Seed Phrase Generator Tutorial: Create Secure BIP-39 Mnemonics

A seed phrase is the single most important piece of information in your cryptocurrency setup. It is the master key from which all your private keys, public keys, and addresses are derived. Lose it, and you lose access to your funds. Expose it, and anyone can steal everything. This tutorial walks you through using SafeSeed's Seed Phrase Generator to create a BIP-39 compliant mnemonic phrase with maximum security.

Try It Now

Generate a BIP-39 seed phrase at safeseed.app/tools/seed-generator/ — entirely client-side, nothing is sent to any server.

What Is a BIP-39 Seed Phrase?

BIP-39 (Bitcoin Improvement Proposal 39) defines a standard for encoding cryptographic entropy as a sequence of common English words. Instead of backing up a 256-bit binary number, you back up 12 or 24 easily readable words like "abandon", "ability", or "zoo".

How It Works

Entropy generation: A cryptographically secure random number generator produces 128 bits (for 12 words) or 256 bits (for 24 words) of randomness.
Checksum: A SHA-256 hash of the entropy provides a checksum. For 128-bit entropy, 4 checksum bits are appended; for 256-bit entropy, 8 checksum bits are appended.
Word mapping: The combined entropy + checksum is split into 11-bit groups. Each 11-bit value maps to one of 2,048 words in the BIP-39 wordlist.
Seed derivation: The mnemonic phrase is converted to a 512-bit seed using PBKDF2-HMAC-SHA512 with 2,048 iterations. An optional passphrase can be included in this step.

The result is a set of words that deterministically produces the same set of keys every time, on any wallet that implements BIP-39.

12 Words vs. 24 Words

Feature	12 Words (128-bit)	24 Words (256-bit)
Entropy	128 bits	256 bits
Security level	2^128 possible combinations	2^256 possible combinations
Brute force resistance	Effectively unbreakable	Effectively unbreakable
Ease of backup	Easier to write and store	More words to manage
Industry adoption	Common in mobile wallets	Standard for hardware wallets
Recommended for	Moderate holdings	Significant holdings, long-term storage

Both 12-word and 24-word phrases provide security far beyond what any attacker can brute-force with current or foreseeable technology. The choice between them is largely a matter of convention and personal preference. Most hardware wallets default to 24 words, while many mobile wallets use 12.

Step-by-Step: Generating Your Seed Phrase

Prerequisites

Before you begin, consider your security requirements:

For learning and testing: You can use SafeSeed directly in your browser with an internet connection.
For real funds (moderate amounts): Close unnecessary browser tabs and applications, ensure your device is malware-free.
For significant holdings: Use an air-gapped computer following the Offline Usage Guide.

Step 1: Open the Seed Phrase Generator

Navigate to safeseed.app/tools/seed-generator/ in your web browser. The tool loads entirely in your browser, and you can verify this by disconnecting from the internet after the page loads — the tool will continue to function.

Step 2: Select Word Count

Choose between generating a 12-word or 24-word mnemonic phrase. For most users securing real cryptocurrency, 24 words is the standard recommendation, as it aligns with what major hardware wallets like Ledger and Trezor use by default.

Step 3: Generate the Phrase

Click the Generate button. The tool uses your browser's Web Crypto API (crypto.getRandomValues()) to produce cryptographically secure random entropy, then converts it into a BIP-39 mnemonic phrase.

Each time you click Generate, an entirely new phrase is created from fresh entropy. There is no relationship between successive generated phrases.

