12-word seed vs 24-word seed? This seems pretty interesting - page 2.

Synchronice

hero member

Activity: 854

Merit: 772

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: o_e_l_e_o on April 27, 2023, 04:07:36 PM

Quote from: Synchronice on April 27, 2023, 02:21:56 PM

with definitely looks like a clickbait title:

Spammy, trash "news" site posts clickbait!? I'm shocked! Tongue

Well, I would say that Cointelegraph is not the best website out there, nor the most reliable one but I wouldn't call it spammy trash news website. What's your source of crypto news? I know it won't be one as it shouldn't be but usually, what website(s) do you visit? Your opinion on this task matters because you are a highly valued, knowledgeable member

Quote from: LoyceV on April 28, 2023, 02:21:11 AM

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

So, actually, if you post randomly ordered 12 seed words, your wallet gets hacked but if you post randomly ordered 24 seed words, you can feel safe because the probability is still super low.
By the way, it was a little bit interesting, wasn't it? Don't be so hilarious.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: o_e_l_e_o on April 28, 2023, 04:10:01 AM

Not quite sure how you arrived at your number there, but it's incorrect.

Picking 12 words out of 2048 gives 2048¹² = 5.444*10³⁹
But if you consider the checksum, then the number of valid combinations is 2¹²⁸ = 3.403*10³⁸

You are right! I will fix it to make sure nobody is confused.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: BitcoinGirl.Club on April 27, 2023, 05:35:43 PM

A 24 word seed is better than a 12 words. The highest the words the better the security.

Well, it's not quite as straightforward as that.

A 12 word seed phrase provides 128 bits of entropy. A 24 word seed phrase provides 256 bits of entropy. This much is true. However, all bitcoin private keys provide, at most, 128 bits of security. So the security of the private keys generated by a 24 word seed phrase are identical to the security of the private keys generated by a 12 word seed phrase (provided, of course, that the seed phrases were not generated insecurely).

Quote from: Yamane_Keto on April 27, 2023, 07:45:46 PM

12! It is safe for most GPUs to bruteforce, so whoever wants to try bruteforce should pay more to buy more advanced hardware ASCI and thus more time for you to transfer your money.

12! is very easy for most home hardware to bruteforce, as I explained above. Also, ASICs are useless when it comes to brute forcing seed phrases.

Quote from: apogio on April 28, 2023, 03:24:06 AM

So, If you want to guess 12 words out of the 2048 and try to arrange them in the correct order gives you 5,271,537,971,301,488,476,000,309,317,528,177,868,800 possible combinations.

Not quite sure how you arrived at your number there, but it's incorrect.

Picking 12 words out of 2048 gives 2048¹² = 5.444*10³⁹
But if you consider the checksum, then the number of valid combinations is 2¹²⁸ = 3.403*10³⁸

FatFork

legendary

Activity: 1596

Merit: 2588

Top Crypto Casino

Quote from: LoyceV on April 28, 2023, 03:37:35 AM

Quote from: FatFork on April 28, 2023, 03:33:38 AM

Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio! Cheesy

Nice try, I'm not going to enter my seed words into a search string Tongue

Damn it, you got me! And here I was thinking maybe I could get away with it...

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: FatFork on April 28, 2023, 03:33:38 AM

Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio! Cheesy

Nice try, I'm not going to enter my seed words into a search string Tongue

FatFork

legendary

Activity: 1596

Merit: 2588

Top Crypto Casino

Quote from: LoyceV on April 28, 2023, 02:21:11 AM

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

Oh, with over 23 thousand posts on this forum, I'm sure you've posted your seed words online multiple times already. Congratulations on potentially compromising your entire crypto portfolio! Cheesy

apogio

sr. member

Activity: 406

Merit: 896

Adding to what o_e_l_e_o said above, I will only give 2 numbers for comparison.

If I give you 12 words (A,B,C,...,L) and ask you to put them in the correct order, then you have 479001600 possible combinations.

However BIP39 consists of 2048 words. So, If you want to guess 12 words out of the 2048 and try to arrange them in the correct order gives you ~~5,271,537,971,301,488,476,000,309,317,528,177,868,800~~ (check o_e_l_e_o post below) possible combinations.

The experiment was rediculous to say the least. It could be much more intuitive if the title was "Don't scramble your 12-word seed phrase and rely on this as a backup".

Final Thought:
It is not feasible (for the time being) for a machine to brute force a 12-word seed phrase. Even if 24-words are generally much safer than 12-words, the math clearly show us, that 12-words cannot be brute-forced.
Don't worry about being brute-forced. Worry about backing-up your words properly. Because, as you have seen in the article, knowing the 12 words is much more important than knowing their order. Finally ADD A PASSPHRASE!

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: SamReomo on April 28, 2023, 02:44:10 AM

Quote from: LoyceV on April 28, 2023, 02:21:11 AM

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

That's true indeed! It's unsafe to post the 12 seeds words online because if someone is keeping eye on you then that malicious person might be able to crack your wallet with those seeds by conducting a
brute-force attack to steal the Bitcoins out of it. If I'm not wrong then someone's seed phrase is key to the wallet and brute-force attacks can easily own the perfect combination of the seed phrase if those seed words are posted online.

Can you post your seed hrase online? I can not do that.
Can you even disarrange your seed phrase? I can not do that.

