Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Dumb seeds phrases (Read 194 times)

o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Dumb seeds phrases
July 24, 2023, 03:57:42 AM
#12
Quote from: Knight Hider on July 23, 2023, 03:23:59 PM
Only one seed phrase passes the checksum and creates an (unused) Segwit wallet:
Of note, any Electrum seeds generated with version 4.1.3 or later will never also be a valid BIP39 seed phrase. If the seed Electrum generates by chance is also a valid BIP39 seed phrase (which has a 1 in 16 chance of happening given the 4 bit checksum), then Electrum will discard that phrase and keep incrementing until it finds another which passes the Electrum version check while also failing the BIP39 checksum. This helps to avoid confusion of people not knowing where their coins are when their seed phrase is both a valid Electrum and BIP39 seed phrase.

Here is the relevant commit: https://github.com/spesmilo/electrum/commit/29d13eb32f2ed26b426aef7f3ed1ddcd93a6135d

There is no check in the other direction, though, and any valid BIP39 seed phrase also has a 0.44% chance of being a valid Electrum seed phrase.
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: Dumb seeds phrases
July 23, 2023, 05:54:27 PM
#11
Quote from: Knight Hider on July 23, 2023, 03:23:59 PM
Quote from: NotATether on July 22, 2023, 11:13:00 PM
Note that not even the checksum can protect you in this case, even though every mnemonic phrase you quoted fails the checksum check.
Only one seed phrase passes the checksum and creates an (unused) Segwit wallet:
I think NotATether is talking about BIP39 seed phrases, not seed phrases that are generated by electrum.
If that's the case, there are 130 words that can make a 12 word BIP39 seed phrase passing the checksum.

Code:
 