Step 4: Record the Phrase

This is the most critical step. You must record your seed phrase on a physical medium that will survive long-term storage. Here are your options:

Paper (minimum recommended):

Use a pen (not pencil, which can fade) on acid-free or archival paper
Write clearly and legibly
Number each word (1 through 12 or 24)
Double-check every word against the screen
Do not type the phrase into any digital device

Metal (recommended for significant holdings):

Stamp or engrave each word onto a stainless steel or titanium plate
Metal backups survive fire, flood, and physical degradation
Products like Cryptosteel, Billfodl, or Blockplate are designed for this purpose
For a DIY approach, stainless steel washers stamped with letter punches work effectively

What NOT to do:

Do not take a screenshot or photo of the phrase
Do not copy it to your clipboard
Do not store it in a text file, note-taking app, or cloud service
Do not email it to yourself
Do not store it in a password manager (the seed phrase should remain offline)

Step 5: Verify the Phrase

After recording your seed phrase, verify it by reading it back word-by-word against the screen. Pay special attention to words that look similar:

"abandon" vs. "about"
"letter" vs. "level"
"right" vs. "riot"

The BIP-39 wordlist was designed to minimize ambiguity — the first four letters of each word are unique. But human transcription errors remain the most common cause of seed phrase loss.

Step 6: (Optional) Add a Passphrase

A BIP-39 passphrase (sometimes called the "25th word") adds an additional layer of security. When you derive a seed from your mnemonic, the passphrase is included in the PBKDF2 derivation:

seed = PBKDF2(mnemonic, "mnemonic" + passphrase, 2048, 512)

If you set a passphrase:

The same mnemonic with different passphrases produces entirely different wallets
Without the passphrase, the mnemonic alone generates a different (but valid) set of keys
This creates plausible deniability: the "empty" wallet (no passphrase) can serve as a decoy
You must remember or securely store the passphrase separately from the mnemonic

Passphrase considerations:

A forgotten passphrase means permanent loss of access — there is no recovery mechanism
The passphrase is case-sensitive and can include spaces and special characters
Store the passphrase separately from the seed phrase for security, but ensure both are recoverable
A strong passphrase should be at least 12 characters with mixed case and numbers

Step 7: Clear the Screen

After you have securely recorded your seed phrase and verified it:

Close the browser tab
Clear your browser's recent history (optional but recommended)
For maximum security, restart your browser or computer

SafeSeed does not store any data in localStorage, cookies, or browser storage, but clearing the session ensures no residual data remains in browser memory.

Understanding the Output

The Seed Phrase Generator displays several pieces of information:

Mnemonic Words

The 12 or 24 words that constitute your seed phrase. These words are drawn from the official BIP-39 English wordlist of 2,048 words. Every word in the list is unique within its first four characters, which is why you can abbreviate words when stamping on metal plates.

Entropy (Hex)

The raw random data that was generated, displayed in hexadecimal. This is the underlying randomness that the mnemonic words encode. You generally do not need to record this separately — the mnemonic words fully encode the entropy plus checksum.

Checksum

The final portion of the last word encodes checksum bits derived from a SHA-256 hash of the entropy. This means not every combination of 12 or 24 BIP-39 words is valid — only those where the checksum matches. This serves as a basic error detection mechanism when entering a seed phrase into a wallet.

Seed (Hex)

The 512-bit seed derived from the mnemonic via PBKDF2. This seed is used as the input to BIP-32 key derivation. If you added a passphrase, the seed will differ from the no-passphrase version. You do not need to record this separately — it can always be re-derived from the mnemonic and passphrase.

Advanced Topics

Entropy Quality

The security of your seed phrase depends entirely on the quality of the entropy used to generate it. SafeSeed uses crypto.getRandomValues(), which is backed by your operating system's CSPRNG:

Linux: Draws from /dev/urandom, seeded by hardware interrupts, CPU jitter, and RDRAND/RDSEED when available
macOS: Uses the Fortuna-based CSPRNG in the Security framework
Windows: Uses BCryptGenRandom backed by the kernel's entropy pool

All modern browsers implement crypto.getRandomValues() using these OS-level CSPRNGs, making the entropy suitable for cryptographic key generation.

Why Not Use Dice or Coin Flips?

Some security-conscious users prefer generating entropy from physical sources like dice rolls or coin flips. While this approach eliminates trust in software RNGs, it introduces its own risks:

Bias: Physical dice and coins may not be perfectly fair
Insufficient mixing: Raw physical entropy needs proper hashing before use
Human error: Incorrectly recording or converting rolls introduces errors
Time-consuming: Generating 256 bits of entropy requires 100 coin flips or numerous dice rolls

If you choose to use physical entropy, you can enter it into the tool's advanced options (when available) to derive a mnemonic, but ensure you understand the risks of bias and procedural errors.

Multi-Signature Setups

For multi-signature wallets, you may need to generate multiple independent seed phrases. Each signer in a multisig arrangement should have their own seed phrase generated independently. Use the SafeSeed Seed Phrase Generator separately for each signer, ideally on different devices, and ensure each seed phrase is backed up independently.

SLIP-39 (Shamir's Secret Sharing) offers an alternative to BIP-39 where the seed is split into multiple shares, requiring a threshold number of shares to reconstruct. SafeSeed currently focuses on BIP-39, which is the more widely adopted standard. If you need Shamir's Secret Sharing, consider hardware wallets like Trezor that support SLIP-39 natively.

Common Mistakes and How to Avoid Them

Mistake 1: Generating Seed Phrases on a Compromised Device

Risk: Malware on your device could intercept the generated seed phrase through clipboard monitoring, screen capture, or keylogging.

Mitigation: Use the Offline Usage Guide for significant holdings. At minimum, run a malware scan and close all other applications before generating.

Mistake 2: Storing the Seed Phrase Digitally

Risk: Any digital copy (photo, text file, email, cloud note) can be compromised through hacking, device theft, or cloud service breaches.

Mitigation: Always use physical media. Paper for convenience, metal for durability. Never create a digital copy.

Mistake 3: Only Keeping One Copy

Risk: Physical disasters (fire, flood), theft, or simple loss can destroy your only backup.

Mitigation: Create 2-3 copies stored in geographically separate, secure locations. Consider a safe deposit box, a home safe, and a trusted family member's secure location.

Mistake 4: Not Testing the Seed Phrase

Risk: Transcription errors may make your backup useless when you need it.

Mitigation: After recording, use the Address Generator to derive addresses from your seed phrase (offline) and verify they match what your wallet shows. Send a small test amount and verify you can recover it.

Risk: Anyone with your seed phrase has complete control over your funds.

Mitigation: Never share your seed phrase with anyone, including support staff. No legitimate service will ever ask for your seed phrase. SafeSeed will never ask for an existing seed phrase — the generator creates new ones.

Seed Phrase Strength in Context

To appreciate the security of a properly generated BIP-39 seed phrase, consider the numbers:

12-word phrase: 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations
24-word phrase: 2^256 = approximately 1.16 x 10^77 possible combinations
Atoms in the observable universe: approximately 10^80

Even with all the computing power on Earth running for billions of years, brute-forcing a 128-bit key space is physically impossible. A 256-bit key space is so large that it approaches the physical limits of computation as described by thermodynamics (the Landauer limit).

The real threats to your seed phrase are not brute force — they are:

Malware on the device where you generate or enter the phrase
Physical theft of your backup
Social engineering (phishing, fake support)
Your own failure to back up or properly record the phrase

SafeSeed addresses threat #1 through client-side operation and offline capability. Threats #2-4 are your responsibility.

After Generating: Next Steps

Once you have your seed phrase securely generated and backed up:

Derive and verify addresses: Use the Address Generator to derive addresses and compare them with your wallet software or hardware wallet.
Create a paper wallet backup: Use the Paper Wallet Creator for an additional physical backup of specific addresses.
Explore derivation paths: Use the Key Derivation Tool to understand how your seed maps to keys for different blockchains.
Set up your wallet: Import the seed phrase into your hardware wallet or software wallet following their specific instructions.
Test with a small amount: Send a small amount of cryptocurrency to a derived address, then practice recovering it from your seed phrase backup.

FAQ

Can two people ever generate the same seed phrase?

Theoretically possible, but practically impossible. With 2^128 combinations for a 12-word phrase and 2^256 for 24 words, the probability of a collision is vanishingly small — far less likely than winning the lottery every day for a lifetime. The universe will undergo heat death before a random collision occurs.

What happens if I forget one word of my seed phrase?

