biased. A seed phrase derived from human-selected words would have far less than 128 bits of effective entropy, making it vulnerable to brute-force attacks. Always use a cryptographically secure random generator like SafeSeed's Seed Phrase Generator.

What is a passphrase (25th word)?

The BIP-39 passphrase is an optional additional input that modifies the seed derivation. The same 24-word mnemonic with different passphrases produces entirely different wallets. Benefits include additional security (even if the seed phrase is stolen, the attacker needs the passphrase) and plausible deniability (the no-passphrase wallet can serve as a decoy). The risk is that a forgotten passphrase means permanently lost funds.

For detailed guidance, see the passphrase section of the Seed Phrase Generator Tutorial.

Can I recover a wallet if I lose one word from my seed phrase?

If you know the position of the missing word, there are only 2,048 possible words to try. This can be brute-forced relatively quickly (seconds to minutes). If you have lost two words, the search space is 2,048^2 (approximately 4.2 million) — still feasible but slower. Three or more missing words becomes exponentially more difficult and may be practically impossible depending on position combinations.

Is it safe to store my seed phrase in a password manager?

This is debated in the security community. Password managers like 1Password or Bitwarden provide strong encryption, but they are internet-connected and cloud-synced. If the password manager is compromised, your seed phrase is exposed. The general recommendation is to store seed phrases on physical media (paper or metal) in secure physical locations, separate from digital systems. However, a password manager is far better than a plain text file, photo, or email.

Are BIP-39 seed phrases compatible across wallets?

Yes, with caveats. The BIP-39 mnemonic standard is universally implemented. However, different wallets may use different derivation paths (BIP-44 vs. BIP-84 vs. BIP-86), which means they generate different addresses from the same seed. The seed phrase itself transfers perfectly between wallets — you may just need to select the correct derivation path to find your funds. SafeSeed's Address Generator helps you explore different paths.

Paper Wallet Questions

Are paper wallets still relevant in 2026?

Yes, though their role has evolved. Paper wallets are best used as supplementary cold storage backups, educational tools, cryptocurrency gifts, or in situations where hardware wallet cost is prohibitive. For day-to-day use, hardware wallets offer a better user experience. Paper wallets remain the simplest possible form of cold storage with zero electronic components, no firmware, and no batteries.

For a complete guide, see the Paper Wallet Creator Tutorial.

What is BIP-38 encryption for paper wallets?

BIP-38 adds password protection to a paper wallet's private key. The printed private key is encrypted, so anyone who physically obtains the paper wallet cannot spend the funds without also knowing the password. The encrypted key starts with 6P instead of the usual 5, K, or L. This is highly recommended for any paper wallet that might be physically accessed by others.

Can I laminate a paper wallet?

Yes, and it is recommended. Lamination protects against water damage, tearing, and general wear. However, be aware that lamination makes the wallet tamper-evident (it is harder to open without visible damage), which can be either a benefit or a drawback depending on your needs. Use cold lamination pouches (no heat) if you are concerned about heat damage to ink.

How do I spend from a paper wallet?

To spend from a paper wallet, you "sweep" the private key into a software wallet (such as Electrum or BlueWallet). The software wallet creates a transaction moving all funds from the paper wallet address to a new address it controls. After sweeping, the paper wallet is empty and should be destroyed. Never partially spend from a paper wallet without understanding change addresses.

See the sweeping section of the Paper Wallet Creator Tutorial.

Can I receive funds to a paper wallet multiple times?

Yes. You can send cryptocurrency to a paper wallet's public address as many times as you want. The balance accumulates. When you decide to spend, sweep the entire balance at once.

Address Derivation Questions

Why does my wallet show a different address than SafeSeed?

The most common causes:

  1. Different derivation path: Your wallet uses BIP-44 (m/44'/0'/0'/0/0) while SafeSeed shows BIP-84 (m/84'/0'/0'/0/0), or vice versa. Try different paths in SafeSeed's Address Generator.
  2. Passphrase mismatch: If your wallet uses a passphrase (25th word) and you did not enter it in SafeSeed, the addresses will differ.
  3. Wrong account index: Some wallets use account 1' instead of 0'.
  4. Address format: Legacy (1), SegWit (3), Native SegWit (bc1q), and Taproot (bc1p) addresses are all different even from the same seed.

The Key Derivation Tool helps systematically explore all possibilities.

What is an xpub/ypub/zpub?

These are extended public keys at a specific level of the derivation tree. They can derive all child public keys (and thus addresses) below them, without knowing any private keys.

Key TypeStandardAddress Format
xpubBIP-44Legacy (P2PKH)
ypubBIP-49SegWit (P2SH-P2WPKH)
zpubBIP-84Native SegWit (P2WPKH)

Extended public keys are safe to share for watch-only purposes (monitoring balances, generating receiving addresses). They cannot be used to spend funds. However, sharing your xpub reveals all your addresses and balances, which is a privacy concern.

How many addresses can I generate from one seed?

Practically unlimited. Each account supports approximately 2.1 billion receiving addresses and 2.1 billion change addresses. You can create approximately 2.1 billion accounts per coin type. In practice, wallets use sequential addresses starting from index 0, and most users will never exceed a few hundred addresses.

Can the same address exist on Bitcoin and Ethereum?

No. Bitcoin and Ethereum use fundamentally different address encoding schemes. Bitcoin Legacy addresses start with 1, Native SegWit with bc1q, and Taproot with bc1p. Ethereum addresses start with 0x. Even though both derive from secp256k1 keys, the hashing and encoding steps produce different outputs. This is by design — it prevents accidentally sending funds to the wrong chain.

What are change addresses?

In Bitcoin and other UTXO-based chains, when you spend less than the full amount at an address, the remainder is sent to a "change address" controlled by your wallet. Change addresses are derived from the m/.../1/x path (change = 1), while receiving addresses use m/.../0/x (change = 0). Understanding change addresses is important for wallet recovery — your funds might be at change addresses, not just receiving addresses.

See the change address section in the Key Derivation Tool Tutorial.

Offline Usage Questions

Why should I use SafeSeed offline?

Using SafeSeed offline eliminates all network-based attack vectors. Even if the tool is perfectly secure, your computer might have malware that exfiltrates data over the network. An air-gapped computer has no network connection, so exfiltration is physically impossible.

For a complete setup guide, see Using SafeSeed Offline.

How do I save SafeSeed for offline use?

In your browser, press Ctrl+S (Windows/Linux) or Cmd+S (Mac) and select "Webpage, Complete" to save the tool page with all dependencies. Save to a USB drive, then open the saved file on an air-gapped computer. The tool works identically offline because all cryptographic operations happen in JavaScript, not on a server.

Can I use SafeSeed on Tails OS?

Yes. SafeSeed tools work in the Tor Browser that ships with Tails. Boot Tails without any network connection, open the saved SafeSeed HTML file, and generate your keys. Tails runs entirely in RAM and wipes all memory on shutdown, providing the highest level of operational security.

Do I need an air-gapped computer for every use?

No. The security level should match the value at risk:

ScenarioRecommended Setup
Learning and exploringRegular browser, online
Small amounts (under $1,000)Regular browser, close other tabs
Moderate amounts ($1,000-$10,000)Disconnect internet, then use
Significant amounts ($10,000+)Dedicated offline computer
Large/institutional amountsTails live USB, air-gapped, dedicated printer

Blockchain and Compatibility Questions

How many blockchains does SafeSeed support?

SafeSeed supports 15+ blockchains including Bitcoin (with all address formats), Ethereum (and all EVM-compatible chains), Litecoin, Bitcoin Cash, Dogecoin, Ripple (XRP), Cardano, Solana, Polkadot, Cosmos, Tron, Stellar, Avalanche, Ethereum Classic, Zcash, and Dash.

For complete details, see Supported Blockchains.

Does SafeSeed support NFTs?

SafeSeed generates the underlying keys and addresses for blockchains that support NFTs (Ethereum, Solana, etc.). It does not interact with NFT contracts directly. If you generate an Ethereum address with SafeSeed, that address can receive and hold NFTs — you would use separate wallet software to view and transfer them.

Does SafeSeed support hardware wallets?

SafeSeed does not interface with hardware wallets directly (it does not communicate via USB or Bluetooth). Instead, SafeSeed complements hardware wallets by:

  1. Independently verifying that your hardware wallet derives correct addresses from your seed
  2. Generating seed phrases that you can then import into a hardware wallet
  3. Exploring derivation paths to understand what your hardware wallet does

Seeds generated by SafeSeed are compatible with all BIP-39 hardware wallets (Ledger, Trezor, Keystone, BitBox02, Coldcard, etc.).

Can I use SafeSeed for multi-signature wallets?

SafeSeed can generate individual seed phrases and derive public keys for use in multi-signature setups. However, SafeSeed does not construct multi-signature scripts or transactions. You would use SafeSeed to generate each signer's keys, then use wallet software (like Electrum, Sparrow, or Caravan) to create the multi-sig configuration.

