Pages:
Author

Topic: 12-word seed vs 24-word seed? This seems pretty interesting - page 2. (Read 538 times)

hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
with definitely looks like a clickbait title:
Spammy, trash "news" site posts clickbait!? I'm shocked! Tongue
Well, I would say that Cointelegraph is not the best website out there, nor the most reliable one but I wouldn't call it spammy trash news website. What's your source of crypto news? I know it won't be one as it shouldn't be but usually, what website(s) do you visit? Your opinion on this task matters because you are a highly valued, knowledgeable member

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked
So, actually, if you post randomly ordered 12 seed words, your wallet gets hacked but if you post randomly ordered 24 seed words, you can feel safe because the probability is still super low.
By the way, it was a little bit interesting, wasn't it? Don't be so hilarious.
hero member
Activity: 560
Merit: 1060
Not quite sure how you arrived at your number there, but it's incorrect.

Picking 12 words out of 2048 gives 204812 = 5.444*1039
But if you consider the checksum, then the number of valid combinations is 2128 = 3.403*1038

You are right! I will fix it to make sure nobody is confused.
legendary
Activity: 2268
Merit: 18711
A 24 word seed is better than a 12 words. The highest the words the better the security.
Well, it's not quite as straightforward as that.

A 12 word seed phrase provides 128 bits of entropy. A 24 word seed phrase provides 256 bits of entropy. This much is true. However, all bitcoin private keys provide, at most, 128 bits of security. So the security of the private keys generated by a 24 word seed phrase are identical to the security of the private keys generated by a 12 word seed phrase (provided, of course, that the seed phrases were not generated insecurely).

12! It is safe for most GPUs to bruteforce, so whoever wants to try bruteforce should pay more to buy more advanced hardware ASCI and thus more time for you to transfer your money.
12! is very easy for most home hardware to bruteforce, as I explained above. Also, ASICs are useless when it comes to brute forcing seed phrases.

So, If you want to guess 12 words out of the 2048 and try to arrange them in the correct order gives you 5,271,537,971,301,488,476,000,309,317,528,177,868,800 possible combinations.
Not quite sure how you arrived at your number there, but it's incorrect.

Picking 12 words out of 2048 gives 204812 = 5.444*1039
But if you consider the checksum, then the number of valid combinations is 2128 = 3.403*1038
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio!  Cheesy
Nice try, I'm not going to enter my seed words into a search string Tongue

Damn it, you got me! And here I was thinking maybe I could get away with it...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio!  Cheesy
Nice try, I'm not going to enter my seed words into a search string Tongue
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio!  Cheesy
hero member
Activity: 560
Merit: 1060
Adding to what o_e_l_e_o said above, I will only give 2 numbers for comparison.

If I give you 12 words (A,B,C,...,L) and ask you to put them in the correct order, then you have 479001600 possible combinations.

However BIP39 consists of 2048 words. So, If you want to guess 12 words out of the 2048 and try to arrange them in the correct order gives you 5,271,537,971,301,488,476,000,309,317,528,177,868,800 (check o_e_l_e_o post below) possible combinations.

The experiment was rediculous to say the least. It could be much more intuitive if the title was "Don't scramble your 12-word seed phrase and rely on this as a backup".


Final Thought:
It is not feasible (for the time being) for a machine to brute force a 12-word seed phrase. Even if 24-words are generally much safer than 12-words, the math clearly show us, that 12-words cannot be brute-forced.
Don't worry about being brute-forced. Worry about backing-up your words properly. Because, as you have seen in the article, knowing the 12 words is much more important than knowing their order. Finally ADD A PASSPHRASE!

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

That's true indeed! It's unsafe to post the 12 seeds words online because if someone is keeping eye on you then that malicious person might be able to crack your wallet with those seeds by conducting a
brute-force attack to steal the Bitcoins out of it. If I'm not wrong then someone's seed phrase is key to the wallet and brute-force attacks can easily own the perfect combination of the seed phrase if those seed words are posted online.
Can you post your seed hrase online? I can not do that.
Can you even disarrange your seed phrase? I can not do that.

What if passhrase is used as an extended word. A passphrase that consists of uppercase, lowercase, and characters like @.,$+? More than 12 or more character long.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

That's true indeed! It's unsafe to post the 12 seeds words online because if someone is keeping eye on you then that malicious person might be able to crack your wallet with those seeds by conducting a
brute-force attack to steal the Bitcoins out of it. If I'm not wrong then someone's seed phrase is key to the wallet and brute-force attacks can easily own the perfect combination of the seed phrase if those seed words are posted online.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked
hero member
Activity: 406
Merit: 443
There was an article published on Cointelegraph six hours ago with a very interesting title with definitely looks like a clickbait title: What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes
Cointelegraph is not a source of knowledge, the technical articles on this site are not accurate or not verified so do not rely on it as a source of information.

12! It is safe for most GPUs to bruteforce, so whoever wants to try bruteforce should pay more to buy more advanced hardware ASCI and thus more time for you to transfer your money.
hero member
Activity: 994
Merit: 1089
I don't know why the title of that article was written in this way, to start it with "What security?", like a 51% attack just occurred and miners are currently double spending transactions at will, they mustn't use clickbait for all their articles.

If it wasn't possible for BTC to be stolen if ones seed phrase is revealed, even if scrambled, then why the warning never to reveal ones seed phrase. It is even unimportant to be too concerned about how long it would take to brute force a scrambled seed phrase depending on its length, i would rather be concerned about ensuring i have great opsec and that nobody ever finds my seed phrase.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
But if one knows seeds but not their ordering, then 12-word seed wallet will be vulnerable to attacks but 24-word seed phrase still maintains high security.
Isn't it general knowledge? A 24 word seed is better than a 12 words. The highest the words the better the security.

The moral of the story is don't scramble (or do any other weird "tricks") to your seed phrase.
You got it wrong. The news channel/site needs story to keep their visitors engaged. If they don't add suspense then no one is going to click. The title is a perfect example.
Quote
What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes
It sounds like Bitcoin is finished LOL
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
So to make it simple:

1) Keep your seed safe and private (Duh!)
2) Longer things are more difficult to compromise then shorter things when done properly (Duh!)
3) Security is only as strong at it's weakest link (Duh!)

The 12 word thing was done before, and discussed to death. But it is good to bring it up now and then to remind people about security.

-Dave
legendary
Activity: 2268
Merit: 18711
with definitely looks like a clickbait title:
Spammy, trash "news" site posts clickbait!? I'm shocked! Tongue

12 word seed phrases, when properly secured, are perfectly safe. If you reveal all the words, then of course it becomes unsafe. A scrambled 12 word seed phrase has only 12! = 479,001,600 possibilities. Add in the fact that on average 93.75% of the possibilities can be discarded for having an incorrect checksum, that only leaves 29,937,600 possibilities which require you to derive an address and check for funds. This is an easy task on even fairly modest home hardware.

The moral of the story is don't scramble (or do any other weird "tricks") to your seed phrase. The chances are either you will achieve nothing useful, or you will go too far the other way and lock yourself out of your wallets. Just write them down and store them safely.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
There are people who think that its okay to not completely hide your seeds if you remember the way they are ordered but this small experiment makes it pretty clear that one should be more cautious.
No one should consider scrambling their seeds as a way of keeping it away from Intruders, you can forget the actual order and can lose your bitcoins, especially if it's a 24 word seed phrase.

The essence of back ups is the safety of the location which should be as covert as possible to evade detection. If one location does not prove enough then one should consider using more than one location with a multi sig wallet and storing them differently. One getting compromised does not result in loss of funds.

An additional seedphrase which you can store separately is also a good alternative to scrambling the seed phrase.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
There was an article published on Cointelegraph six hours ago with a very interesting title with definitely looks like a clickbait title: What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes
So, here is the deal. One person posted all the 12 words of his wallet in no particular order. This wallet was filled with 100,000 satoshis. Long story short, it took 25 minutes to one person with modern GPU to bruteforce the wallet by using the software called BTCrecover.

There are people who think that its okay to not completely hide your seeds if you remember the way they are ordered but this small experiment makes it pretty clear that one should be more cautious.

Otherwise, your 12-word seed phrase is as safe as 24-word seed phrase if attacker doesn't know your seeds. But if one knows seeds but not their ordering, then 12-word seed wallet will be vulnerable to attacks but 24-word seed phrase still maintains high security.
Pages:
Jump to: