Topic: 21 word seed got exposed, is it bad ? - page 2. (Read 372 times)

If the position of these words is known, then yes. Definetely crackable. Within a short timeframe.





If an attacker had 3 (out of 24) words without knowing any particular spot/order the amount of combinations would be:

Amount of 'iterations' when choosing 3 position out of 24 to guess (24 choose 3) = 2024 (without any order of these 3 words) -> (2024 * 3!) = 12 144 (considering all possible orders)

Now for each of these iteration you need to check 21 positions with 2048 words (2048²¹) = 3,45087317 * 10⁶⁹ combinations.

To sum it up: 12 144 * 3,45087317 * 10⁶⁹ = 4,19074038 × 10⁷³ would be the amount of combination.
Thats just slightly below the 2,96427748 × 10⁷⁹ combinations from the full 24 words. Still considered safe.

---

Just saw its mentioned the other way around 

With 21 out of 24 words known you have 2024 possibilities to chose the position of the word -> multiplied with 3! ->  12 144 combinations to check.

Now each of those combinations has 2048³ possibilities to get 'filled' -> 2048³ * 12 144 = 104 316 165 685 248 combinations an attacker had to check.


I would say this is definetely possible to crack.
If you aren't sure whether your seed got compromised (or if you are sure it got somehow lost/compromised) you should create a new wallet/seed ASAP.

It depends on whether or not the order is known... for instance, if the attacker knew that they had words 1-21 or 4-24 (ie. the first 21 or the last 21 words) and were simply trying to find the missing 3 words... then the number of possible combinations would only be:

2048 * 2048 * 2048 = 8,589,934,592

Which really isn't a lot at all... and a simple script would crack that in minutes.

However, if the attacker had no clue as to the position of the missing words... ie. you'd taken 3 words from position 3, 17 and 23, but there was no indication of position/order of words on the paper (ie. they're not numbered)... then things become a lot more complicated. The number of combinations the attacker would need to test increases by several orders of magnitude and it would require a lot more work. It's possible the time required would extend to hours or days or years. I'm not not sure of the actual math... possibly something like:

(2048 * 24) * (2048 * 24) * (2048 * 24) = 118,747,260,000,000+ combinations (note, I'm very tired, so this math is probably really wrong )

Having said that... if you knew that your 21 words had been compromised, you should immediately generate a new seed and move all coins from the old wallet to the new one and then "burn" the old wallet/seed...



There are 2048 words for BIP39 seeds: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Im just thinking, lets say there are 5000 words, then it would take long time to get these 3 right word in the right order, no ?

No. It'd be fairly easy (if they could work out what it was of course).

Your best bet would be to go with 12 words and then the other 12 words (if you input them the wrong way, it'll be rejected by the ledger nano anyway.

Not sure! but I would still move my wallet to a different one just to feel safe!
but If I were you, I would do 18 or 20 for paper and the rest for my brain

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

thanks