• To create a BIP39 Split seed, the idea is to manually split a 24-words seed into 3 different segments and create redundancy.  


  • Each share contains 2/3rd of the whole seed and is 16 words long. 8 words are missing in each share.


Initial seed

Split seed


  AB     |         BC     |      CA

24 words

16 words   |  16 words   |  16 words


  • In the case of a BIP39 Split, the shares are not independent. With one share, enough information is available to know that 8 words are missing and in which position they are. The security of one share is reduced compared to a whole 24 words seed.


  • If someone finds a 24 words BIP39 share, the overall security comes down to 8 words to guess:


Initial seed length

BIP39 share missing words

Encryption level of one share

12 words

4 words

44 bits

15 words

5 words

55 bits

18 words

6 words

66 bits

21 words

7 words

77 bits

24 words

8 words

88 bits


  • To keep a reasonable level of encryption per share, HODLR Disks BIP39 Split 2-of-3 recovery scheme should never be used with less than a 24-words seed.

  • According to Ian Coleman (Source: https://iancoleman.io/bip39/#english), brute forcing a 24 words BIP39 Mnemonic split with only one share could take up to 3’830’854 years for a single CPU.


  • If you think you could be targeted by such a resourceful crypto expert thief, you should better review your security strategy from scratch and definitely use Shamir Secret Sharing security scheme.

More on BIP39

More on SLIP39