Mnemonic Code Converter



You can enter an existing BIP39 mnemonic, or generate a new random one. Typing your own twelve words will probably not work how you expect, since the words require a particular structure (the last word contains a checksum).

For more info see the BIP39 spec.

If you share the information generated by this page with anyone, they can steal your assets. Anyone asking you to share your your secret recovery phrase or BIP 32 root key is a scammer. Do NOT copy & paste information from this page or send it to anyone offering to help you on Twitter, Discord, Telegram, Etherscan, or Line. They will steal your coins.

Generate a random mnemonic: words, or enter your own below.

Derivation Path

For more info see the BIP44 spec.

The account extended keys can be used for importing to most BIP44 compatible wallets, such as mycelium or electrum.

The BIP32 derivation path and extended keys are the basis for the derived addresses.

For more info see the BIP32 spec

Use path m/0'/0' with hardened addresses.

For more info see the Bitcoin Core BIP32 implementation

Use path m/0'/0. For change addresses use path m/0'/1.

For more info see MultiBit HD

Use path m/44'/0'/0'. Only enter the xpub extended key into block explorer search fields, never the xprv key.

Can be used with:

For more info see the BIP49 spec.

The account extended keys can be used for importing to most BIP49 compatible wallets.

The BIP32 derivation path and extended keys are the basis for the derived addresses.

For more info see the BIP141 spec

For more info see the BIP84 spec.

The account extended keys can be used for importing to most BIP84 compatible wallets.

The BIP32 derivation path and extended keys are the basis for the derived addresses.

Derived Addresses

Note these addresses are derived from the BIP32 Extended Key

Enabling BIP38 means each key will take several minutes to generate.
Public Key  
Private Key  
Show starting from index (leave blank to generate from next index)

More info

BIP39 Mnemonic code for generating deterministic keys

Read more at the official BIP39 spec

BIP32 Hierarchical Deterministic Wallets

Read more at the official BIP32 spec

See the demo at

BIP44 Multi-Account Hierarchy for Deterministic Wallets

Read more at the official BIP44 spec

BIP49 Derivation scheme for P2WPKH-nested-in-P2SH based accounts

Read more at the official BIP49 spec

BIP85 Deterministic Entropy From BIP32 Keychains

Read more at the official BIP85 spec


Entropy values should not include the BIP39 checksum. This is automatically added by the tool.

Entropy values must be sourced from a strong source of randomness. This means flipping a fair coin, rolling a fair dice, noise measurements etc. Do NOT use phrases from books, lyrics from songs, your birthday or street address, keyboard mashing, or anything you think is random, because chances are overwhelming it isn't random enough for the needs of this tool.

Do not store entropy.

Storing entropy (such as keeping a deck of cards in a specific shuffled order) is unreliable compared to storing a mnemonic. Instead of storing entropy, store the mnemonic generated from the entropy. Steganography may be beneficial when storing the mnemonic.

The random mnemonic generator on this page uses a cryptographically secure random number generator. The built in random generator can generally be trusted more than your own intuition about randomness. If cryptographic randomness isn't available in your browser, this page will show a warning and the generate button will not work. In that case you might choose to use your own source of entropy.

You are not a good source of entropy.

Card entropy has been implemented assuming cards are replaced, not drawn one after another. A full deck with replacement generates 232 bits of entropy (21 words). A full deck without replacement generates 225 bits of entropy (21 words). Card entropy changed significantly from v0.4.3 to v0.5.0. The old version can be accessed at or


What is PBKDF2 (Password Based Key Derivation Function 2) ?

Please refer to this wikipedia article for more detail. Mail about PBKDF2 security here.

Wallet software that implement BIP39 only use 2048 iterations as a norm. Increasing this parameter will increase security against brute force attack, but you will need to store this new parameter. However, as long as you back up your BIP39 seed there will not be risk to lost your fund. To access them with custom PBKDF2 iterations, use this file (or other) to compute your targeted BIP39 seed.

Using less than 2048 PBKDF2 iterations is insecure without strong optional BIP39 Passphrase.


Please refer to the software license for more detail.

The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

Alternative Tools

This tool is interoperable with any BIP39 wallet.

Some similar tools to this one (ie not consumer wallets) are

Offline Usage

You can use this tool without having to be online.

In your browser, select file save-as, and save this page as a file.

Double-click that file to open it in a browser on any offline computer.

Alternatively, download the file from the latest GitHub release -

This project is 100% open-source code

Get the source code from the repository -


BitcoinJS -

jsBIP39 -

sjcl -

jQuery -

Twitter Bootstrap -