Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

How Ledger device generates 24-word recovery phrase

The recovery phrase is the key to managing your crypto assets. As such, the recovery phrase should be something that is long and nearly impossible for anyone to guess. Your recovery phrase isn’t like a password or a PIN (Ledger devices already have PINs to protect access to them), instead, it’s the root of all of your cryptographic secrets. Once your device randomly generates it for the first time and you write it down on paper, you will only need to access it if you have to recover your device.

Ledger uses a standard called BIP 39 for the generation and interpretation of the recovery phrase on all of our devices. BIP 39 is an industry-standard used by many other hierarchical deterministic wallets. The exact type of BIP 39 seed used by Ledger devices by default is a 24-word mnemonic that consists of only the 2048 words from the BIP 39 English wordlist. Here’s how a BIP 39 24-word mnemonic seed is generated:

  1. The device generates a sequence of 256 random bits using the True Random Number Generator (TRNG) built into the device’s Secure Element.
  2. The first 8 bits of the SHA-256 hash of the initial 256 bits are appended to the end, giving us 264 bits
  3. All 264 bits are split into 24 groups of 11 bits
  4. Each group of 11 bits is interpreted as a number in the range 0 - 2047, which serves as an index to the BIP 39 wordlist, giving us 24 words.
     It's important to note that although a Ledger device can be restored using a recovery phrase of 12, 18, or 24 words, Ledger devices only generate 24-word recovery phrases. They do not create phrases of 12 or 18 words.

The result of this process is that your device will generate a single mnemonic seed out of 2256 possible mnemonic seeds (That’s one of 115 792 089 237 316 195 423 570 985 008 687 907 853 269 984 665 640 564 039 457 584 007 913 129 639 936 possible mnemonic seeds). 

Note that while the first 23 words are completely random, the final word is derived from 3 random bits and 8 calculated bits from the SHA-256 hash. This means that the final word can act as a checksum - if you input an incorrect seed into the device while recovering it, it is possible for the device to detect that the inputted seed is invalid.

 Can someone guess my recovery phrase?

There are 2256 different possible 24-word mnemonic seed phrases. For comparison, the number of atoms on Earth is estimated to be around 2166. The chance of someone else being able to guess your seed is astronomically small, to say the least.

 Can I Use a 12-Word Recovery Phrase with My Ledger Device?

Yes, you can restore a 12-word recovery phrase into any Ledger device. However, we do not recommend importing a 12-word secret phrase that was generated by a software wallet such as Metamask, Phantom, Keplr, Electrum, etc. Recovery phrases created by software wallets are digitally generated and are therefore less secure. On the other hand, if your 12-word recovery phrase was originally created by another hardware wallet like a Trezor One, it is safe to import it into your Ledger device and continue using the same accounts.

Was this article helpful?