Author

Topic: How easy is it to brute force an electrum wallet password? (Read 1457 times)

legendary
Activity: 2464
Merit: 1145
Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

Quote
How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.

I don't think the seed has anything to do with this? I'm talking specifically about my electrum wallet password- NOT my seed.

My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

Re the first response, you are surely incorrect- brute forcing takes a different amount of time depending on what you want to brute force? I suppose the specific question I am asking is: on a reasonably powerful computer, how many microseconds does it take to test one password? If a billion can be tested per second that's a problem- but if ten can be, that's not.

We are talking about billions of pw per second depending on the hardware.

The average time depends on characters used, lenght of password, repititions etc
legendary
Activity: 1223
Merit: 1002
It depends on what kind of variation of characters your password is.

And on what kind of pc/computer (quick/slow) the atatcker has.
legendary
Activity: 3682
Merit: 1580
Quote
My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

I believe it's not really designed to withstand brute forcing from an attacker. Just a single pass of AES 256. Bitcoin core, for example, does a variable number of passes depending on how much CPU power you have.



full member
Activity: 146
Merit: 100
Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

Quote
How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.

I don't think the seed has anything to do with this? I'm talking specifically about my electrum wallet password- NOT my seed.

My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

Re the first response, you are surely incorrect- brute forcing takes a different amount of time depending on what you want to brute force? I suppose the specific question I am asking is: on a reasonably powerful computer, how many microseconds does it take to test one password? If a billion can be tested per second that's a problem- but if ten can be, that's not.
legendary
Activity: 2044
Merit: 1055
Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

Quote
How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.
legendary
Activity: 1274
Merit: 1000
Electrum wallet or email account, it doesn't matter, a password is a password is a password.  Check out https://www.grc.com/haystack.htm, might help you out.

Real words are about the easiest passwords to break, but ultimately is has to do with the characters that make up the password.

As ever, google has all the aswers: https://www.google.com/search?q=brute+force+password+time
full member
Activity: 146
Merit: 100
Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!
Jump to: