What can we help you with?

  1. Homepage
  2. General Knowledge
  3. Cryptography & Encryption
  4. How do Secret Recovery Phrases work?

How Do Secret Recovery Phrases Work?

Last updated: October 26th, 2021

A Secret Recovery Phrase, mnemonic phrase, or Seed Phrase is a set of typically either 12 or 24 words, which can be used to derive an infinite number of accounts. Often times these phrases are used by cryptocurrency hardware wallets, to be written down on a piece of paper by the user to safely back up the users' funds.

For example, a 12 word Secret Recovery Phrase looks like this:

jealous expect hundred young unlock disagree major siren surge acoustic machine catalog

Sometimes these are referred to as recovery phrases, seed phrases, or 12-word phrases by other wallets and/or interfaces.

In the Ethereum ecosystem, Secret Recovery Phrases are generally generated following the BIP 32 spec. Popular hardware wallets, like Ledger and Trezor, follow this spec, same applies to MetaMask. The Secret Recovery Phrase generated by your wallet (usually) consists of 24 words, randomly selected from the BIP 32 English wordlist, some wallets make use of a 12-word Secret Recovery Phrase that are shorter and therefore easier to remember.

Additional Passphrases

Many wallets provide an option to enhance the security of your Secret Recovery Phrase with a password or passphrase. This is useful as accessing your wallets would require you to have something you have (the Secret Recovery Phrase) plus something you know (the password). Often times this is referred to as the 13th or 25th word, though this is technically not accurate.

There are some key differences between a typical password and the password that protects your Secret Recovery Phrase. Because the password doesn't encrypt the Secret Recovery Phrase (like the password encrypts your keystore file), there is no "wrong" password. Using a different password will result in different accounts being unlocked.

Plausible Deniability

Since every password generates a valid seed and will unlock a different account, there is no "wrong" password. It is meant to protect you from the "wrench attack," and enables you to create a decoy wallet which has the same Secret Recovery Phrase but uses a different password. If someone forces you to give them access to your wallets, you could provide the decoy password, and keep the real password (with all your funds) a secret.

Be careful!

Losing this password will result in you losing access to your wallets and funds.

Didn't find what you were looking for? Contact Us

MyCrypto is an open-source tool that allows you to manage your Ethereum accounts privately and securely. Developed by and for the community since 2015, we’re focused on building awesome products that put the power in people’s hands.

© 2022 MyCrypto, Inc.

Donate

Subscribe to MyCrypto

Get updates from MyCrypto straight to your inbox!

By submitting your email, you affirmatively agree to our Privacy Policy