Understanding BIP39 and Private Keys

Hey folks,

I am new to encrypted wallets that use BIP39 protection and much more accustomed to the old fashioned private keys which I feel have always served well as a cold storage. This seems sacrificing some security or convenience, at least in my opinion, and its nice not to have to record a whole bunch of private keys but instead a singular seed, however I have some questions.

First off, what method is used to translate the seed into a unique private key that is repeatable no matter what BIP39 enabled wallet you use across different crytpocurrencies?

Second off, can I still access my private keys? As an end user, I feel that I would WANT the ability to access my private keys regardless of the seed or salt added in the event that I do not have access to a BIP39 enabled wallet that I would be able to access my funds.

Thanks in advance.

Hi @rapture333

Please note that private private keys will never be shown to you — they stay securely on your Trezor — but if someone gains access to your recovery seed, they can use it to duplicate your keys.
That’s why it’s essential you store your recovery seed somewhere safe that no-one else can access.

Your private keys must be kept permanently offline , forever, from the moment they are generated.

A private key is only secure because it is a number so big that no computer can guess it, but as soon as it appears in a database it can be copied by malicious scripts and your funds can be stolen immediately.

There is some open-source tool for converting BIP39 mnemonic phrases to addresses and private keys.

However this is already out of our scope and we do not recommend using it because of the reasons mentioned above so please do your own research.

BIP39 mnemonics don’t sacrifice any security in the cryptographic sense – the BIP39 phrase is as difficult to brute-force as the private key itself.
On the contrary, the mnemonic adds practical security: it is much more difficult to make a mistake when writing down or reading the BIP39 phrase.

This is described in detail in the BIP-39 spec.

You can use a 3rd-party tool that will extract the private keys, and as @zapla points out, we urge you to do your own research on that side.

Furthermore, this is assuming that wallets will accept raw private keys. In my experience, that is not the case – you are much more likely to find a wallet software that accepts BIP-39 mnemonics but not raw private keys.