I have released an initial version of the easyseed(1) utility for secure generation of BIP 39 mnemonic seed phrases.  As any worthwhile software, it comes replete with a manpage, q.v.

My original motivation for writing this was that I needed a lightweight, reliable BIP 39 seed phrase generator with easily auditable sources and minimal dependencies for use on a stripped-down airgap machine.  The source code is short, easy to read, and lovingly commented; it can be readily understood by anybody with a basic knowledge of the C programming language.  Its only dependencies are cc(1), make(1), and a library SHA256 implementation—available on most platforms via libcrypto or otherwise.

Now that it’s written, easyseed(1) is also the first necessary component for my campaign to urge that users stop using saved webpages to generate their Bitcoin magic bits.  What kind of an airgap machine has a web browser installed, anyway?  But most importantly, as a rule of thumb, Javascript code cannot reliably acquire proper entropy for generating random numbers.  This is a persistent general problem, and specifically subject to extended fretting by the author[1] of the most popular BIP39 webpage.

easyseed(1) reads bits straight off /dev/urandom, or from user-provided keymat.  Gathering and processing of entropy is properly the kernel’s job.  My userland utility will let the kernel do its job.  Since it’s written in C, easyseed(1) can reliably obtain kernel-provided randomness on every Unix/Linux platform in about two lines of code (open(2), read(2), plus error checks)—rather than cooking up some tortuous “random” scheme which may or may not perhaps probably work sort-of.

This is a beta-quality initial release.  It is not yet feature-complete:  In particular, I have code partly written to add support for all languages which have wordlists in the Bitcoin BIP repository (currently Chinese (Simplified and Traditional), French, Italian, Japanese, Korean, and Spanish, in addition to the current English).  easyseed(1) does have basic test vectors copied from the Trezor repository; and with those vectors, it runs a self-test on every usage.  However, more tests are desired.

Licensing includes a Bitcoin Consensus Clause, to prevent use by scamcoin pretenders.

I am here opening a Bitcoin Forum thread for discussion of this utility; over time, I will edit and update this post as appropriate.

---

1. Though that is not nearly in the same league as boneheaded absurdity from ignorant developers who confuse multiple distinct meanings of the word “entropy”.  pointbiz: “Perhaps more entropy can be gathered using techniques used on Panopticlick”.  #facepalm  cantonbecker: “I like this idea”.  pointbiz: “I used all the easy techniques from Panopticlick to gather entropy. [...] I added up the low and high entropy bits and my personal results are 34.3 to 42.8 bits of entropy.”  Oh dear heavens, are you using this to generate keymat for Bitcoin!?  Some people should be enjoined with a permanent restraining order forbidding that they ever approach within one hundred metres of crypto-related code.