Mnemonic to Seed: The PBKDF2 Process

Once you have your 12 words, they must be converted into a single, high-security 512-bit binary number called the Seed. This is done using a process called PBKDF2 (Password-Based Key Derivation Function 2).

1. The Key Stretching Logic

We don't just hash the words once. Bitcoin uses a technique called Key Stretching to make "Brute Force" attacks much harder.

1. Password: The mnemonic phrase (e.g., "abandon abandon...").

2. Salt: The string "mnemonic" plus an optional Passphrase provided by the user.

3. Iterations: 2048 rounds.

4. Algorithm: HMAC-SHA512.

By hashing the words 2,048 times, we make it computationally expensive for an attacker to "Guess" your words, even if they know some of them.

2. The Optional Passphrase (The "13th Word")

BIP39 allows you to add a custom password on top of your 12 words.

• Security: Even if someone finds your 12 words, they cannot steal your funds without the passphrase.

• Plausible Deniability: You can have one wallet with no passphrase (holding a small amount) and another hidden wallet with a passphrase (holding your life savings).

• The Trap: If you forget your passphrase, your funds are GONE. There is no "Reset Password" button in Bitcoin.

3. The 512-bit Result

The output of this 2048-round process is a 64-byte (512-bit) binary string.

• The first 32 bytes are the Master Private Key.

• The last 32 bytes are the Master Chain Code. Together, these two components form the root of the BIP32 HD Wallet Tree.

4. Why not SHA256?

SHA256 is fast. PBKDF2 is slow by design.

• If we used a single SHA256 hash, an attacker with a high-end GPU could check billions of word combinations per second.

• By forcing the computer to perform 2048 rounds of HMAC-SHA512 for every single guess, we increase the cost of an attack by over 2000 times.

Input	Iterations	Algorithm	Output
12 Words + Passphrase	2048	HMAC-SHA512	512-bit Seed

In the final section, we will build a Python Mnemonic Auditor.