 action action action action action action action action action action action action
 agent agent agent agent agent agent agent agent agent agent agent agent
 aim aim aim aim aim aim aim aim aim aim aim aim
 all all all all all all all all all all all all
 ankle ankle ankle ankle ankle ankle ankle ankle ankle ankle ankle ankle
 announce announce announce announce announce announce announce announce announce announce announce announce
 audit audit audit audit audit audit audit audit audit audit audit audit
 awesome awesome awesome awesome awesome awesome awesome awesome awesome awesome awesome awesome
 beef beef beef beef beef beef beef beef beef beef beef beef
 believe believe believe believe believe believe believe believe believe believe believe believe
 blue blue blue blue blue blue blue blue blue blue blue blue
 border border border border border border border border border border border border
 brand brand brand brand brand brand brand brand brand brand brand brand
 breeze breeze breeze breeze breeze breeze breeze breeze breeze breeze breeze breeze
 bus bus bus bus bus bus bus bus bus bus bus bus
 business business business business business business business business business business business business
 cannon cannon cannon cannon cannon cannon cannon cannon cannon cannon cannon cannon
 canyon canyon canyon canyon canyon canyon canyon canyon canyon canyon canyon canyon
 carry carry carry carry carry carry carry carry carry carry carry carry
 cave cave cave cave cave cave cave cave cave cave cave cave
 century century century century century century century century century century century century
 cereal cereal cereal cereal cereal cereal cereal cereal cereal cereal cereal cereal
 chronic chronic chronic chronic chronic chronic chronic chronic chronic chronic chronic chronic
 coast coast coast coast coast coast coast coast coast coast coast coast
 convince convince convince convince convince convince convince convince convince convince convince convince
 cute cute cute cute cute cute cute cute cute cute cute cute
 dawn dawn dawn dawn dawn dawn dawn dawn dawn dawn dawn dawn
 dilemma dilemma dilemma dilemma dilemma dilemma dilemma dilemma dilemma dilemma dilemma dilemma
 divorce divorce divorce divorce divorce divorce divorce divorce divorce divorce divorce divorce
 dry dry dry dry dry dry dry dry dry dry dry dry
 elevator elevator elevator elevator elevator elevator elevator elevator elevator elevator elevator elevator
 else else else else else else else else else else else else
 embrace embrace embrace embrace embrace embrace embrace embrace embrace embrace embrace embrace
 enroll enroll enroll enroll enroll enroll enroll enroll enroll enroll enroll enroll
 escape escape escape escape escape escape escape escape escape escape escape escape
 evolve evolve evolve evolve evolve evolve evolve evolve evolve evolve evolve evolve
 exclude exclude exclude exclude exclude exclude exclude exclude exclude exclude exclude exclude
 excuse excuse excuse excuse excuse excuse excuse excuse excuse excuse excuse excuse
 exercise exercise exercise exercise exercise exercise exercise exercise exercise exercise exercise exercise
 expire expire expire expire expire expire expire expire expire expire expire expire
 fetch fetch fetch fetch fetch fetch fetch fetch fetch fetch fetch fetch
 fever fever fever fever fever fever fever fever fever fever fever fever
 forward forward forward forward forward forward forward forward forward forward forward forward
 fury fury fury fury fury fury fury fury fury fury fury fury
 garment garment garment garment garment garment garment garment garment garment garment garment
 gauge gauge gauge gauge gauge gauge gauge gauge gauge gauge gauge gauge
 gym gym gym gym gym gym gym gym gym gym gym gym
 half half half half half half half half half half half half
 harsh harsh harsh harsh harsh harsh harsh harsh harsh harsh harsh harsh
 hole hole hole hole hole hole hole hole hole hole hole hole
 hybrid hybrid hybrid hybrid hybrid hybrid hybrid hybrid hybrid hybrid hybrid hybrid
 illegal illegal illegal illegal illegal illegal illegal illegal illegal illegal illegal illegal
 include include include include include include include include include include include include
 index index index index index index index index index index index index
 into into into into into into into into into into into into
 invest invest invest invest invest invest invest invest invest invest invest invest
 involve involve involve involve involve involve involve involve involve involve involve involve
 jeans jeans jeans jeans jeans jeans jeans jeans jeans jeans jeans jeans
 kick kick kick kick kick kick kick kick kick kick kick kick
 kite kite kite kite kite kite kite kite kite kite kite kite
 later later later later later later later later later later later later
 layer layer layer layer layer layer layer layer layer layer layer layer
 legend legend legend legend legend legend legend legend legend legend legend legend
 life life life life life life life life life life life life
 lyrics lyrics lyrics lyrics lyrics lyrics lyrics lyrics lyrics lyrics lyrics lyrics
 margin margin margin margin margin margin margin margin margin margin margin margin
 melody melody melody melody melody melody melody melody melody melody melody melody
 mom mom mom mom mom mom mom mom mom mom mom mom
 more more more more more more more more more more more more
 morning morning morning morning morning morning morning morning morning morning morning morning
 nation nation nation nation nation nation nation nation nation nation nation nation
 neck neck neck neck neck neck neck neck neck neck neck neck
 neglect neglect neglect neglect neglect neglect neglect neglect neglect neglect neglect neglect
 never never never never never never never never never never never never
 noble noble noble noble noble noble noble noble noble noble noble noble
 novel novel novel novel novel novel novel novel novel novel novel novel
 obvious obvious obvious obvious obvious obvious obvious obvious obvious obvious obvious obvious
 ocean ocean ocean ocean ocean ocean ocean ocean ocean ocean ocean ocean
 oil oil oil oil oil oil oil oil oil oil oil oil
 orphan orphan orphan orphan orphan orphan orphan orphan orphan orphan orphan orphan
 oxygen oxygen oxygen oxygen oxygen oxygen oxygen oxygen oxygen oxygen oxygen oxygen
 pause pause pause pause pause pause pause pause pause pause pause pause
 peasant peasant peasant peasant peasant peasant peasant peasant peasant peasant peasant peasant
 permit permit permit permit permit permit permit permit permit permit permit permit
 piano piano piano piano piano piano piano piano piano piano piano piano
 proof proof proof proof proof proof proof proof proof proof proof proof
 pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin pumpkin
 question question question question question question question question question question question question
 real real real real real real real real real real real real
 report report report report report report report report report report report report
 rough rough rough rough rough rough rough rough rough rough rough rough
 rude rude rude rude rude rude rude rude rude rude rude rude
 salad salad salad salad salad salad salad salad salad salad salad salad
 scale scale scale scale scale scale scale scale scale scale scale scale
 screen screen screen screen screen screen screen screen screen screen screen screen
 sea sea sea sea sea sea sea sea sea sea sea sea
 seat seat seat seat seat seat seat seat seat seat seat seat
 sell sell sell sell sell sell sell sell sell sell sell sell
 seminar seminar seminar seminar seminar seminar seminar seminar seminar seminar seminar seminar
 seven seven seven seven seven seven seven seven seven seven seven seven
 sheriff sheriff sheriff sheriff sheriff sheriff sheriff sheriff sheriff sheriff sheriff sheriff
 siege siege siege siege siege siege siege siege siege siege siege siege
 silver silver silver silver silver silver silver silver silver silver silver silver
 soldier soldier soldier soldier soldier soldier soldier soldier soldier soldier soldier soldier
 spell spell spell spell spell spell spell spell spell spell spell spell
 split split split split split split split split split split split split
 spray spray spray spray spray spray spray spray spray spray spray spray
 stadium stadium stadium stadium stadium stadium stadium stadium stadium stadium stadium stadium
 sugar sugar sugar sugar sugar sugar sugar sugar sugar sugar sugar sugar
 sunny sunny sunny sunny sunny sunny sunny sunny sunny sunny sunny sunny
 sure sure sure sure sure sure sure sure sure sure sure sure
 tobacco tobacco tobacco tobacco tobacco tobacco tobacco tobacco tobacco tobacco tobacco tobacco
 tongue tongue tongue tongue tongue tongue tongue tongue tongue tongue tongue tongue
 track track track track track track track track track track track track
 tree tree tree tree tree tree tree tree tree tree tree tree
 trouble trouble trouble trouble trouble trouble trouble trouble trouble trouble trouble trouble
 twelve twelve twelve twelve twelve twelve twelve twelve twelve twelve twelve twelve
 twice twice twice twice twice twice twice twice twice twice twice twice
 type type type type type type type type type type type type
 uniform uniform uniform uniform uniform uniform uniform uniform uniform uniform uniform uniform
 useless useless useless useless useless useless useless useless useless useless useless useless
 valid valid valid valid valid valid valid valid valid valid valid valid
 very very very very very very very very very very very very
 vibrant vibrant vibrant vibrant vibrant vibrant vibrant vibrant vibrant vibrant vibrant vibrant
 virtual virtual virtual virtual virtual virtual virtual virtual virtual virtual virtual virtual
 vocal vocal vocal vocal vocal vocal vocal vocal vocal vocal vocal vocal
 warrior warrior warrior warrior warrior warrior warrior warrior warrior warrior warrior warrior
 word word word word word word word word word word word word
 world world world world world world world world world world world world
 yellow yellow yellow yellow yellow yellow yellow yellow yellow yellow yellow yellow
Knight Hider
member
Activity: 239
Merit: 59
a young loner on a crusade
Re: Dumb seeds phrases
July 23, 2023, 03:23:59 PM
#10
Quote from: NotATether on July 22, 2023, 11:13:00 PM
Note that not even the checksum can protect you in this case, even though every mnemonic phrase you quoted fails the checksum check.
Only one seed phrase passes the checksum and creates an (unused) Segwit wallet:
Code:
zone zone zone zone zone zone zone zone zone zone zone zone

Quote from: o_e_l_e_o on July 23, 2023, 01:44:16 AM
Old style Electrum seed phrases originally used this word list of 1626 words: https://github.com/spesmilo/electrum/blob/18cf546aab7d1a4d122a85ae2b49935cf64c9510/electrum/old_mnemonic.py#L31. There are quite a few words on that list which are not on the BIP39 word list, so OP might find even more such seed phrases from word on that list, too.
You're right, there's more:
Code:
house house house house house house house house house house house house
god god god god god god god god god god god god
marry marry marry marry marry marry marry marry marry marry marry marry
everybody everybody everybody everybody everybody everybody everybody everybody everybody everybody everybody everybody
money money money money money money money money money money money money
daddy daddy daddy daddy daddy daddy daddy daddy daddy daddy daddy daddy
fact fact fact fact fact fact fact fact fact fact fact fact
gay gay gay gay gay gay gay gay gay gay gay gay
dot dot dot dot dot dot dot dot dot dot dot dot
Two wallets stand out:
Seed "everybody everybody everybody" took over a month to drain in January 2023.
Seed "dot dot dot" received 37 deposits at different addresses from June to September 2022, all of which were quickly withdrawn to 3LxraFZM7JRzUpecMoc9UoaGSq8qr31rjR at low fee. It looks like only one person was watching this wallet.