What if passhrase is used as an extended word. A passphrase that consists of uppercase, lowercase, and characters like @.,$+? More than 12 or more character long.

SamReomo

hero member

Activity: 784

Merit: 672

Top Crypto Casino

Quote from: LoyceV on April 28, 2023, 02:21:11 AM

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

That's true indeed! It's unsafe to post the 12 seeds words online because if someone is keeping eye on you then that malicious person might be able to crack your wallet with those seeds by conducting a
brute-force attack to steal the Bitcoins out of it. If I'm not wrong then someone's seed phrase is key to the wallet and brute-force attacks can easily own the perfect combination of the seed phrase if those seed words are posted online.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

So you're saying if I post my 12 seed words online, someone can steal my Bitcoins? What's next, if I post the details for my bank but scramble my PIN, someone can steal my euros too? Shocked

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: Synchronice on April 27, 2023, 02:21:56 PM

There was an article published on Cointelegraph six hours ago with a very interesting title with definitely looks like a clickbait title: What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes

Cointelegraph is not a source of knowledge, the technical articles on this site are not accurate or not verified so do not rely on it as a source of information.

12! It is safe for most GPUs to bruteforce, so whoever wants to try bruteforce should pay more to buy more advanced hardware ASCI and thus more time for you to transfer your money.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

I don't know why the title of that article was written in this way, to start it with "What security?", like a 51% attack just occurred and miners are currently double spending transactions at will, they mustn't use clickbait for all their articles.

If it wasn't possible for BTC to be stolen if ones seed phrase is revealed, even if scrambled, then why the warning never to reveal ones seed phrase. It is even unimportant to be too concerned about how long it would take to brute force a scrambled seed phrase depending on its length, i would rather be concerned about ensuring i have great opsec and that nobody ever finds my seed phrase.

BitcoinGirl.Club

legendary

Activity: 2702

Merit: 2645

Farewell LEO: o_e_l_e_o

Quote from: Synchronice on April 27, 2023, 02:21:56 PM

But if one knows seeds but not their ordering, then 12-word seed wallet will be vulnerable to attacks but 24-word seed phrase still maintains high security.

Isn't it general knowledge? A 24 word seed is better than a 12 words. The highest the words the better the security.

Quote from: o_e_l_e_o on April 27, 2023, 04:07:36 PM

The moral of the story is don't scramble (or do any other weird "tricks") to your seed phrase.

You got it wrong. The news channel/site needs story to keep their visitors engaged. If they don't add suspense then no one is going to click. The title is a perfect example.

Quote

What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes

It sounds like Bitcoin is finished LOL

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

So to make it simple:

1) Keep your seed safe and private (Duh!)
2) Longer things are more difficult to compromise then shorter things when done properly (Duh!)
3) Security is only as strong at it's weakest link (Duh!)

The 12 word thing was done before, and discussed to death. But it is good to bring it up now and then to remind people about security.

-Dave

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Synchronice on April 27, 2023, 02:21:56 PM

with definitely looks like a clickbait title:

Spammy, trash "news" site posts clickbait!? I'm shocked! Tongue

12 word seed phrases, when properly secured, are perfectly safe. If you reveal all the words, then of course it becomes unsafe. A scrambled 12 word seed phrase has only 12! = 479,001,600 possibilities. Add in the fact that on average 93.75% of the possibilities can be discarded for having an incorrect checksum, that only leaves 29,937,600 possibilities which require you to derive an address and check for funds. This is an easy task on even fairly modest home hardware.

The moral of the story is don't scramble (or do any other weird "tricks") to your seed phrase. The chances are either you will achieve nothing useful, or you will go too far the other way and lock yourself out of your wallets. Just write them down and store them safely.

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

Quote from: Synchronice on April 27, 2023, 02:21:56 PM

There are people who think that its okay to not completely hide your seeds if you remember the way they are ordered but this small experiment makes it pretty clear that one should be more cautious.

No one should consider scrambling their seeds as a way of keeping it away from Intruders, you can forget the actual order and can lose your bitcoins, especially if it's a 24 word seed phrase.

The essence of back ups is the safety of the location which should be as covert as possible to evade detection. If one location does not prove enough then one should consider using more than one location with a multi sig wallet and storing them differently. One getting compromised does not result in loss of funds.

An additional seedphrase which you can store separately is also a good alternative to scrambling the seed phrase.

Synchronice

hero member

Activity: 854

Merit: 772

Watch Bitcoin Documentary - https://t.ly/v0Nim

There was an article published on Cointelegraph six hours ago with a very interesting title with definitely looks like a clickbait title: What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes
So, here is the deal. One person posted all the 12 words of his wallet in no particular order. This wallet was filled with 100,000 satoshis. Long story short, it took 25 minutes to one person with modern GPU to bruteforce the wallet by using the software called BTCrecover.

There are people who think that its okay to not completely hide your seeds if you remember the way they are ordered but this small experiment makes it pretty clear that one should be more cautious.

Otherwise, your 12-word seed phrase is as safe as 24-word seed phrase if attacker doesn't know your seeds. But if one knows seeds but not their ordering, then 12-word seed wallet will be vulnerable to attacks but 24-word seed phrase still maintains high security.

Topic: 12-word seed vs 24-word seed? This seems pretty interesting - page 2. (Read 503 times)