Pages:
Author

Topic: Does BIP39 allow for the same word to be generated more than twice in a seed? (Read 315 times)

legendary
Activity: 4522
Merit: 3426
This is a valid bip-39 phrase.

Code:
abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art

It is derived from an entropy value of 0.
hero member
Activity: 560
Merit: 1060

I do agree  don't use 1 word 23 times as someone could simply try 1 million seeds that appear common .

In fact I randomly tested some phrases with 23 same words and their corresponding checksum. Most of them had transaction history, which means they have been used even as a joke.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
why would brute force do it so quickly?

if it is true brute force

and you have say 1500 word repeated 23 times.
There are hundreds of bots out there monitoring millions of easily hacked addresses waiting to sweep deposits the instant they show up. We've seen it countless times with brain wallets. Brain wallets generated from easy to guess phrases, such as common words, phrases, quotes, lyrics, etc., have any funds sent to the derived addresses stolen in under a second. These same bots are almost certainly also watching the addresses from any and all publicly revealed seed phrases, and any weak seed phrases, such as the same word repeated 23 times.

This is of course completely separate to a seed phrase including the same word twice or even three times, and these seed phrases are no easier to brute force than any other randomly generated seed phrases.

But that is not brute force that is more like social engineering. Which would be a bit different. It is more like using

000
111
222
333
444
555
666
777
888
999
123. as your first attempts on a 3 digit combo in the hope the programmer was lazy

btw if it works why not.


I do agree  don't use 1 word 23 times as someone could simply try 1 million seeds that appear common .


legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Maybe, my wording wasn't good.
No worries Smiley I like pointing out that "extremely unlikely" doesn't mean "it's still possible".



So you're telling me there's a chance
legendary
Activity: 2380
Merit: 5213
It's even possible that you generate a 24 word seed phrase and a single word is repeated 24 times.
Nope, that's not (realistically) possible. It would be more likely to generate someone else's seed phrase, than randomly ending up with 24 times the same word. It's just not going to happen.
You are right. That's practically impossible. That's why I said "The probability of a single word is repeated n times decreases exponentially with increase in n and that's why it's unlikely that you generate a seed phrase in which a single word is repeated 3 times, but as I said that's possible."

It's unlikely that the same word is repeated 3 times, let alone 24 times.

My point was that there is no rule preventing a word from being repeated multiple times and even if the same word is repeated 24 times, the seed phrase may be valid. Maybe, my wording wasn't good.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
There is no phenomenon that stops words from repeating more than once which can be twice, thrice, or even more while generating seeds based on BIP39.
It wouldn't make any sense to do so. By limiting the number of duplicate words, you're limiting the number of possible seed phrases. If anything, that makes it less secure.
As long as your seed phrase is created randomly, it doesn't matter.

It's even possible that you generate a 24 word seed phrase and a single word is repeated 24 times.
Nope, that's not (realistically) possible. It would be more likely to generate someone else's seed phrase, than randomly ending up with 24 times the same word. It's just not going to happen.

Even if you would brute-force the creation of billions of random seed phrases, and select the one one with most duplicate words, it still doesn't matter. Nobody else is going to randomly create the same seed phrase.

This comes to mind:

(source, although I'm pretty sure this isn't the original location)
legendary
Activity: 2268
Merit: 18771
why would brute force do it so quickly?

if it is true brute force

and you have say 1500 word repeated 23 times.
There are hundreds of bots out there monitoring millions of easily hacked addresses waiting to sweep deposits the instant they show up. We've seen it countless times with brain wallets. Brain wallets generated from easy to guess phrases, such as common words, phrases, quotes, lyrics, etc., have any funds sent to the derived addresses stolen in under a second. These same bots are almost certainly also watching the addresses from any and all publicly revealed seed phrases, and any weak seed phrases, such as the same word repeated 23 times.

This is of course completely separate to a seed phrase including the same word twice or even three times, and these seed phrases are no easier to brute force than any other randomly generated seed phrases.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
does BIP39 have rules that prevent the same word from being generated 3 times?

There is no phenomenon that stops words from repeating more than once which can be twice, thrice, or even more while generating seeds based on BIP39.

OP your question has been answered here

Andreas says in this video that you could use the same word 23 times + valid checksum and it would still be valid.
Yes, it will still be a valid wallet but if you are doing such a thing then the time taken to brute force your wallet will be 0.001 sec.

why would brute force do it so quickly?

if it is true brute force

and you have say 1500 word repeated 23 times.

it would start with

words. 1111111111…11
words 111111111…12


be a long fuck time before it gets to
1500,1500,1500,1500….

Or am I not understanding brute force.

A three digit combo brute force is

000
001
002… 999

so if you look at 000 first it takes time to get to 768

same idea if you run all the combo brute force.

or am I wrong
hero member
Activity: 560
Merit: 1060

Also sounds like a kid in the back seat and the adult in the front.


Haha and this wallet has been used actually. There are transactions.


legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Code:
zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong

Also sounds like a kid in the back seat and the adult in the front.




...
The chance of a 12 word seed having the same word at least twice : 3.18% (1 in 31)
The chance of a 12 word seed having the same word at least three times: 0.0052% (1 in 19,128)
The chance of a 12 word seed having the same word at least four times: 0.0000057% (1 in 17,407,725)

The chance of a 24 word seed having the same word at least twice: 12.65% (1 in Cool
The chance of a 24 word seed having the same word at least three times: 0.048% (1 in 2,089)
The chance of a 24 word seed having the same word at least four times: 0.00012% (1 in 814,729)
...

Makes you wonder how many times people have hit that 1 in X thing and not even noticed.
I know I have had at least 2 24 words with the same word twice that I was actually using for a while.

But, I have also generated so many for testing that I did not secure since thy were just for tests that it could have had 3 or more of the same but I never even looked.

-Dave
hero member
Activity: 560
Merit: 1060
Just as an example, the following is a valid seed phrase:

Code:
office smoke grid creek office smoke grid creek office smoke grid credit

It's produced by the following entropy

Code:
10011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001

As you can see the pattern is repetitive. Of course I produced it manually but every entropy generator must have the exact same probability for each word.

As oeleo said above, each word has the exact same possibility of appearing next, which is 1 out of 2048

By the way, the following is also valid:

Code:
zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!

The BIP39 standard doesn’t allow for any word to be repeated more than two times in a seed phrase.
This is completely wrong.
It's good this thread was created; at least what I was carrying around as knowledge is actually wrong.

In that case, you need to edit your first reply so that you don't pass your wrong knowledge on to someone else.

This leaves me with this question. There is a higher possibility of words being repeated in a seed phrase, or 24 words. Let's assume up to 3–4 random words are repeated to make up those 24 words. won't it make it a bit easier for such a seed phrase to easily be guessed?

Absolutely not. It's virtually impossible for anyone to guess the presence of a repeated word in a seed phrase. Therefore, a seed phrase with one or two repeating words is just as robust as a seed phrase with entirely unique words. Actually, I believe the opposite is true. Preventing duplicate words would, in fact, restrict the entropy of the seed phrase, making it weaker.
legendary
Activity: 2268
Merit: 18771
There is absolutely nothing stopping the same word for appearing multiple times in a seed phrase. I've answered this before:

For a 24 word seed, there is a 12.65% of the same word appearing twice or more, and a 0.0479% of the same word appearing three times or more. So one in every 2,000 seed phrases roughly would have the same word three times. So not that unlikely by any means.

Here are some more numbers:

The chance of a 12 word seed having the same word at least twice : 3.18% (1 in 31)
The chance of a 12 word seed having the same word at least three times: 0.0052% (1 in 19,128)
The chance of a 12 word seed having the same word at least four times: 0.0000057% (1 in 17,407,725)

The chance of a 24 word seed having the same word at least twice: 12.65% (1 in 8)
The chance of a 24 word seed having the same word at least three times: 0.048% (1 in 2,089)
The chance of a 24 word seed having the same word at least four times: 0.00012% (1 in 814,729)

This leaves me with this question. There is a higher possibility of words being repeated in a seed phrase, or 24 words. Let's assume up to 3–4 random words are repeated to make up those 24 words. won't it make it a bit easier for such a seed phrase to easily be guessed?
No. There isn't a "higher possibility" of words being repeated - there is the exact same possibility as any other word. If my first word is "zoo", then my second word has the exact same possibility to be "zoo" as it does to be any other specific word. Indeed, if we introduced code to prevent a word from appearing more than once, then you would actually be decreasing the final entropy of your seed phrase, since by the time you get to the 23rd word in your seed phrase, you no longer have 2,048 possibilities for that word but only 2,026, since you could not repeat any of the 22 words you had already used.
legendary
Activity: 2380
Merit: 5213
This leaves me with this question. There is a higher possibility of words being repeated in a seed phrase, or 24 words. Let's assume up to 3–4 random words are repeated to make up those 24 words. won't it make it a bit easier for such a seed phrase to easily be guessed?
Take note the the seed phrase is not generated by selecting words. For a generating a seed phrase, a random entropy is generated and that's encoded to a series of words.

If the seed phrase has been generated in the correct way, there's nothing to worry about.
The chance of a word repeating 3 or 4 times is very very low and even if that happens, there's nothing to worry about in the case the seed phrase has been generated completely randomly.

hero member
Activity: 868
Merit: 952
Yeah I saw this. But I Wasn't sure if the answer was just strictly talking about the chances of it happening in terms of mathematics - or if it was possible within the boundaries of BIP39 wallet generation.

There is chance although the probability isn’t high because logically picking a 12 or 24 series of words from a possible 2048 will widen the gap of it happening and that’s why we don’t see them occurring regularly but that doesn’t mean it isn’t. The thing stopping a group of words in right numbers from been a seed phrase either included a repeated words is if the checksum (which is contain in the last word) is not correct.

BIP39 seed phrases usually consist of 12, 18, or 24 words chosen randomly from a predefined list of 2000+ words.

It’s a total of 2048 from common words excepts the word Satoshi
sr. member
Activity: 686
Merit: 398

The BIP39 standard doesn’t allow for any word to be repeated more than two times in a seed phrase.
This is completely wrong.
It's good this thread was created; at least what I was carrying around as knowledge is actually wrong.

This leaves me with this question. There is a higher possibility of words being repeated in a seed phrase, or 24 words. Let's assume up to 3–4 random words are repeated to make up those 24 words. won't it make it a bit easier for such a seed phrase to easily be guessed?

I know that even if one gets all the words correctly, the possibility of arranging them accordingly is also really small, but still, repeated words make me think otherwise. Forgive my curiosity by just asking to be sure.
newbie
Activity: 13
Merit: 36
I was just wondering if - although unlikely - it was possible for a wallet to generate a 24 word seed that contains 3 of the same word.
Yes, that's possible.
It's even possible that you generate a 24 word seed phrase and a single word is repeated 24 times.

The probability of a single word is repeated n times decreases exponentially with increase in n and that's why it's unlikely that you generate a seed phrase in which a single word is repeated 3 times, but as I said that's possible.

Thanks I appreciate the insight.  Smiley
legendary
Activity: 2380
Merit: 5213
I was just wondering if - although unlikely - it was possible for a wallet to generate a 24 word seed that contains 3 of the same word.
Yes, that's possible.
(In theory) It's even possible that you generate a 24 word seed phrase and a single word is repeated 24 times.

The probability of a single word is repeated n times decreases exponentially with increase in n and that's why it's unlikely that you generate a seed phrase in which a single word is repeated 3 times, but as I said that's possible.


This post has been edited. Thanks LoyceV for the correction.
newbie
Activity: 13
Merit: 36
Whenever you generate a BIP39 seed phrase, you actually generate a random number and your seed phrase represents that random number.

If you generate a 24 word BIP39 seed phrase, the random number can be any number between 0 and 2256-1.

I totally understand that. I know that the words are just a more manageable way of expressing a huge number. I was just wondering if - although unlikely - it was possible for a wallet to generate a 24 word seed that contains 3 of the same word.

This means that any of the words can be repeated multiple times.

So multiple as in 3 or more times is technically possible (although exceedingly rare), correct?

does BIP39 have rules that prevent the same word from being generated 3 times?


OP your question has been answered here
Thanks
Yeah I saw this. But I Wasn't sure if the answer was just strictly talking about the chances of it happening in terms of mathematics - or if it was possible within the boundaries of BIP39 wallet generation.

Quote
Yes, it will still be a valid wallet but if you are doing such a thing then the time taken to brute force your wallet will be 0.001 sec.

Right obviously that would be insane.
legendary
Activity: 2380
Merit: 5213
Whenever you generate a BIP39 seed phrase, you actually generate a random number and your seed phrase represents that random number.

For example, if you generate a 24 word BIP39 seed phrase, the random number can be any number between 0 and 2256-1. This means that any of the words can be repeated multiple times.


The BIP39 standard doesn’t allow for any word to be repeated more than two times in a seed phrase.
This is completely wrong.
Pages:
Jump to: