I would like to create an account but I want to use my custom 25 words for mnemonics. Is it possible? Because I am getting “checksum failed to validate” error.
Hi @turalgo
I don’t quite understand your question. The 25 word mnemonics can be used for saving the private key (256 bits) in a safe way. It contains a checksum (25th word). You can definitely generate a new account with a random private key, and display the mnemonics, using the API calls. The API will compute for you the checksum automatically, and display it as the 25th word.
When I create an account, mnemonic is automatically generated. But, I would like to enter the mnemonics manually so I want to create account with my own 25 words.
OK, enter it. I do not see, why should you generate your own mnemonics words. It has different purpose: to restore an already generated account.
Of course, you can enter 24 words of the mnemonics, and compute the private key from it.
See the folllowing article: What's the rationale behind the bespoke 25-word mnemonic standard?
Uploading: Screenshot from 2021-11-28 17-13-21.png…
I get “checksum failed to validate” error. So I cannot convert my manually entered mnemonic to private key.
https://githubmemory.com/repo/algorand/py-algorand-sdk/issues/232
here people are having the same problem
The last word of the 25-th mnemonic is a checksum word.
It can only be set to a specific value.
Why do you want to use a user-defined mnemonic?
- As mentioned by @Maugli, if you want to “recover” an account that you lost and for which you copied the mnemonic, you need to use the “recover” function, not the creation function of your wallet.
- If you want to use the same mnemonic as the same account on another blockchain, this is potentially highly insecure and dangerous. This can lead to unknown attacks and should never be done before a careful analysis by a security expert. I would personally never recommend doing that.
- If you want to allow the users to use a mnemonic they can remember more easily, you should remember that users are extremely bad at choosing random words. Therefore, you should treat the mnemonic as a low-entropy password that cannot directly be used as a key (Password strength - Wikipedia) as opposed to a full 32-byte-entropy secret key. This means that you should not use it directly but rather use the usual techniques to derive a fresh new 32-byte secret key from this password. See Best way to store mnemonic on user browser localstorage - #2 by fabrice about some details about it. Notice that you normally need a “salt” in that setting. If no salt is available, you may consider to hardcode the salt for all the users in the software you use, but this significantly reduce security.
Actually, I don’t want to recover any account. I want to create a new account and receive a mnemonic from the user. Normally it generates the mnemonic during the account creation. But I want to enter my own 25 words during creation.
So in that case you’re in the last bullet above.
You should not use this mnemonic directly for security reasons.
This is too dangerous: users will use weak mnemonic or re-use mnemonic from other chains and they will lose funds.
You need to use a password hashing method (see above).
Then technically you should obtain a 32-byte secret key and you can use that directly.
For a new account you don’t have to enter mnemonics at all. You can generate it, then display the private key as mnemonics to the user.
To restore an account, the user may give the 25 words of the mnemonics, and you can use it to get the private key and the address. See, e.g. the JS function algosdk.mnemonicToSecretKey, documented here:
technically you can enter 24 words and find the last word by iterating and getting correct checksum
but i would not advice it because it is not very secure…
what secure is, is to brute force the safely created accounts for the text you want in the account… this way you can create vanity account
for example
TESTNTTTJDHIF5PJZUBTTDYYSKLCLM6KXCTWIOOTZJX5HO7263DPPMM2SU
The words are generated from pre-defined standard lists of words, you cannot choose your own.