Mnemonic codes

These are English words used to represent the random number used to derive the seed in a deterministic wallet. The words act as a password; the words can help in recovering the seed and subsequently the keys derived from it. The mnemonic codes act as a good backup system for the wallet user.

The wallet shows a list of 12 to 24 words when creating a wallet. This sequence of words is used to back up the wallet and recover all the keys in the event of a wallet becoming inaccessible.

Here is the process of generation of mnemonic code and seed as per the BIP0039 standard:

1. Initial random Entropy of ENT bits are generated between the allowed size of 128-256 bits.
2. Checksum is generated by taking the first few bits of its SHA256 hash. The checksum length is defined by ENT/32 formula.
3. The checksum denoted by CS is added at the end of initial Entropy.
4. The sequence created is split into 11-bits; each is encoded a number between 0 and 2,047 which acts as an index to a pre-defined wordlist.
5. A list of 12-24 words is created representing the mnemonic code.

The length mnemonic code, also known as a mnemonic sentence (MS), is defined by MS = (ENT + CS) / 11. The following screenshot shows the word length and the Entropy associated with that word length:

The seed that is 512 bits is generated from the mnemonic sequence using the PBKDF2 function where the mnemonic sentence is used as the password and the string mnemonic + passphrase is used as a salt. The passphrase is something that a user can use to protect their mnemonic; if it's not set, then "" is used.

The length of the derived key from this process is 512-bits; different wallets can use their own process to create the wordlist and also have any desired wordlist. Although it is advised to use the mnemonic generation process specified in the BIP, wallets can use their own version of wordlist as they require.