Topic: 600 word seed (Read 396 times)
I'd wanna know where to store it and how secure it migh be
So you are effectively reducing your security to "only" the security of a standard bitcoin private key...
Even if he did write down his 600 word seed and never looked at his private keys, his security is still 128 bits. It doesn't matter what ridiculous thing he does with his seed phrase; his keys will never be more secure than 128 bits.All these things you can do your seed phrase - force it to be 600 words, additional passphrases, etc. - might increase the physical security of your seed phrase if it means an attacker has to compromise two or more back ups instead of just one, but the cryptographic security of your private keys remains 128 bits.
So you are effectively reducing your security to "only" the security of a standard bitcoin private key.
Security of bitcoin private keys are 128 bits since the security of Elliptic Curve keys are defined as half the key size (bitcoin curve is 256 bit). On the other hand security of entropy (if generated randomly and is strong) is the same as its size. If the 600 words are selected using the same word list as BIP39 with 2048 words then their security is 600*11=6,600 bits. A pointless increase but an increase nonetheless. Also i dont save 600 word seed i only save few key pairs. Thats all i need
So you are effectively reducing your security to "only" the security of a standard bitcoin private key... You've really gone to an awful lot of trouble to simply generate a couple of private keys 
It's like taking a taxi around the block to get to the house next door... you could have just walked
As for seed words, the words should not be "familiar", they should be randomly generated either by the computer or dice or coin flips.
it is always best to stick to the standards which means choosing words from the predefined wordlist that BIP39 uses too. this way in a couple of years when you wanted to recover your seed you won't have to also remember the customized method that you chose and the dictionary you used and end up losing your bitcoin to something that simple.
12 or 24 words is more than enough.
If you are a target, specifically, where is your 600 words saved or stored and do you have access to it? It can be "hacked" with a $5 wrench attack.
There is no one on this planet I know who would not give up his bitcoin wallet when threatened with physical violence (either them or someone they know), so if you've got your physical security covered, go ahead and have fun with 600 words.
I would just use dice, I bought a set of 100 6-sided dice of different colors.
As for seed words, the words should not be "familiar", they should be randomly generated either by the computer or dice or coin flips.
If you are a target, specifically, where is your 600 words saved or stored and do you have access to it? It can be "hacked" with a $5 wrench attack.
There is no one on this planet I know who would not give up his bitcoin wallet when threatened with physical violence (either them or someone they know), so if you've got your physical security covered, go ahead and have fun with 600 words.
I would just use dice, I bought a set of 100 6-sided dice of different colors.
As for seed words, the words should not be "familiar", they should be randomly generated either by the computer or dice or coin flips.
They also can be easily remembered.
What's with everyone in this thread talking about memorizing seed phrases?Write it down.
What do you need it for? 24 word seed-phrases are safe enough to not be hacked. They also can be easily remembered.
i believe i'm overly paranoid but in order to have same privkeys attacker must generate same 600 words. no?
No. An attacker trying to brute force a single private key without any additional information is just going to attempt to brute force the private key rather than the seed phrase it was derived from.If I generate a private key, to check for an address collision all I have to do is use elliptic curve multiplication to turn it to a public key, and then hash it a few times and convert to Base58.
If I generate a seed phrase, to check for an address collision I first have to go through 2048 rounds of HMAC-SHA512, and then multiple further rounds of HMAC-SHA512 to work down the derivation path to the relevant account and address index, and then elliptic curve multiplication and hash as above. It is a far more time consuming and resource intensive process. It makes much more sense for an attacker to try to brute force the individual key, which has the exact same security if you use 12 words or 600 words.
to brute force privkey attacker needs to generate all of possible privkeys. which can only be done by alliens and their super computer.
And to brute force a 24 word seed phrase, an attacker needs to generate all possible 24 word seed phrases. There are 2256 valid 24 word seed phrases, which is actually more than the number of valid private keys, which is slightly less than 2256. Quote
Then using a 600 word seed phrase makes even less sense.
i believe i'm overly paranoid but in order to have same privkeys attacker must generate same 600 words. no? to brute force privkey attacker needs to generate all of possible privkeys. which can only be done by alliens and their super computer. also keep in mind that pool of available keypairs getting smaller every second I always use my own entropy source to generate seed.
