How Safe is 12-mnemonic seed Phase against brutefoce

_act_

hero member

Activity: 868

Merit: 1094

Quote from: LoyceV on April 20, 2024, 08:55:21 AM

Yep, it's disappointing Sad

Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even ~~edit~~ their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.

We are here to gain knowledge from each other. After you corrected me, I accepted because your point is true that not all hardware wallets are cold wallets. I did not think of editing the post but you think it is better to edit it and I have edited it now and make reference to your post for further reading. It is good to have someone like you on this forum.

Lucius

legendary

Activity: 3220

Merit: 5634

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bitmover on April 20, 2024, 07:10:49 AM

Thank you for reminding me!!
~snip~

You're welcome - I hope the OP will understand how difficult (impossible) it is to crack a seed even of 12 words - and I must admit that this is one of the biggest misconceptions of a very large number of people who do not understand that the words in the seed are not only words that someone can guess just like that, but much more than that.

Quote from: LoyceV on April 20, 2024, 08:55:21 AM

Quote from: Lucius on April 20, 2024, 06:30:38 AM

@LoyceV, You seem to be teaching Hero and Legendary members things they should know

Yep, it's disappointing Sad

Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even ~~edit~~ their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.

Maybe editing the post in is not the biggest problem, because I already have experience with one of those members regarding some other "incorrect information" that I warned him about, but I didn't really get a polite answer. Unfortunately, we have reached the point where almost anyone can be in the signature campaign, regardless of the "quality" of the posts.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

By a rough over the thumb estimate I claim that we don't have enough energy and time on this planet to break or bruteforce a 12-word seed phrase (which in the case of BIP39 represents 128 bits of entropy, assuming this entropy's randomness is sufficiently "good").

You simply can't successfully bruteforce a 12-mnemonic seed phrase because there's not enough money for needed equipment, there's not enough energy on our planet (likely even by the amount we could harvest from here from the sun; a Dyson sphere is more a theoretical concept), there's not enough time to finish it before our sun will burn our planet when going through its red giant phase in a some billion years. (Not even speaking of likelyhood that humanity may destroy this planet or itself way earlier than our own sun will inevitably during its lifecycle.)

It's far easier and cheaper to threaten a wallet owner to reveal its wallet backup, but that's another topic.

Quote from: khaled0111 on April 20, 2024, 05:57:05 AM

I just hope this option doesn't exist in older firmwares.

How does it matter when Ledger crap's firmware is closed-source anyway? You can't know what shit was and is in their firmware. This alone is enough reason to stay away from Ledger crap. And the "genius" software crap Ledger Live will nag and force users to upgrade to current firmware, sooner or later. You get what you paid for...

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Lucius on April 20, 2024, 06:30:38 AM

@LoyceV, You seem to be teaching Hero and Legendary members things they should know

Yep, it's disappointing Sad

Seeing BS on the tech boards from Newbies is one thing, but this is even more worrying. What makes it worse, is that they don't even ~~edit~~ their post after realizing they were wrong. Apparently those signature payments are more important than posting correct information for others who read this topic later.

Quote from: khaled0111 on April 20, 2024, 05:57:05 AM

I wasn't aware of the existance of this feature/service.

How about you edit your post now?

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: Lucius on April 20, 2024, 06:30:38 AM

@bitmover has a good image that is always appropriate for a question like the OP's Wink

Thank you for reminding me!!

Here you go!

An image is better than a thousand words

Quote from: karusell22 on April 19, 2024, 05:25:46 PM

Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?

i have some wallets with 12 seeds and im a bit uncertain if its really safe

Lucius

legendary

Activity: 3220

Merit: 5634

Blackjack.fun-Free Raffle-Join&Win $50🎲

@LoyceV, You seem to be teaching Hero and Legendary members things they should know, so I wonder what happens to those who get all their information from other (less credible) sources outside of this forum...?