Technical Questions

What cryptographic libraries does SafeSeed use?

SafeSeed uses established, well-audited cryptographic libraries for its core operations. The specific libraries include implementations of BIP-39 (mnemonic generation), BIP-32 (HD key derivation), and various blockchain-specific address encoding schemes. All cryptographic random number generation uses the browser's native Web Crypto API rather than a JavaScript-based PRNG.

What is the BIP-39 wordlist?

The BIP-39 English wordlist contains exactly 2,048 words. Each word is unique within its first four characters, which enables abbreviation when stamping on metal plates. The words were selected for: uniqueness, avoidance of similar-looking words (no "woman" and "women"), common English vocabulary, and clear pronunciation. Wordlists also exist for Japanese, Korean, Spanish, Chinese (Simplified and Traditional), French, Italian, Czech, and Portuguese.

What is the difference between BIP-32, BIP-39, and BIP-44?

StandardPurpose
BIP-39Defines how to encode entropy as a mnemonic phrase (seed words) and how to derive a seed from the mnemonic
BIP-32Defines the algorithm for deriving child keys from parent keys (the "HD" in HD wallets)
BIP-44Defines the tree structure (purpose/coin/account/change/index) for organizing keys derived via BIP-32

They work together: BIP-39 creates the seed, BIP-32 derives keys from the seed, and BIP-44 organizes those keys into a standard structure.

What is SLIP-44?

SLIP-44 (Satoshi Labs Improvement Proposal 44) is a registry of coin type values used in BIP-44 derivation paths. Each cryptocurrency is assigned a unique number: Bitcoin is 0, Ethereum is 60, Litecoin is 2, and so on. This ensures that the same seed phrase derives different keys for different blockchains, preventing address collisions.

Why does SafeSeed use JavaScript instead of a native application?

JavaScript in a browser provides several advantages for security tools: (1) No installation required — reduces the risk of supply chain attacks during distribution. (2) The source code is directly inspectable in the browser. (3) Cross-platform compatibility without separate builds. (4) The Web Crypto API provides access to OS-level entropy. (5) Offline capability through saved pages.

The primary tradeoff is that JavaScript is a managed language without direct memory control, so clearing sensitive data from memory is not as deterministic as in C or Rust. For this reason, SafeSeed recommends air-gapped setups for high-value key generation.

How does SafeSeed handle the Web Crypto API on different operating systems?

The Web Crypto API is a browser standard that delegates to the OS-level CSPRNG:

OSCSPRNG SourceBrowser API
WindowsBCryptGenRandom (CNG)crypto.getRandomValues()
macOSSecRandomCopyBytes (Security.framework)crypto.getRandomValues()
Linuxgetrandom() / /dev/urandomcrypto.getRandomValues()
iOSSecRandomCopyBytescrypto.getRandomValues()
Android/dev/urandomcrypto.getRandomValues()

All of these are considered cryptographically secure and suitable for key generation.

Troubleshooting

SafeSeed is not generating a seed phrase. What should I do?

  1. Check your browser: Ensure you are using a modern browser (Chrome, Firefox, Safari, Edge) with JavaScript enabled.
  2. Disable ad blockers: Some ad blockers may interfere with JavaScript execution.
  3. Try a private/incognito window: This eliminates interference from browser extensions.
  4. Check the console: Open the browser developer tools (F12 > Console tab) and look for error messages.
  5. Try a different browser: If one browser fails, try another.

The QR code on my paper wallet will not scan.

  1. Print quality: Reprint at the highest quality setting your printer supports.
  2. Size: The QR code may be too small. If your layout allows, increase the QR code size.
  3. Contrast: Ensure the QR code is printed in solid black on white paper. Faded ink or grey tones reduce scannability.
  4. Flatness: Fold marks or wrinkles through the QR code can prevent scanning. Print a new copy.
  5. Fallback: You can always manually type the address or private key instead of scanning.

I entered my seed phrase but the addresses do not match my wallet.

See the "Why does my wallet show a different address than SafeSeed?" question above. The most common issues are derivation path mismatches and passphrase differences. Use the Key Derivation Tool to systematically explore paths.

The saved offline page does not work correctly.

  1. Re-save the page: Use "Webpage, Complete" (not "HTML only") in the save dialog.
  2. Check file integrity: Ensure all .js and .css files were saved alongside the .html file.
  3. Try a different save method: Chrome and Firefox may save pages differently. Try both.
  4. Use SingleFile extension: The SingleFile browser extension saves the entire page as a single self-contained HTML file, which is more reliable for offline use.