Are Ledger Nano seeds secure? | Bitcointalksearch.org

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: Lionel on February 18, 2019, 04:12:55 PM

Brainwallets are not secure, at least if they have a relatively short seed , like 12 words.
What about Ledger ones that have 24 words?

What a lot of people fail to grasp... is that the wallets that utilise seed mnemonics (aka 12/24 words), do not start by generating words.

They start by using a (pseudo) random number generator to create a very large random number... this large random number is then converted into words by following the BIP39 process. (Note that Electrum follows a slightly different method for converting to words, but the underlying theory is the same... large random number -> words).

This is completely opposite to a "brainwallet" where the words are chosen first... and the number is generated from the words. As was already stated, creating your own brainwallet words generally leads to very poor entropy because humans are terrible at creating "random" things.

So, by starting with a random number, then converting to words... you retain the "entropy" to safeguard your coins.

mk4

legendary

Activity: 2870

Merit: 3873

📟 t3rminal.xyz

Quote from: Lucius on February 19, 2019, 12:50:46 PM

I think the weakest link in security of seed is the user himself.

This. The security of the seeds depends more on how you actually store your seed. If you store it offline on a piece of paper that's locked up somewhere(or digitally through a properly executed air-gapped device), then you're good. As opposed to storing your seed on a text file/word file/notes app/etc, then there's a good chance you're going to get screwed over in the future.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Lionel, you get answer from TryNinja regarding a possible hacking / guessing of 24 words for seed. But that's not all about security for Nano S seed, there is a option to add one more word to your seed, and this is called passphrase security. In that way you can further protect yours coins, even if someone get your seed they will need passphrase. For that reason is not good idea to save both in same place.

I think the weakest link in security of seed is the user himself.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

I've never heard of one single case of a Ledger seed, or any properly generated seed, being guessed, other than people who buy them from Ebay with an official looking seed prefilled on a card ready to be swept by the seller as soon as it's loaded.

TryNinja

legendary

Activity: 2758

Merit: 6830

What makes the brain wallets insecure isn't really the number of words. It's more about the fact that humans are bad at creating entropy. You may think your seed is "random" and "secure" enough, but it could be an easily brute-forced phrase.

Still, 24 words should be "safer" than 12 words.

Quote from: https://qr.ae/TUKGNB

there is 256 bits of input entropy for a 24-word seed, meaning that there are 2^256

possible 24-word seeds. This means that in order for the brute-forcer to have a 50% chance of finding your seed, they would need to check 2^256 ÷ 2 keys.

I did the math a while ago... The list is 2048 words. 2048^24 =

29,642,775,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 (rounded because I'm lazy)

Best of luck figuring that one out..

Lionel

sr. member

Activity: 613

Merit: 305

Brainwallets are not secure, at least if they have a relatively short seed , like 12 words.
What about Ledger ones that have 24 words?

Topic: Are Ledger Nano seeds secure? (Read 278 times)