If you know the position of the missing word, there are only 2,048 possible words to try. Tools exist to brute-force a single missing word, and this can be done relatively quickly. However, missing two or more words becomes exponentially harder (2,048^2 = ~4 million combinations for two words). This is why careful transcription and verification are essential.

Can I use a seed phrase generated by SafeSeed in my Ledger/Trezor?

Yes. BIP-39 is an open standard implemented by all major hardware wallets. A seed phrase generated by SafeSeed will work in Ledger, Trezor, Keystone, BitBox02, Coldcard, and any other BIP-39 compatible wallet. The seed phrase is not tied to any specific device or manufacturer.

Is a 12-word phrase secure enough?

Yes. A 12-word phrase provides 128 bits of entropy, which is the same security level used for AES-128 encryption that protects classified government communications. It is computationally infeasible to brute-force. The reason many hardware wallets default to 24 words is convention and an abundance of caution, not because 12 words are insufficient.

Should I add a passphrase (25th word)?

A passphrase adds a genuine security benefit — even if your seed phrase is stolen, the attacker cannot access your funds without the passphrase. However, a passphrase also adds a risk: if you lose or forget it, your funds are permanently inaccessible. Only use a passphrase if you have a robust plan for remembering or securely storing it, and understand that it is as critical as the seed phrase itself.

How often should I generate a new seed phrase?

There is no cryptographic reason to rotate seed phrases. Unlike passwords, seed phrases do not weaken over time. Generate a new seed phrase only when you have a specific reason: setting up a new wallet, suspecting compromise of the current phrase, or restructuring your security setup.

Can I modify or rearrange the words in my seed phrase?

No. The order of words matters — each position encodes specific bits of entropy and the final word includes the checksum. Rearranging words produces either an invalid phrase (checksum failure) or a completely different wallet. Always record and enter words in the exact order they were generated.

What is the BIP-39 wordlist, and why those specific words?

The BIP-39 English wordlist contains exactly 2,048 words chosen for: (1) uniqueness within the first four characters, (2) avoidance of similar-looking words, (3) common English words that are easy to spell and remember. Wordlists also exist for Japanese, Korean, Spanish, Chinese, French, Italian, Czech, and Portuguese, though the English list is by far the most widely used.

SafeSeed Tools Overview — Overview of all SafeSeed tools
Address Generator Tutorial — Verify addresses derived from your seed phrase
Paper Wallet Creator Tutorial — Create printable backups
Using SafeSeed Offline — Air-gapped security for maximum protection
Seed Phrase Security Guide — Comprehensive seed phrase security practices

What Is a BIP-39 Seed Phrase?​

How It Works​

12 Words vs. 24 Words​

Step-by-Step: Generating Your Seed Phrase​

Prerequisites​

Step 1: Open the Seed Phrase Generator​

Step 2: Select Word Count​

Step 3: Generate the Phrase​

Step 4: Record the Phrase​

Step 5: Verify the Phrase​

Step 6: (Optional) Add a Passphrase​

Step 7: Clear the Screen​

Understanding the Output​

Mnemonic Words​

Entropy (Hex)​

Checksum​

Seed (Hex)​

Advanced Topics​

Entropy Quality​

Why Not Use Dice or Coin Flips?​

Multi-Signature Setups​

Shamir's Secret Sharing vs. Seed Phrases​

Common Mistakes and How to Avoid Them​

Mistake 1: Generating Seed Phrases on a Compromised Device​

Mistake 2: Storing the Seed Phrase Digitally​

Mistake 3: Only Keeping One Copy​

Mistake 4: Not Testing the Seed Phrase​

Mistake 5: Sharing the Seed Phrase​

Seed Phrase Strength in Context​

After Generating: Next Steps​

FAQ​

Can two people ever generate the same seed phrase?​

What happens if I forget one word of my seed phrase?​

Can I use a seed phrase generated by SafeSeed in my Ledger/Trezor?​

Is a 12-word phrase secure enough?​

Should I add a passphrase (25th word)?​

How often should I generate a new seed phrase?​

Can I modify or rearrange the words in my seed phrase?​

What is the BIP-39 wordlist, and why those specific words?​

Related Guides​