Pages:
Author

Topic: How long to crack 24 word phrase if you know all 24 words out of order? - page 3. (Read 1190 times)

legendary
Activity: 952
Merit: 1386
If you don't know the position of 13 words instead of 12, then there are 13x as many combinations to try, so that would take roughly 13 hours.
For 14 words, 7 days.
For 15 words, 16 weeks.
For 16 words, 5 years.
For 17 words, 85 years.
For 18 words, 1500 years.

To be clear the "good hardware" in this context for this duration means a 48-core cloud computing server not a regular good hardware PC. With a PC with the best CPU you would get a couple of hours, possibly 5 or 6.
That's for BIP39 mnemonic, but for Electrum it should take a lot less by a factor of about 12.

Exactly. That's why I am not a big fan of providing exact data and saying "I will take 7 days". It will take 7 days on one specific computer, while on other it would take 6 days or 8 days. If Google or Amazon would like to use their datacenters and their hardware, maybe it would take 5 minutes.
The point is to understand how difficulty (time estimation) changes when we change length of seed - they say size does not matter, but we clearly see the longer the better  Grin
legendary
Activity: 3472
Merit: 10611
With good hardware, btcrecover will descramble a 12 word BIP39 seed phrase in an hour:
To be clear the "good hardware" in this context for this duration means a 48-core cloud computing server not a regular good hardware PC. With a PC with the best CPU you would get a couple of hours, possibly 5 or 6.
That's for BIP39 mnemonic, but for Electrum it should take a lot less by a factor of about 12.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
19 million years. I am impressed,  because at first when I read the topic I thought it was possible.

It's also based on a very generous assumption about performance (1 billion permutations per second) so probably a lot more than 19 million years. Extrapolating o_e_l_e_o's example takes us into billions of years.

OTOH perhaps some very resourceful entity (a government, or Jeff Bezos) could potentially use millions of supercomputers and do it e.g. in 1 year... the question is - to what end? It's a very narrow use case, doesn't break Bitcoin protocol, and how many wallets are there that could be hacked this way and would justify the likely cost of $trillions?

At any rate, I wouldn't advise scrambling the words as a safety measure, tempting as it may be due to the above. The focus should be on keeping the seed physically secure and easy for the owner to recover.
legendary
Activity: 2268
Merit: 18771
However,  if you know the location  of some of those words it would be easier (maybe possible) to brute force it. Because the difficulty increases exponentially
With good hardware, btcrecover will descramble a 12 word BIP39 seed phrase in an hour: https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example_Descrambling_a_12_word_seed/. Although not exactly the same due to the checksum, lets assume that if you know 12 out of the 24 words then you could descramble the remaining 12 words in roughly the same amount of time.

If you don't know the position of 13 words instead of 12, then there are 13x as many combinations to try, so that would take roughly 13 hours.
For 14 words, 7 days.
For 15 words, 16 weeks.
For 16 words, 5 years.
For 17 words, 85 years.
For 18 words, 1500 years.

No point calculating beyond that really. Tongue
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

Cryptography is really impressive.

I am curious to know the actual difficulty/cost/time involved to put a 24 word seed phrase in the correct order if you have the 24 words but not the correct order? I can see that there are 24^24 number of combinations but what does that translate into difficulty/time/cost?

However,  if you know the location  of some of those words it would be easier (maybe possible) to brute force it. Because the difficulty increases exponentially
legendary
Activity: 952
Merit: 1386
Of course, many depends on hardware. But:
1) we talk about the most pessimistic scenario (checking all the possibilities) - if you have luck, you may get correct result after one second
2) you may increase instantaneous speed of your calculations, but still you will process only a small fraction of all permutations during your life (or until Sun die).
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I think it all depends on your hardware speed like on btcrecover.py on cracking password, encrypted key, or seed phrase.

They have a list of hardware performance both CPU and GPU you can find it here https://btcrecover.readthedocs.io/en/latest/GPU_Acceleration/
Based on that chart GPU is much faster than CPU.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
Thank you! Very fascinating!
legendary
Activity: 3654
Merit: 8909
https://bpip.org
The 128 to 256 bits of entropy and the checksum which will add 4 to 8 more bits (depending on the number of bits of entropy) that result to seed phrase generation are secure and safe and makimg seed phrase  brute force impossible.

That's not what the OP is asking.

Even if you have the 24 words to guess from?

Still quite unfeasible:

https://bitcoin.stackexchange.com/questions/92540/bruteforcing-a-seed-with-24-words-of-a-unknown-order
legendary
Activity: 952
Merit: 1386
I am curious to know the actual difficulty/cost/time involved to put a 24 word seed phrase in the correct order if you have the 24 words but not the correct order? I can see that there are 24^24 number of combinations but what does that translate into difficulty/time/cost?

It is not 24^24 but 24! (=24*23*22*...*2*1).
Think about it that way:
on first position you may have any of 24 words
on second position any word from 23 left
on third position any word from 22 left...

I have prepared something like that in my program: https://github.com/PawelGorny/lostword
Check worker 'PERMUTATION_CHECK'.
Anyway with 24 words..... it is a lot of work.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
The 128 to 256 bits of entropy and the checksum which will add 4 to 8 more bits (depending on the number of bits of entropy) that result to seed phrase generation are secure and safe and makimg seed phrase  brute force impossible.

Even if you have the 24 words to guess from?
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
I am curious to know the actual difficulty/cost/time involved to put a 24 word seed phrase in the correct order if you have the 24 words but not the correct order? I can see that there are 24^24 number of combinations but what does that translate into difficulty/time/cost?
Pages:
Jump to: