What BIP39 Is, In One Paragraph
BIP39 — Bitcoin Improvement Proposal 39 — is the standard for representing a crypto wallet's master key as a sequence of human-readable words. It was proposed in 2013 to solve a real problem: backing up a 256-bit cryptographic key as a hex string was error-prone (people transcribed digits wrong) and brittle (one missed digit corrupted the whole backup). Twelve random words from a fixed 2048-word wordlist solved both: easier to write down, easier to type back, and the last word's bits include a checksum so wrong transcriptions get caught immediately.
Almost every modern crypto wallet — Bitcoin, Ethereum, Solana, hardware wallets like Ledger and Trezor — uses BIP39 because it's the universal seed format. The BIP39 Mnemonic Generator creates these phrases (12, 15, 18, 21, or 24 words) and validates existing ones against the standard's three checks.
How the Microapp BIP39 Generator Works
Pick mode: Generate phrase or Validate phrase. Generate: pick a word count (12 is Bitcoin standard, 24 is most secure), click Generate. The phrase appears with each word numbered. Use the eye icon to mask/unmask. Validate: paste any existing phrase, see whether it passes all three structural checks (count, wordlist membership, checksum).
Generation uses crypto.getRandomValues for entropy — the browser's CSPRNG, the same source recommended for cryptographic secrets. Wordlist comes from the bip39 library (the standard 2048-word English wordlist). Both modes run entirely in your browser; nothing is uploaded.
bicycle morning portrait scrap evolve obey amused soldier mango cinnamon clinic ancient. Each word is from the BIP39 wordlist; the last word's bits include a checksum that depends on every other word. Validate the same phrase: ✓ Valid. Change one word to "elephant": ✗ Invalid (checksum mismatch). The validator catches single-word errors with extremely high probability.
The Critical Safety Warning
This is a learning tool, not a wallet. Do not use any web-based BIP39 generator for keys that will hold real money.
Why: browser environments aren't secure for high-stakes secret generation. Browser extensions can read clipboard content. Malware on your machine can keylog or screen-capture. JavaScript supply-chain attacks happen — even reputable libraries have been compromised. The combination is fine for testing, learning, and testnet/sandbox use; it's not fine for a seed phrase that will guard $50,000 of crypto.
For real funds, use a hardware wallet — Ledger, Trezor, Keystone. They generate seeds offline on a secure element chip, display them on a small screen the host computer can't see, and never expose the seed to the host. The price ($60-200) is trivial against the value at risk.
This tool is useful for: testing wallet integrations, generating throwaway seeds for testnet experiments, learning the BIP39 algorithm, understanding what your hardware wallet is doing under the hood. Not useful for: backing up a real crypto wallet, generating production seeds for any chain with real value.
Why 12, 15, 18, 21, or 24 Words?
Each word encodes 11 bits (because 211 = 2048, the wordlist size). The total word count comes from entropy + checksum: more entropy means more checksum bits, means more words.
| Words | Entropy | Checksum | Total bits | Common use |
|---|---|---|---|---|
| 12 | 128 bits | 4 bits | 132 | Bitcoin/Ethereum standard |
| 15 | 160 bits | 5 bits | 165 | Higher-security personal |
| 18 | 192 bits | 6 bits | 198 | Rare |
| 21 | 224 bits | 7 bits | 231 | Rare |
| 24 | 256 bits | 8 bits | 264 | Hardware wallets, max security |
12 words = 128 bits of entropy is already practically unbreakable: brute-forcing 2128 possibilities exceeds the energy budget of the observable universe. 24 words is overkill insurance; the practical security difference is negligible. Pick 12 unless your wallet defaults to 24 (Ledger and Trezor do).
What the Checksum Catches
The last few bits of the phrase are a hash (SHA-256) of the entropy bits. Validators recompute that hash and verify it matches. The catch rate for accidental errors is excellent: changing a single word almost always fails the checksum (the only failures are the rare cases where the changed word's bits happen to satisfy the hash, which is roughly 1 in 16 for 12-word phrases).
This is why "almost any 12 random words" isn't a valid BIP39 phrase. The wordlist + checksum requirement means valid phrases form a sparse subset of all possible word combinations. Random transcription errors get caught; deliberate forgery (someone constructing a valid-looking phrase) is computationally easy but pointless because the holder still needs the original to spend funds.
Adding a Passphrase ("25th word")
Most wallets support an optional BIP39 passphrase you add at restore time. The passphrase isn't part of the mnemonic — it's a separate string that, combined with the mnemonic, derives a different wallet. With no passphrase, you get wallet A; with passphrase "vacation2024", you get wallet B; same mnemonic, different addresses.
This is a security feature: if your seed phrase is stolen but your passphrase isn't, the attacker accesses an empty wallet (the no-passphrase one). You keep funds in the passphrase-protected wallet. The cost is one more secret to remember; the benefit is dual-factor protection on the seed.
This tool generates the mnemonic only; the passphrase is added inside the wallet during restore.
Common Pitfalls
Storing the mnemonic in plaintext on a connected device. Don't email it to yourself. Don't put it in iCloud Notes. Don't paste it into a password manager (most are fine, but mistakes happen). Best practice: write it on paper, store in a fireproof location; for high values, etch it onto stainless steel.
Photographing it. Photos sync to iCloud / Google Photos. Photos in iCloud are accessible from anyone who breaches your iCloud. Photos can be deleted but recovered from device caches. Don't photograph seed phrases.
Splitting it across multiple locations. Some people write half the phrase in one safe and half in another, thinking it's safer. It's not — losing access to either location loses the funds, and the math of partial seeds doesn't work the way intuition suggests. Keep the full phrase together; secure the location well.
Using a typo-friendly font. Write seed phrases in clear handwriting or print them in a sans-serif font. O vs 0 ambiguity in handwriting has cost people their savings.
Related Tools
For random secrets that aren't seed phrases (API keys, session tokens), use the Token Maker. For random passwords, the Password Generator is the right tool. For Base32 secrets (a different encoding used in TOTP and some other crypto), see the OTP Generator's "Generate random" button. For one-way SHA hashes, the SHA-256 Generator handles arbitrary input.