Serious question. That I've heard mentioned before but never fully resolved..
Why would you trust the author of bip39-standalone.html over electrum wallet? Both have sha-hash of the code, can be built from source and developrs gpg signatures?
Appreciate your thorough methodology above.
I don’t trust either of them, but I can read code. The reason for Ian’s bip39 code is that it’s using the bip39 wordlist and spec, without custom logic. That means I can use any standard software (or write my own) to derive the keys from the seed without needing electrum. The randomness isn’t in question so much as reliable reproduction and recovery.
reply
I can use any standard software (or write my own) to derive the keys
I see. Makes sense. So comes down to simplicity I guess. Removing potential layers of complexity in the code that derives the keys.
Thanks for explaining!
reply
bcoinjs is also easy to use and read and can generate seeds.
I use their library and CLI for some things too, which I like because all of their dependencies are internal to their GitHub, so it’s all there to review. No crazy event-stream dependency shenanigans: https://github.com/bcoin-org/bcoin/blob/0c18028cd333bef8b0939ada8b56ae3911fd0c26/package.json#L25