Hello BTCitcoiners, been lurking these forums for a few years. This is my first post.


 I have been looking for ways to secure my 24-word BIP39 backup. I am worried about the possibility of someone finding my seed and being able to access my funds, but also want a trusted 3rd party to be able to recover the coins with instructions incase the need arose. An interesting solution that has come up is using the Split BIP39 Mnemonic Scheme from the Ian Coleman Website secured with a BIP39 passphrase.

Basically here is how the Split BIP39 Mnemonic Scheme works:

  - Your 24 words are split into 3 Shares
  - Each Share contains 16 of 24 words,
  - The words are in order with the missing words replaced with XXXXX
  - You keep the Shares in different places
  - It takes 2 of 3 shares to recover the Mnemonic

Now my idea was to take the above scheme and also add a BIP39 passphrase in the form of a 3 word diceware Mnemonic. I would place 2 words on each Share so each share would represent 2/3 of the BIP39 Mnemonic and 2/3 the passphrase. (I would leave the seed associated with just the 24 words empty)

From my understanding, each word in the BIP39 sentence represents 11 bits of entropy (except the checksum) so the 8 missing words represent between 83-88 bits and the missing diceware word would represent 12.9bits. This would give each share approximately 100bits of entropy

Now if there was an adversary the could guess at a rate of 1 Quintillion times per second it would take ~40000 years to guess all possible permutations in the key space.


The efficiency of an adversary would also be greatly reduced by the key-stretching involved (PBKDF2 2048 iterations) and having to search the blockchain for a non-zero balance.

I would like to hear from some experts on the pros/cons of doing this, and if any of my assumptions are incorrect.

Tried to post in Technical Discussions but I am not allowed