There is nothing wrong with this, and in fact, it is a good idea in some circumstances. I've done the same for a number of long term cold storage wallets. I generally use the "flip a coin 256 times" method to generate a 256 bit number. From there, you can choose to either convert it to a seed phrase, first by calculating and appending the checksum and then manually converting each group of 11 bits to a word on the BIP39 word list, or you can use the 256 bit number directly as a private key.I dont know why but i worry about address collision. Changes of it are very low but there is chance so with my luck I be first one.
There is only a theoretical chance of it happening. Practically, it will never happen. Here is a post of mine from a while ago explaining just how unlikely it is that someone guesses your private key:Given that most 2FA codes are 6 digits long, there is a 1 in 106 chance of someone guessing your 2FA code.
Assuming an average house lock has 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 108 chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 1016 chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*1031 chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*1077.
The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*1061, which is still around 2 thousand trillion times more likely than them guessing your private key.
Assuming an average house lock has 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 108 chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 1016 chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*1031 chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*1077.
The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*1061, which is still around 2 thousand trillion times more likely than them guessing your private key.
Also i dont save 600 word seed i only save few key pairs. Thats all i need
Then using a 600 word seed phrase makes even less sense. It doesn't matter if you have 12 words, 24 words, 600 words, or a million words. The security of any individual private key will always be the same. Quote
I know, but almost no one use the feature or use entropy from secure source
I always use my own entropy source to generate seed. cant trust iancoleman, ledger or any other wallets for that matter. I dont know why but i worry about address collision. Changes of it are very low but there is chance so with my luck I be first one.
Also i dont save 600 word seed i only save few key pairs. Thats all i need
Instead of memorizing a private key with a lot of characters, you should memorize 12 or 24 words you are familiar with.
No, you shouldn't. You should write it down on paper. 
i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool
BIP39 (Mnemonic Recovery Seed Phrase) is Bitcoin Improvement Proposal. Instead of memorizing a private key with a lot of characters, you should memorize 12 or 24 words you are familiar with.btw it was generated using iancoleman tool
The increase in words will be good but a lot of words will make the matter the opposite. The missed or lost word will increase and thus you will need to memorize it in digital form, which is aware of the increased risk.
Just to add to what have been said, if you have 600 words seed, you will have to copy paste it each time you need to recover your wallet. So, the seed needs to be saved on a digitally which represents another attack vector.
A 12 words seed is safe enough as long as the words have been randomly generated.
A 12 words seed is safe enough as long as the words have been randomly generated.
Purely by length (ignoring checksum, RNG, etc.), it's 2048600 / 204824 or 2048576 times more secure than 24 words.
The only thing it is more secure against is someone blindly trying to guess your seed phrase, which pretty much no one is ever going to do. It does not make your wallet, your private keys, or your coins any more secure.You can't generate 600 words seed with iancoleman tool, but even if it's possible there's security concern generate random number with browser.
You can. Click on "Show entropy details", and then make sure the drop down box shows "Use Raw Entropy (3 words per 32 bits)". You can then enter as much entropy as you like and it will generate as long a seed phrase as you like. You will obviously need to generate your own entropy to do this. Quote
2048^12 possible seeds
isnt chances much lower because of you only need to match few letters to know word?Bitcoin private keys themselves only have 128 bits of security, so anything beyond that for a seed phrase is technically unnecessary. Further, regardless of how long your seed phrase is, it is passed through the exact same process to create a 256 bit master private key and a 256 bit master chain code. Therefore, a 12 word seed phrase is just as secure as a 600 word seed phrase.
All you are achieving here is making your seed phrase more difficult to back up and massively increasing the chance you make a mistake when writing it down. You are not gaining any meaningful additional security.
Quote
2048^12 possible seeds
isnt chances much lower because of you only need to match few letters to know word? I generated huge entropy because 256 bits of entropy didnt seem secure to me: this is what 256 bits look like. 83926714dbf1948da358e3bddd99818d1b9fd3fd58c55e65765ffd780a4b4970 this is it. looks very breakable
Let's represent it with the number of permutations that a 12 words seed have.2048^12 possible seeds, a little less than that if you want to adhere to the checksum (lowers from 132bits to 128 bits). 5.44 x 10^39 possible permutations. Let's say you can bruteforce 1 million seeds a second; giving you about 1.7264453e+32 years to exhaust the key space. It's roughly the security of a Bitcoin address. 24 word seeds has even more permutations.
If someone really thinks he needs a 600 word seed let him use it, but before that we should really understand that a seed is just something that exists to make it easier for us humans to imagine some things. Behind all this is much more complicated mathematics that only a few can understand.
Someone said that there are already at least 1000 such questions and answers if the internet is searched, and for those who think they need more than 24 seed words, let them play a little with the number of grains of sand on earth or the number of atoms in space.
However, some may think that aliens have much more powerful computers, so if they start brute force BTC seeds, it is better to strengthen the protection a bit
Someone said that there are already at least 1000 such questions and answers if the internet is searched, and for those who think they need more than 24 seed words, let them play a little with the number of grains of sand on earth or the number of atoms in space.
Quote from: https://www.reddit.com/r/ledgerwallet/comments/caww02/why_is_a_24_word_seed_secure_against_brute_force/
toSaturnAndBeyond
There are more seed combinations than grains of sand on Earth.
WannabeWonk
It's actually closer to the number of mother fxxking atoms in the universe.
204824 is roughly 3×1079 and scientists estimate the number of atoms in the universe is around 1080.
There are more seed combinations than grains of sand on Earth.
WannabeWonk
It's actually closer to the number of mother fxxking atoms in the universe.
204824 is roughly 3×1079 and scientists estimate the number of atoms in the universe is around 1080.
However, some may think that aliens have much more powerful computers, so if they start brute force BTC seeds, it is better to strengthen the protection a bit
I generated huge entropy because 256 bits of entropy didnt seem secure to me: this is what 256 bits look like. 83926714dbf1948da358e3bddd99818d1b9fd3fd58c55e65765ffd780a4b4970 this is it. looks very breakable
You should try to avoid doing things that are not "standard" because if you are lucky the worst thing that could happen is that you will have a lot of problems recovering your funds by duplicating that self-defined process but if you are not you would be creating a weaker method that could endanger your funds.
Try to stick to the standard defined methods that are created by experts and are used by many implementations and their users.
Try to stick to the standard defined methods that are created by experts and are used by many implementations and their users.
It's like saying "how difficult is it to get to Pluto vs how difficult is it to get to Jupiter"... For all intents and purposes, they are both "impossible".
I love how my analogy is catching on i know its way too much but how safe is it vs 24 word seed?
It's like saying "how difficult is it to get to Pluto vs how difficult is it to get to Jupiter"... For all intents and purposes, they are both "impossible".As mentioned above, having a 600 word seed just adds in unnecessary complexity and is more prone to errors in transcribing and/or more likely to become problematic when attempting to restore.
It was not generated using iancoleman tool. The maximum number of word it takes is 24 words, as you can see in the picture below
Possible, using custom entropy in the checkbox. The words will still be derived from the list.@OP, the benefits of extra entropy diminishes with the increasing seed phrase length. 24 word seeds are already an overkill, 12 words is sufficient it provides for 128bits of entropy. It is far easier to have to type/store a 12 word seed than a 24 word seed and of course, 600 word seed. Most wallets do not support seed phrases that long and there is really no usecase for anything like that.
i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool
btw it was generated using iancoleman tool
It is not safer. There is no need to use 2048^600 combinations. This is will be problematic for you to save and recover when needed.
It was not generated using iancoleman tool. The maximum number of word it takes is 24 words, as you can see in the picture below
https://iancoleman.io/bip39/
What you might have done, is to use 24 word + 576 passphrase words. This will make your wallet unsafe, risky and you will probably lose your funds when you need to recover it.
WHen you add custom 576 words, a small typo may cause your wallet to be lost forever. As there are too many words, it will be almost impossible for you to determine what could have gone wrong, and those words are custom: They do not come from a fixed 2048 list of words.
i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool
btw it was generated using iancoleman tool
Jump to: