Create (or recover) Seed Data for your SLIP-39 Mnemonic.  Or, backup
your insecure/unreliable BIP-39 Mnemonic using SLIP-39.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 Controls  Source       Description                                            
───────────────────────────────────────────────────────────────────────────────
 Backup    BIP-39       Create SLIP-39 Mnemonics to recover BIP-39 Seed Phrase 
 Create    Random       Create SLIP-39 Mnemonics from secure randomnes         
 Recover   SLIP-39      Recover Seed from SLIP-39 Mnemonics                    
 Pro       BIP-39 Seed  Backup 512-bit BIP-39 Seed from Mnemonics + passphrase 
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━


1 BIP-39
════════

  Backup an existing 12- or 24-word BIP-39 Seed Phrase Mnemonic.  Or,
  select Create to produce a new BIP-39 Mnemonic.  Save your BIP-39 Seed
  Phrase as a set of SLIP-39 Mnemonic Card Groups.

  Later, select Recover to input your SLIP-39 Mnemonics, and recover
  your BIP-39 Seed Phrase.  Use this BIP-39 Seed Phrase (plus your
  passphrase, if any) to initialize a BIP-39 Hardware Wallet.

  You can then securely destroy your BIP-39 Mnemonic card(s) (or, keep a
  copy in some *extremely* secure location), and use the SLIP-39
  Mnemonic cards as your distributed backup in case of its loss.


1.1 SLIP-39 vs. BIP-39 Seed
───────────────────────────

  The Seed is computed *differently* on the hardware wallet (eg. a
  Ledger or Trezor), when importing using BIP-39 vs. SLIP-39!

  So, in order for us to compute and show you the correct Cryptocurrency
  wallet(s), you must indicate whether you're importing using the
  SLIP-39 Mnemonics directly (ie. on a Trezor), *or* if you're
  recovering the BIP-39 Mnemonic, and using that on the hardware wallet
  (ie. on a Ledger, or some other non-SLIP-39 hardware wallet).

  If you recover your Seed Entropy from a BIP-39 Mnemonic, we'll
  /assume/ you intend to *use* the BIP-39 Mnemonic on your hardware
  wallet, and we'll check "Recovering from BIP-39 on my Hardware
  Wallet".


2 SLIP-39
═════════

  Here's where you can restore a lost Seed using recovered SLIP-39
  Mnemonics.

  You don't have to worry about sorting the Mnemonics into Groups or
  anything; we'll be able to recover the Seed, if you provide us with a
  sufficient threshold of SLIP-39 Mnemonic cards from the required
  number of separate Mnemonic Card Groups.


2.1 Fixing Partially Lost Groups
────────────────────────────────

  If you know you've lost access to some cards, and want to repair your
  SLIP-39 backup, you can recover the Seed from the current SLIP-39
  Mnemonic cards, here – and generate a *new* set of SLIP-39 Mnemonic
  cards for the *same* Seed.

  Distribute the cards as you wish, again; either the old (partially
  degraded) SLIP-39 Groups, *or* the new SLIP-39 Groups can be used to
  recover your Seed.  Obviously, cards from the old and new SLIP-39
  Mnemonics can't be "mixed" together to recover the Seed.


3 Random
════════

  A high-quality 128-bit random seed value is probably adequate, and the
  20-word SLIP-39 (and 12-word BIP-39) Mnemonics are much more practical
  than those produced for 256-bit seeds.

  2^128 is aproximately 10^38.  There are about 10^57 atoms in our solar
  system, and about 10^19 atoms in a particle of dust.

  Therefore, the odds of 2 people picking the *same* high-quality random
  128-bit Seed (1 in 10^38), is about the same as 2 people randomly
  selecting the same particle of *dust* out of the mass of our entire
  solar system!

  So, 128-bit seeds are probably fine for most practical levels of
  account security…


4 BIP-39 Seed
═════════════

  If you wish, you can backup a /complete/ BIP-39 Seed Phrase *including
  its passphrase*, as a raw 512-bit BIP-39 Seed!  This ensures that
  whoever uses the SLIP-39 Mnemonics to recover the wallets does not
  need to know the original BIP-39 Mnemonic + passphrase.

  There are a couple of drawbacks with this approach, though:

  • Large 59-word SLIP-39 Mnemonics are produced, to store the 512-bit
    seed
  • The Seed cannot be re-imported into a standard BIP-39 Hardware
    Wallet
    • Produce "Paper Wallets" for whichever derived HD wallets you need
      to access


4.1 The Birthday Paradox
────────────────────────

  However, due to the [Birthday Attack], the probability of two parties
  out of /a large number creating Seeds/ having a Seed *collision*
  (accidentally selecting the same Seed value) is somewhat greater.

  If every human and all their devices created a few billion Seeds
  (about 10^13), the probability of an /accidental/ collision falls to
  about 1 in 10^12 – about 1 in a trillion.  Unlikely, but something
  like this has happened for IPv4 addresses, so who knows.

  So, if a 1 in a trillion chance of someone eventually stumbling upon
  your wallet is too great a risk, choose a 256-bit random Seed where
  this Birthday Paradox probability falls to 1 in 10^32 – approximately
  the chance of 2 people on earth picking the same virus-sized particle
  in our solar system.


[Birthday Attack] <https://en.wikipedia.org/wiki/Birthday_attack>