People persistently repeat the same things that are completely incorrect when it comes to hardware wallets, and apparently a lot of people still have no idea what Ledger Recovery service is - which only means that maybe one day we will wake up and have a new Mt.Gox.

@bitmover has a good image that is always appropriate for a question like the OP's Wink

khaled0111

legendary

Activity: 2506

Merit: 2832

Top Crypto Casino

Quote from: LoyceV on April 20, 2024, 05:05:27 AM

Quote from: _act_ on April 19, 2024, 06:22:09 PM

Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction.

This is incorrect. Although you can use a hardware wallet offline, most users connect it to an online computer. Ledger nowadays can even "call home" and send your recovery phrase to Ledger.

Thank you for the link. I wasn't aware of the existance of this feature/service.
This is unfortunate because the only reason why anyone would buy a Ledger wallet is their promise that "your seed never leaves your device". Obviously, this is no longer true.
Now that we know that a third party service or entity can access your seeds (unencrypted) we will never be sure about how safe our wallets are.
I just hope this option doesn't exist in older firmwares.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: _act_ on April 19, 2024, 06:22:09 PM

Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction.

This is incorrect. Although you can use a hardware wallet offline, most users connect it to an online computer. Ledger nowadays can even "call home" and send your recovery phrase to Ledger.

Quote from: khaled0111 on April 19, 2024, 06:29:26 PM

Ledger is a cold storage wallet.

It's not. Cold storage means the device is never connected to the internet.

Quote

Even if you connect it to an online device, it will not reveal your seed/private keys.

That's the lie they told you when you bought it. You need the read the link I posted above!

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: karusell22 on April 19, 2024, 05:25:46 PM

Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?

From this context you want to check if Electrum's default wordlist^12 is safe?
Electrum by default uses the same word list as BIP39 (but not limited to that) so you have 2048 words and will be bruteforcing 12 words.

2048^12 is 5,444,517,870,735,015,415,413,993,718,908,291,383,296
So based from the number, I don't think that there's a good chance to hit another person' seed phrase by bruteforcing the words alone.
I mean, it's not 1% low or even 0.000001% chance, it's 0.0000000000000000000000000000000000000002% chance.

Don't even think that starting from the entropy is slightly faster either since Electrum's seed doesn't have a checksum unlike BIP39,
all those 12 words are part of the entropy so you'll start with 132bits of entropy which is the same as the above.

In terms of actual resistance against bruteforce, read this document: electrum.readthedocs.io/en/latest/seedphrase.html#security-implications

khaled0111

legendary

Activity: 2506

Merit: 2832

Top Crypto Casino

Quote from: karusell22 on April 19, 2024, 06:03:16 PM

if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?

~~Ledger is a cold storage wallet. Even if you connect it to an online device, it will not reveal your seed/private keys.~~
Ledger generates the wallet seed and signs transactions locally. Ledger live or whatever supported wallet software you connect your ledger device to can't see your seed, it doesn't need it.
It's safe because the seed does never leave your ledger device.

edit: after reading LoyceV's reply bellow, I don't believe it's appropriate to classify Ledger as a cold wallet.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: _act_ on April 19, 2024, 05:51:53 PM

12 word seed phrase has 128 bits of entropy.
It is 24 word seed phrase that has 256 bits of entropy.

This is correct when it comes to a BIP39 seed phrase, but as OP mentioned electrum, I just want to add that in the case the seed phrase has been generated by electrum, it provides 132 bits of entropy if it contains 12 words and 264 bits of entropy if it contains 24 words.

_act_

hero member

Activity: 868

Merit: 1094

Quote from: karusell22 on April 19, 2024, 06:03:16 PM

Okay

and if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?

Hardware wallets are offline wallets. It means they are not connected to the Internet when you are using them to make transaction. But Ledgers wallets is one of the hardware wallets that I can not buy. You can go for the open source Trezor.

Edit: not all hardware wallets are offline wallets. Read what LoyceV said about it. https://bitcointalksearch.org/topic/m.63969475

karusell22

copper member

Activity: 16

Merit: 4

Okay

and if i want to use a hardware wallet like ledger is there any way to seteup the ledger without being connected to the internet as i dont to be connected to any network which could reach the WWW while generating the seed for it or is it unavoidable for the setup?

_act_

hero member

Activity: 868

Merit: 1094

Quote from: Zaguru12 on April 19, 2024, 05:41:03 PM

The seed phrase is said to be an encoding of 256 bits entropy

12 word seed phrase has 128 bits of entropy.
It is 24 word seed phrase that has 256 bits of entropy.

Quote from: Zaguru12 on April 19, 2024, 05:41:03 PM

If you’re looking at maybe since it’s a 12 seed phrase, then a 24 seed phrase might be safer then you’re not entirely wrong because the 12 seed phrase provides 128 bits of security while 24 seed phrase provides 256 bits of security, which makes it assume more safe. But since the private key also provides a 128bits security then the 12 word seed phrase is just as safe as the 24 word seed phrase

Let me complete it for you. Both 12 and 24 word seed phrases have 128 bitcoin of security. The reason I do not have to explain it is because you later explained it.

Zaguru12

hero member

Activity: 672

Merit: 855

Your seed phrases are safe just as you wish it to be safe. As long as the words as saved in a secure place without any word from the list been known, it is impossible for any brute force to actually crack it down. The seed phrase is said to be an encoding of 256 bits entropy that is there is 2^256 available seed phrases and at the moment nobody can brute force such thing. Watch this video to see how large the probability is, https://piped.video/watch?v=S9JGmA5_unY

The only thing brute force does is to disc ramble the words with some of the words know.

Quote from: karusell22 on April 19, 2024, 05:25:46 PM

i have some wallets with 12 seeds and im a bit uncertain if its really safe

If you’re looking at maybe since it’s a 12 seed phrase, then a 24 seed phrase might be safer then you’re not entirely wrong because the 12 seed phrase provides 128 bits of security while 24 seed phrase provides 256 bits of security, which makes it assume more safe. But since the private key also provides a 128bits security then the 12 word seed phrase is just as safe as the 24 word seed phrase

Ruttoshi

sr. member

Activity: 294

Merit: 267

Baba God Noni

Quote from: karusell22 on April 19, 2024, 05:25:46 PM

Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

The chance of someone to bruteforce 12 word seed phrase is very tiny, as long as all the words are unknown. It is when like 8 words are known, and some letters in the other four words are known that the it might be bruteforce. So you have nothing to fear about anyone being able to bruteforce your seed phrase. Any seed phrase that have been generated cannot be generated again by 100 computers put together.

Quote from: karusell22 on April 19, 2024, 05:25:46 PM

i have some wallets with 12 seeds and im a bit uncertain if its really safe

It is safe as long as you keep it away from third party.

Churchillvv

member

Activity: 66

Merit: 5

Eloncoin.org - Mars, here we come!

Whether it's a 12 word or 24 word seed phrase in terms of security they are both the same. If a 24-word mnemonic seed phrase is safe then a 12 word seed phrase too is safe.

In terms of brute forcing, its almost impossible for someone to guess the combination of your seed phrase out of the 2048 words in the mnemonic word list, where the problem lays is arranging them in the right order so it's currently considered impossible for now.

For now, you have nothing to worry about on how secured your seed phrase is but all you have to take responsibility of is keeping them safe yourself, hence it safe to a great extent.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Completely safe as of now. 12 words seed phrase are safe as long as you keep it safe.

karusell22

copper member

Activity: 16

Merit: 4

Im curios how safe is currently the 12 mnemonic seed phase for example of of electrum 12 words against bruteforce?

is it possible to get a hit if someone would use all words and has some capabilities have any success or is it safe as of now?

i have some wallets with 12 seeds and im a bit uncertain if its really safe

Topic: How Safe is 12-mnemonic seed Phase against brutefoce (Read 183 times)