III.

How to securely specify the seed?

which remains mnemonic

        As we concluded, while looking for the solution we have to comply with two contradictory conditions - the sequence should be mnemonic, but the same time completely random.
Impossible? Not necessarily. Looking closely at the reality we can assume that almost everything around us carries some data. Every newspaper, every picture, every content and every possible information available in the public space provides data. The most obvious and common ones are mathematical and physical constants, mathematical strings and series, space distances, chemical constants and so on. Wherever we are in the world, we can easily access them all without the necessity of noting and carrying them with us. Such a feature is a big advantage and a great working basis for our task. Numbers are the most obvious, but not the only data we can employ. As the newspaper's lifespan is brief and any past issues are hard to get, books in most cases are immortal. Best sellers and great works of literature are available worldwide. Now the only thing we need is to choose one and specify an individual and easy to remember method, which will lead us in a smart way to extracting the necessary set of words. Achieving this, we do not need to note it or remember anymore. Knowing our individual method is the only thing we need to recover the seed anytime we need, using just a pencil and a piece of paper. The possibilities of creating a method are endless and the only limit is the one set by our own imagination.

For example, let's choose one of my most favourite books, well known all over the world The Millenium Trillogy by Stieg Larsson. It was 2009 world's best seller no. 1, with 45 millions of copies sold worldwide in the year of release. Reissued many times, nowadays available even online. I have no doubts I could get it anywhere in the civilised world if I only needed.
An important comment here - the fact that this book is my favourite should definitely disqualify it as a choice. Anyone who knows me could guess it was my choice as a basis for a key. The choice should be neutral and this one doesn't comply with this rule. It results from my individual thinking schemes and emotional involvements, in this particular case from my literary preferences. This is a trap you should always try to avoid because of security reasons.
But even if you give in to temptation and choose your favorite book, the next step will eliminate effectively all the risk.

I choose part 1, „The girl with the dragon tattoo”. Now is the time for a completely random component, and the only thing I will have to remember. To focus on a random part of text, I choose at random chapter 5. To make the randomization even deeper, I do not focus on the beginning of the chapter, but immerse inside it. I choose at random number - for example 50, but remember it could be any other, and any greater, for example 1969, which you could easily remember because of the year of Apollo 11 Moon landing. So now let's take a look what we get. The beginning of the 5th chapter is:

„Thursday, December 26
For the first time since he began his monologue, the old man had managed to take Blomkvist by surprise. He had to ask him to repeat it to be sure he had heard correctly. Nothing in the cuttings had hinted at a murder. It was September 24, 1966. Harriet was sixteen and had just begun her second year at prep school. It was a Saturday, and it turned into the worst day of my life. I've gone over the events so many times that I think I can account for what happened in every minute of that day - except the most important thing.(...) ”

Every letter string excluding punctuation marks I treat in this example like a separate word, but remember that you can make any other own rule. I find the 50th word, which in this particular case is number 24. Starting from this point I choose next 23 words – this is the highlighted text fragment. Next let's bring into play the simplest way of transforming words into numbers. We assign the following index number to every letter.
Thus we get:

A
1
B
2
C
3
D
4
E
5
F
6
G
7
H
8
I
9
J
10
K
11
L
12
M
13
N
14
O
15
P
16
Q
17
R
18
S
19
T
20
U
21
V
22
W
23
X
24
Y
25
Z
26

Next let's transform every word of the chosen fragment into a number by simple addition:

24
-
24
1966
-
1966
harriet
8+1+18+18+9+5+20
79
was
23+1+19
43
sixteen
19+9+24+20+5+5+14
96
and
1+14+4
19
had
8+1+4
13
just
10+21+19+20
70
begun
2+5+7+21+14
49
her
8+5+18
31
second
19+5+3+15+14+4
60
year
25+5+1+18
49
at
1+20
21
prep
16+18+5+16
55
school
19+3+8+15+15+12
72
it
9+20
29
was
23+1+19
43
a
1
1
saturday
19+1+20+21+18+4+1+25
109
and
1+14+4
29
it
9+20
29
turned
20+21+18+14+5+4
82
into
9+14+20+15
58

At this point we could safely stop and use the results we got above as the indexes of the words in BIP39 standard list. But as you probably noticed, the resulted values range is quite narrow and stands between 1 and 109. It is simply because of a small number of 26 letters in alphabet and small average word length, usually amounting just to few letters. Number 1966 is a lucky exception and arised only because of number occurence in the text fragment. Remember that numbers usually does not occur in textes and you probably won't get such a one in your own case. So if you want to correct it, you can set here additional math process. To stretch the result more into the 2048 elements space (BIP39), let's add to each number a multiple of some additional random number. Let it be 40. So we add 40 to the first index, 80 to the second (2 times 40), 120 to the third (3 times 40) and so on. After such a process we finally get BIP39 indexes, which provide us particular BIP39 words:

24
64
among
1966
2046
zero
79
199
boat
43
203
bone
96
296
ceiling
19
259
cake
13
293
cause
70
390
cost
49
409
credit
31
431
cupboard
60
500
dinosaur
49
529
dragon
21
541
drum
55
615
error
72
672
fault
29
669
fatal
43
723
fog
1
721
foam
109
869
hold
29
819
green
29
869
hold
82
962
join
58
978
kick

For the resultant words set we calculate possible 24th checkusum words and choose one. We have already done it in the example on the first page and we know that one of the possibilites is "agent".

That way we have created our own secure seed. Its objective randomness results from our random (or not) book choice and definitely random text choice.
Even if the book is your favorite one and some people could associate it with you, random text choice and individual transformation method guarantees high secureness level of the created seed.

Please note that the resulted seed is just as hard to remember as any other one given by internal Ledger generator. This is the best proof for its randomness and secureness. But the difference is now you do not have to remember it nor write it down. You will recover it anytime you need using just the book, pencil and a piece of paper. And all you need to remember are three numbers:

5
chapter number
50
number of the word in the chapter that indicates the beginning of the text fragment
40
component added to each BIP39 index, multiplied at first by the word index

I guess you agree it is much easier to remember than any 24 random words?
And this case is still much more complicated than it is necessary. Remember that the third component is not needful. We set it only to project the result we got to the full range of BIP39 set.

Let's summarize:
In fact, we haven't chosen the seed above. But we have chosen the source and the method of generating it. As a result, now we can recover it anytime we need by simply repeating the generating process.

Last but not least, please remember that the example above is not a rule or any template. Your individual method can differ on every stage. You don't have to use continuous text fragment. You can start at any random point and choose every second word, every fifth or every one hundred twenty-seventh one. It's all up to you. You don't have to limit the text fragment just to 23 words. It can be any longer, and you can transform a several words sets into a single BIP39 indexes. You can choose the words forward or backward and only you will be the one who knows that. You don't have to assign subsequent numbers to subsequent letters, but you can create any other simple to remember rule, for example 5, 10, 15, 20.... or consecutive prime numbers. The possibilities are endless, it is only the matter of your own imagination. It should be always your own, custom and unique scheme. Without the necessity of noting.

Another example - let's choose a TV series instead of a book.
TV series usually consists of tens or even hundreds of episodes. And every episode usually has a title. Using the method above you can easily transform a single episode title to a single BIP39 index. Tens of thousands of TV series arose all over the world and every single year this number is rising. Just pick at random one, get 23 episodes of your own choice and transform them into the set of 23 BIP39 words. It is up to you if you choose something contemporary, Columbo from the 70's, or even Bonanza from the early 60's. You can easily find on the Internet full chapter title list of every single TV series, no matter how old it is. You don't have to remember anything more than just an episodes choosing manner and the transforming method.

One more example.
You don't have to use any text. As we already said in the beginning, numbers are just as good. Forget about mathematical and physical strings. They are useful, but choosing more unobvious source will be even better. How about immortal and unchangeable sport statistics? The Olympic Games? FIFA? UEFA? Just choose any of tournaments and make use of the first 23 goals. This is only one of thousand possibilities of course. Goals don't have to be the first, you can choose the last 23 goals as well. Or any other 23 goals starting from the specified match or date. Taken forward or backward. Every goal has been shot in a specific minute and that information will never change in statistics. This easy way you get 23 numbers in the range 1-120. You can use it directly as the BIP39 indexes, or project them onto the full range of 2048 BIP39 elements by any simple mathematical operation of your own choice.

It is worth noting that you do not need to go to the extreme with the transformation method. Possibilities of choosing the source basis are endless. It means the possibility of guessing exactly the one beeing yours is close to zero. If so, then you really don't need to increase the succeeding transformation steps. As long as your source and method are based on your own choice and idea, even simple transformation is still secure.

Not convinced? Any doubts?
Then be honest and answer the question - would you check the EURO 1988 goals minutes starting from the first Laudrup score if you wanted to find my seed or any of my passwords? Would you even think about it if you didn't read the above paragraph? I'll bet you wouldn't.
Special disclaimer for Antoine Poinsot: this is not a real clue! It's just an example to trigger your imagination. Any once and anywhere revealed idea is compromised forever!

If you have cash or a gold bar you can conceal it in a chest or bury in a forest. If you own blockchain based assets, by this method you can conceal it and store in any immaterial content without any trace. That's somehow revolutionary.
You only need to remember that the method should always base on your own idea. You should never copy anything you have read about on the Internet. Anything written on the Internet becomes compromised forever. Be creatvie.

recovery-phrase-is-invalid-retry

I. Is it possible to customize seed?

Most of Ledger Nano owners at some point start to wonder if there is a possibility to customize their seed. Possibly some of them go even further and try to use randomly chosen words in the recovery option. read...

worthiness

II. Is it worthy to customize seed?

Let's start with the issue that the manufacturer does not provide such a possibility. And it is no coincidence. Secure seed is the one that nobody can guess. If so - then it should be objectively random. read...