Is it safe to generate a mnemonic online?

Generating a mnemonic online is acceptable for testing, examples, learning, and integration tests, but not for funds. Any mnemonic generated by a web tool, including this one, must never secure real cryptocurrency. Production mnemonics must come from a hardware wallet or a wallet you trust on a clean offline device. This tool runs entirely in your browser and never transmits the phrase.

What is BIP39 and how does it work?

BIP39, short for Bitcoin Improvement Proposal 39, defines how a random number is mapped to a memorable sequence of words and back. The standard uses a 2048 word list and adds a checksum so typed mnemonics can be validated. Almost every modern wallet, including MetaMask, Ledger, Trezor, and Phantom, uses BIP39 for backup phrases derived from the same word list.

What is the difference between 12 and 24 word mnemonics?

12 words encode 128 bits of entropy plus a 4 bit checksum. 24 words encode 256 bits of entropy plus an 8 bit checksum. Both are practically uncrackable with today's hardware. 24 words have a much larger safety margin against future attacks and quantum computing concerns. The tradeoff is they are harder to memorise and to write down without errors.

Is a 12 word mnemonic secure enough for production?

A 12 word BIP39 mnemonic has 128 bits of entropy, which is currently considered secure against brute force attacks given any plausible amount of computing power. Most production wallets default to 12 words for usability. Use 24 words when you want extra margin, when you are protecting very large balances, or when you are concerned about long term post quantum risk.

How do I use a BIP39 word list to validate a mnemonic?

Every word in a valid BIP39 mnemonic must come from the 2048 word BIP39 word list. The validator checks each word against the list, then verifies the final word encodes the correct checksum derived from the entropy. A common failure is one word that is close to but not exactly on the list, such as a homophone or a misspelled stem.

Why does my hand typed BIP39 mnemonic fail validation?

Almost always one word is wrong: a typo, a substitution, or a missing word. The BIP39 checksum is designed to catch exactly these errors. The validator returns a specific reason: word not in the BIP39 list, wrong word count, or checksum mismatch. Compare against the original source carefully and never edit a failing mnemonic by hand. Re derive it from the original device.

Is the mnemonic stored or transmitted when I generate it online?

No. Generation and validation run entirely in your browser using the Web Crypto API. The mnemonic never leaves the page. There is no analytics, no logging, no third party request. Open DevTools and watch the network tab to confirm. Refresh the page and the generated phrase is gone. This is why the tool is safe for testing despite running in a browser.

BIP39 Mnemonic Generator (Free, Browser Only)

About this tool

What this tool answers

The BIP39 Mnemonic Generator & Validator helps engineers create test phrases for wallet integrations and validate phrases that may have been typed by hand. It implements the standard BIP39 algorithm with the English wordlist, the same one used by MetaMask, Ledger, Trezor, and most modern wallets.

Because the entire flow happens in your browser, the mnemonic never leaves the page. That is exactly why this tool must not be used to generate the mnemonic that secures real funds. Real wallet phrases must come from a hardware wallet or a clean device you control.

How to use it

In Generate mode, pick a word count (12, 15, 18, 21, or 24) and click Generate. The tool returns a fresh mnemonic backed by 128 to 256 bits of cryptographic entropy. Copy the phrase into your testing environment and treat it as throwaway data.

In Validate mode, paste any mnemonic and the tool checks the word count, the membership of every word in the BIP39 English wordlist, and the embedded checksum. Each failure mode returns a specific error: wrong word count, unknown word, or checksum mismatch. The reason makes hand correction much faster than guessing.

How BIP39 works

BIP39 takes random entropy bytes, appends a SHA256 derived checksum, splits the result into 11 bit chunks, and maps each chunk to a word from the 2048 word English list. Validation reverses the process: parse words back to indices, recover entropy plus checksum, and verify that the checksum still matches the entropy.

The implementation here uses the audited @scure/bip39 library and Web Crypto's crypto.getRandomValues for entropy. The entire flow happens in the page; nothing is sent or stored.

Where mnemonic handling usually goes wrong

The most dangerous mistake is using a web generated mnemonic for real funds. A page can be malicious, a browser extension can read the DOM, and the device may already be compromised. The mnemonic that secures real funds must come from a hardware wallet generated offline.

The most common operational mistake is one missing or misspelled word in a hand typed phrase. The BIP39 checksum exists to catch this. The validator returns a specific reason so the user can fix the offending word rather than retyping the whole phrase.

When this tool is the right one and when it is not

Use this tool for unit tests, integration tests, wallet UI demos, education, and reproducible bug reports. Anything where the mnemonic is throwaway data.

Do not use this tool to back up an existing wallet, to generate a mnemonic for a new mainnet wallet, or to run any flow involving real funds. For those, use a hardware wallet (Ledger, Trezor) or a wallet that generates the mnemonic on a clean device offline.

Building wallet flows that touch real funds?

Mnemonic and key handling are the highest leverage security boundary in any crypto product. Bring the integration for a focused review.

Book a wallet security review

Frequently asked questions

Is it safe to generate a mnemonic online?: Generating a mnemonic online is acceptable for testing, examples, learning, and integration tests, but not for funds. Any mnemonic generated by a web tool, including this one, must never secure real cryptocurrency. Production mnemonics must come from a hardware wallet or a wallet you trust on a clean offline device. This tool runs entirely in your browser and never transmits the phrase.
What is BIP39 and how does it work?: BIP39, short for Bitcoin Improvement Proposal 39, defines how a random number is mapped to a memorable sequence of words and back. The standard uses a 2048 word list and adds a checksum so typed mnemonics can be validated. Almost every modern wallet, including MetaMask, Ledger, Trezor, and Phantom, uses BIP39 for backup phrases derived from the same word list.
What is the difference between 12 and 24 word mnemonics?: 12 words encode 128 bits of entropy plus a 4 bit checksum. 24 words encode 256 bits of entropy plus an 8 bit checksum. Both are practically uncrackable with today's hardware. 24 words have a much larger safety margin against future attacks and quantum computing concerns. The tradeoff is they are harder to memorise and to write down without errors.
Is a 12 word mnemonic secure enough for production?: A 12 word BIP39 mnemonic has 128 bits of entropy, which is currently considered secure against brute force attacks given any plausible amount of computing power. Most production wallets default to 12 words for usability. Use 24 words when you want extra margin, when you are protecting very large balances, or when you are concerned about long term post quantum risk.
How do I use a BIP39 word list to validate a mnemonic?: Every word in a valid BIP39 mnemonic must come from the 2048 word BIP39 word list. The validator checks each word against the list, then verifies the final word encodes the correct checksum derived from the entropy. A common failure is one word that is close to but not exactly on the list, such as a homophone or a misspelled stem.
Why does my hand typed BIP39 mnemonic fail validation?: Almost always one word is wrong: a typo, a substitution, or a missing word. The BIP39 checksum is designed to catch exactly these errors. The validator returns a specific reason: word not in the BIP39 list, wrong word count, or checksum mismatch. Compare against the original source carefully and never edit a failing mnemonic by hand. Re derive it from the original device.
Is the mnemonic stored or transmitted when I generate it online?: No. Generation and validation run entirely in your browser using the Web Crypto API. The mnemonic never leaves the page. There is no analytics, no logging, no third party request. Open DevTools and watch the network tab to confirm. Refresh the page and the generated phrase is gone. This is why the tool is safe for testing despite running in a browser.