--Knight Hider
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: Dumb seeds phrases
July 23, 2023, 10:03:36 AM
#9
Quote from: Findingnemo on July 23, 2023, 09:50:57 AM
But those who seek the utmost security can go with the way there will be no compromise at all especially those who don't trust the Windows operating system. I forgot to mention that creating seeds offline on a device that they will connect to the internet later still has the risk of exposure to threats so it should be on clean air gapped device.
Right.
My point was that electrum generates the seed phrase completely randomly and when it comes to security and randomness of your seed phrase, there is no tool that is "better than electrum".
If you generate your seed phrase using electrum on a secure air-gapped device, you are safe enough. If you generate your seed phrase using electrum on an unsafe environment, your wallet wouldn't be secure, but that's not electrum's fault.
Findingnemo
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Re: Dumb seeds phrases
July 23, 2023, 09:50:57 AM
#8
Quote from: hosseinimr93 on July 23, 2023, 09:18:52 AM
Quote from: Findingnemo on July 23, 2023, 07:53:38 AM
For someone who wants to create seed phrases completely offline and better than Electrum should use an operating system like Tails
With generating your seed phrase offline, you can increase your security, but note that electrum itself is safe enough and generates the seed phrases completely randomly.
But those who seek the utmost security can go with the way there will be no compromise at all especially those who don't trust the Windows operating system. I forgot to mention that creating seeds offline on a device that they will connect to the internet later still has the risk of exposure to threats so it should be on clean air gapped device.
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: Dumb seeds phrases
July 23, 2023, 09:18:52 AM
#7
Quote from: Findingnemo on July 23, 2023, 07:53:38 AM
People often choose seed phrases based on memorable words or phrases, but using the same word repeated multiple times is just the dumbest thought I have ever heard.
I don't think so. People usually generate their seed phrase randomly using softwares. I don't think there are many people creating their wallet with choosing the words by themselves.


Quote from: Findingnemo on July 23, 2023, 07:53:38 AM
For someone who wants to create seed phrases completely offline and better than Electrum should use an operating system like Tails
With generating your seed phrase offline, you can increase your security, but note that electrum itself is safe enough and generates the seed phrases completely randomly.
Findingnemo
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Re: Dumb seeds phrases
July 23, 2023, 07:53:38 AM
#6
People often choose seed phrases based on memorable words or phrases, but using the same word repeated multiple times is just the dumbest thought I have ever heard. I hope no one is out there with the same thought because the seed phrases that lack sufficient entropy, become vulnerable to various attacks.

For someone who wants to create seed phrases completely offline and better than Electrum should use an operating system like Tails

https://tails.net/index.en.html

Also please refer to [Full Guide+Code]Seed Phrase & The Process of Deriving Bitcoin Addresses from It
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: Dumb seeds phrases
July 23, 2023, 01:44:16 AM
#5
Quote from: NotATether on July 22, 2023, 11:13:00 PM
Note that not even the checksum can protect you in this case, even though every mnemonic phrase you quoted fails the checksum check.
None of these seeds are valid BIP39 seed phrases as you say, but the addresses OP is looking at were not generated by using them as BIP39 seed phrases. If you ignore the checksum and import them as BIP39 seed phrases you get empty wallets. Rather you reach these funded addresses only if you import those seed phrases in to Electrum and let Electrum assume they are old style Electrum seed phrases, bearing in mind of course that Electrum seed phrases existed for 2 years before BIP39 seed phrases.

Old style Electrum seed phrases originally used this word list of 1626 words: https://github.com/spesmilo/electrum/blob/18cf546aab7d1a4d122a85ae2b49935cf64c9510/electrum/old_mnemonic.py#L31. There are quite a few words on that list which are not on the BIP39 word list, so OP might find even more such seed phrases from word on that list, too.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: Dumb seeds phrases
July 23, 2023, 12:51:07 AM
#4
Quote from: Knight Hider on July 22, 2023, 01:39:40 PM
What were they thinking?
It's not possible to know motivation of all of them but this is pretty similar to using keys in low ranges (eg. key=1) and using known keys (like the one in bitcoin wiki page) or known mnemonics (eg. test vectors) or the silly brainwallets.
The reasons go from a silly "treasure hunt" which is basically a donation to anybody who can get there faster, to mistakes people made when testing these things with real money.
Faisal2202
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
Re: Dumb seeds phrases
July 23, 2023, 12:23:26 AM
#3
So you are saying there are some people in the crypto sphere dumb enough that they made their own seed phrase and use the same words 12 times!. I mean really! i am also shocked because at first reading i didn't get your main context but after reading 2 or 3 times i understood.

Really, what a dumb idea but of course, they just might be testing things out because i have also made many wallets address for some purposes. And many times i have to see the word "summer, Sad. Dad, above, wet, whisper, " coming again and again.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: Dumb seeds phrases
July 22, 2023, 11:13:00 PM
#2
Thankfully it was only 12 instances, it could be much more if everyone know what the valid words can be in a mnemonic.

Note that not even the checksum can protect you in this case, even though every mnemonic phrase you quoted fails the checksum check. It just uses the entropy  from the rest of the words to create the addresses and private keys anyway.
Knight Hider
member
Activity: 239
Merit: 59
a young loner on a crusade
Re: Dumb seeds phrases
July 22, 2023, 01:39:40 PM
#1
I checked all 2048 potential seed phrases that use the same word 12 times. Funds have been sent to wallets created from those seeds:
Code:
above above above above above above above above above above above above
crime crime crime crime crime crime crime crime crime crime crime crime
dad dad dad dad dad dad dad dad dad dad dad dad
flower flower flower flower flower flower flower flower flower flower flower flower
hello hello hello hello hello hello hello hello hello hello hello hello
like like like like like like like like like like like like
please please please please please please please please please please please please
sad sad sad sad sad sad sad sad sad sad sad sad
safe safe safe safe safe safe safe safe safe safe safe safe
secret secret secret secret secret secret secret secret secret secret secret secret
stone stone stone stone stone stone stone stone stone stone stone stone
summer summer summer summer summer summer summer summer summer summer summer summer
test test test test test test test test test test test test
wet wet wet wet wet wet wet wet wet wet wet wet
whisper whisper whisper whisper whisper whisper whisper whisper whisper whisper whisper whisper
What were they thinking?

Most, but not all wallets, were instantly swept. Three wallets stand out the most:
Seed "summer summer summer" took 51 blocks to sweep 0.17BTC in 2019: 77f914eaeb3aa408b534c64e9506defa9f80b51d52fe8f59b02b2ad0e49ce38a.
Seed "like like like" was used in 2013, when it took 10884 blocks to sweep 0.031BTC, and again in 2021, when 0.027BTC was swept instantly.
Seed "sad sad sad" has a fitting name, whoever lost his Bitcoin here did it again 10 days later.


Lesson to learn from this: don't make up your own seed phrase.

--Knight Hider
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: