Author

Topic: How Safe is 12-mnemonic seed Phase against brutefoce (Read 215 times)

legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
Yep, it's disappointing Sad Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even edit their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.
We are here to gain knowledge from each other. After you corrected me, I accepted because your point is true that not all hardware wallets are cold wallets. I did not think of editing the post but you think it is better to edit it and I have edited it now and make reference to your post for further reading. It is good to have someone like you on this forum.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Thank you for reminding me!!
~snip~


You're welcome - I hope the OP will understand how difficult (impossible) it is to crack a seed even of 12 words - and I must admit that this is one of the biggest misconceptions of a very large number of people who do not understand that the words in the seed are not only words that someone can guess just like that, but much more than that.



@LoyceV, You seem to be teaching Hero and Legendary members things they should know
Yep, it's disappointing Sad Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even edit their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.

Maybe editing the post in is not the biggest problem, because I already have experience with one of those members regarding some other "incorrect information" that I warned him about, but I didn't really get a polite answer. Unfortunately, we have reached the point where almost anyone can be in the signature campaign, regardless of the "quality" of the posts.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
By a rough over the thumb estimate I claim that we don't have enough energy and time on this planet to break or bruteforce a 12-word seed phrase (which in the case of BIP39 represents 128 bits of entropy, assuming this entropy's randomness is sufficiently "good").

You simply can't successfully bruteforce a 12-mnemonic seed phrase because there's not enough money for needed equipment, there's not enough energy on our planet (likely even by the amount we could harvest from here from the sun; a Dyson sphere is more a theoretical concept), there's not enough time to finish it before our sun will burn our planet when going through its red giant phase in a some billion years. (Not even speaking of likelyhood that humanity may destroy this planet or itself way earlier than our own sun will inevitably during its lifecycle.)

It's far easier and cheaper to threaten a wallet owner to reveal its wallet backup, but that's another topic.


I just hope this option doesn't exist in older firmwares.

How does it matter when Ledger crap's firmware is closed-source anyway? You can't know what shit was and is in their firmware. This alone is enough reason to stay away from Ledger crap. And the "genius" software crap Ledger Live will nag and force users to upgrade to current firmware, sooner or later. You get what you paid for...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
@LoyceV, You seem to be teaching Hero and Legendary members things they should know
Yep, it's disappointing Sad Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even edit their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.

I wasn't aware of the existance of this feature/service.
How about you edit your post now?
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

@bitmover has a good image that is always appropriate for a question like the OP's Wink

Thank you for reminding me!!

Here you go!

An image is better than a thousand words

Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?

i have some wallets with 12 seeds and im a bit uncertain if its really safe

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
@LoyceV, You seem to be teaching Hero and Legendary members things they should know, so I wonder what happens to those who get all their information from other (less credible) sources outside of this forum...?

People persistently repeat the same things that are completely incorrect when it comes to hardware wallets, and apparently a lot of people still have no idea what Ledger Recovery service is - which only means that maybe one day we will wake up and have a new Mt.Gox.



@bitmover has a good image that is always appropriate for a question like the OP's Wink
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction.
This is incorrect. Although you can use a hardware wallet offline, most users connect it to an online computer. Ledger nowadays can even "call home" and send your recovery phrase to Ledger.
Thank you for the link. I wasn't aware of the existance of this feature/service.
This is unfortunate because the only reason why anyone would buy a Ledger wallet is their promise that "your seed never leaves your device". Obviously, this is no longer true.
Now that we know that a third party service or entity can access your seeds (unencrypted) we will never be sure about how safe our wallets are.
I just hope this option doesn't exist in older firmwares.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction.
This is incorrect. Although you can use a hardware wallet offline, most users connect it to an online computer. Ledger nowadays can even "call home" and send your recovery phrase to Ledger.

Ledger is a cold storage wallet.
It's not. Cold storage means the device is never connected to the internet.

Quote
Even if you connect it to an online device, it will not reveal your seed/private keys.
That's the lie they told you when you bought it. You need the read the link I posted above!
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?
From this context you want to check if Electrum's default wordlist^12 is safe?
Electrum by default uses the same word list as BIP39 (but not limited to that) so you have 2048 words and will be bruteforcing 12 words.

2048^12 is 5,444,517,870,735,015,415,413,993,718,908,291,383,296
So based from the number, I don't think that there's a good chance to hit another person' seed phrase by bruteforcing the words alone.
I mean, it's not 1% low or even 0.000001% chance, it's 0.0000000000000000000000000000000000000002% chance.

Don't even think that starting from the entropy is slightly faster either since Electrum's seed doesn't have a checksum unlike BIP39,
all those 12 words are part of the entropy so you'll start with 132bits of entropy which is the same as the above.

In terms of actual resistance against bruteforce, read this document: electrum.readthedocs.io/en/latest/seedphrase.html#security-implications
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?
Ledger is a cold storage wallet. Even if you connect it to an online device, it will not reveal your seed/private keys.
Ledger generates the wallet seed and signs transactions locally. Ledger live or whatever supported wallet software you connect your ledger device to can't see your seed, it doesn't need it.
It's safe because the seed does never leave your ledger device.

edit: after reading LoyceV's reply bellow, I don't believe it's appropriate to classify Ledger as a cold wallet.
legendary
Activity: 2380
Merit: 5213
12 word seed phrase has 128 bits of entropy.
It is 24 word seed phrase that has 256 bits of entropy.
This is correct when it comes to a BIP39 seed phrase, but as OP mentioned electrum, I just want to add that in the case the seed phrase has been generated by electrum, it provides 132 bits of entropy if it contains 12 words and 264 bits of entropy if it contains 24 words.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
Okay

and if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?
Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction. But Ledgers wallets is one of the hardware wallets that I can not buy. You can go for the open source Trezor.

Edit: not all hardware wallets are offline wallets. Read what LoyceV said about it. https://bitcointalksearch.org/topic/m.63969475
copper member
Activity: 17
Merit: 5
Okay

and if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?


legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
The seed phrase is said to be an encoding of 256 bits entropy
12 word seed phrase has 128 bits of entropy.
It is 24 word seed phrase that has 256 bits of entropy.

If you’re looking at maybe since it’s a 12 seed phrase, then a 24 seed phrase might be safer then you’re not entirely wrong because the 12 seed phrase provides 128 bits of security while 24 seed phrase provides 256 bits of security, which makes it assume more safe. But since the private key also provides a 128bits security then the 12 word seed phrase is just as safe as the 24 word seed phrase
Let me complete it for you. Both 12 and 24 word seed phrases have 128 bitcoin of security. The reason I do not have to explain it is  because you later explained it.
hero member
Activity: 868
Merit: 952
Your seed phrases are safe just as you wish it to be safe. As long as the words as saved in a secure place without any word from the list been known, it is impossible for any brute force to actually crack it down. The seed phrase is said to be an encoding of 256 bits entropy that is there is 2^256 available seed phrases and at the moment nobody can brute force such thing. Watch this video to see how large the probability is, https://piped.video/watch?v=S9JGmA5_unY

The only thing brute force does is to disc ramble the words with some of the words know.


i have some wallets with 12 seeds and im a bit uncertain if its really safe

If you’re looking at maybe since it’s a 12 seed phrase, then a 24 seed phrase might be safer then you’re not entirely wrong because the 12 seed phrase provides 128 bits of security while 24 seed phrase provides 256 bits of security, which makes it assume more safe. But since the private key also provides a 128bits security then the 12 word seed phrase is just as safe as the 24 word seed phrase
sr. member
Activity: 476
Merit: 385
Baba God Noni
Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?
The chance of someone to bruteforce  12 word seed phrase is very tiny, as long as all the words are unknown. It is when like 8 words are known, and some letters in the other four words are known that the it might be bruteforce. So you have nothing to fear about anyone being able to bruteforce your seed phrase. Any seed phrase that have been generated cannot be generated again by 100 computers put together.

i have some wallets with 12 seeds and im a bit uncertain if its really safe
It is safe as long as you keep it away from third party.
member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
Whether it's a 12 word or 24 word seed phrase in terms of security they are both the same. If a 24-word mnemonic seed phrase is safe then a 12 word seed phrase too is safe.

In terms of brute forcing, its almost impossible for someone to guess the combination of your seed phrase out of the 2048 words in the mnemonic word list, where the problem lays is arranging them in the right order so it's currently considered impossible for now.

For now, you have nothing to worry about on how secured your seed phrase is but all you have to take responsibility of is keeping them safe yourself, hence it safe to a great extent.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Completely safe as of now. 12 words seed phrase are safe as long as you keep it safe.
copper member
Activity: 17
Merit: 5
Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?

i have some wallets with 12 seeds and im a bit uncertain if its really safe
Jump to: