Can we find some short language other than "Press A to fix the checksum" for this PR?

The goal here is to allow for seed creation by using dice to words manual techniques that include adding a last word, then based on the randomness of all 12 (or 24 words) such that includes the randomness of the last word, there should be exactly 1 checksum that is the same no matter the implementation. (if we did this with 11 or 23 words, we loose a few bits of randomness, and as there are multiple valid checksums possible making is less deterministic).

In particular I'm uncomfortable with the word "fix". There nothing wrong with the last word if you use this technique, you are just choosing to let the app complete the checksum. Maybe "complete"? "mend"? I'm not sure. It is possible that there maybe is no other verb or phrase than "fix"

Ideally all the implementations should use the same verb or phrase in all the implementations, i.e. spectre (@stepansnigirev), seedtool (@wolfmcnally), gordian (@Fonta1n3), proofwallet (@hodlwave), and maybe someday even the BIP39 javascript version (@iancoleman) so that someone can confirm no "up my sleeves" tricks with this last word on all the implementations.

@gorazdko before we add our final github tag for this feature release, we need to add some more documentation, and maybe a PDF worksheet so that someone can use this technique if they choose to. Not required to approve this PR.

@wolfmcnally Can you install this PR on your LetheKit and confirm that the results are correct with seedtool? We'll also need to add this feature to seedtool. While you are at it, review the install notes.

BTW, for reference what we need to add to LetheKit docs is some form of docs and worksheet, like what @bjdweck has done.

• https://www.rudefox.io/blog/2020-07-16-show-my-work.html
  *https://www.rudefox.io/custody/walkthrough/create-seed/lookup-tables.pdf

Though this idea has independently come from a variety of sources, If we use some of his or others work, we need to be sure to offer some attribution.

@bitcoinheiro, I'd also appreciate your thoughts on this, as you suggested it to Specter in cryptoadvance/specter-diy#79

/cc @merland author of https://github.com/merland/seedpicker

I am concerned that this defeats the purpose of the checksum.

I am concerned that this defeats the purpose of the checksum.

@gorazdko and I have had some discussion about this, and think that probably this technique should probably not be supported in standard recovery—only as a separate named function (maybe “Show Your Work” or something) with a warning screen “only use this with real dice and a worksheet, don’t try to use it as a brain wallet”.

ColdCard is now supporting a version of this technique. We really ought to standardize better, come up with a common name for us to use, and share best practices.

https://coldcardwallet.com/docs/verifying-dice-roll-math

BTW, for reference what we need to add to LetheKit docs is some form of docs and worksheet, like what @bjdweck has done.

• https://www.rudefox.io/blog/2020-07-16-show-my-work.html
  *https://www.rudefox.io/custody/walkthrough/create-seed/lookup-tables.pdf

Though this idea has independently come from a variety of sources, If we use some of his or others work, we need to be sure to offer some attribution.

My biased opinions in support of my seedgen method:

• I agree that using verbiage like "fixed" might steer users towards a use case that defeats the purpose of the checksum and that we want to steer users towards truly using this feature for initial seed generation with proper entropy (I obviously like "ShowMyWork" / "ShowYourWork")

• In support of my approach vs. that of others: I recognize that the D8 requirement is far from ideal (perhaps we could discuss offering support for D6 as well), but I think it takes us to the theoretical limits of the most usable self-audit for my target demographic: a large hodler who is not intimidated by technology but is not technical enough to deal with python scripts (COLDCARD's approach) or convert between bases with ease. Think high-net-worth individual, family office, bank manager, etc. My method is mechanical, secure/efficient (one-to-one entropy-to-seed-phrase mapping) and requires only the ability to lookup values in a table. In my experience with real-world clients of that demographic, it makes the difference between them (a) using the procedure with delight and interest and (b) looking at me with a face that says "you can't be serious!" and then just making me do it for them.

Moved to BlockchainCommons/Gordian-Developer-Community#27

Thanks for the cc. My two cents:
I think dedicated hardware wallets are the perfect tool for calculating the last word of passphrases. In fact, the main reason I created SeedPicker was that no hardware wallets had this feature.
If you use a general-purpose computer as the SeedPicker guide prescribes, you have to take a lot of steps to maintain a high level of security. Using a small, dedicated hardware device gives you a lot of this security for free.
Having said this, I do understand why hardware manufacturers hesitate to include checksum word calculation. The checksum word is there to avoid mistakes and including a feature to "circumvent" (sort of) this safeguard could be very dangerous.
My suggestion would be to have the "last word calculation" feature in a completely separate firmware, isolated from any other wallet features. That would minimize the risk of misunderstandings, and still keeping the unique benefits that a dedicated hardware brings.