Author

Topic: How secure are 12 word recovery phrases? (Read 260 times)

full member
Activity: 336
Merit: 102
December 22, 2017, 03:33:28 AM
#17
The chances are very close to 0. The amount of calculations needed for this is incredibly large. Suppose you already know the set of 12 words, but not their order. The number of possible permutations is 12! (12 factorial), which is 479001600.
So far you're correct, although the possibility of duplicate seed words would reduce the number of permutations.

I did not know that duplicates are allowed, never saw such a seed.

Quote
But there are much more words used for seeds. A meager set of 100 gives the number of permutations of about 9E157 (9 with 157 zeroes), and only millions of them correspond to existing wallets.
Wrong! You're talking about 100 different words that you have, but don't know the order for. 12 words out of 100 possibilities gives 100^12=10^24 possibilties. A 1 with 24 zeroes, you're a factor 9E133 off, which is (based on a high estimate) about 20 sexdecillion times more than the number of atoms in the universe. You, sir, added a new level to "you couldn't be more wrong" Cheesy

Well, my knowledge of combinatorics is a bit rusty, so I forgot to account for the set size. Still, even if there is a possibility to check 1000 combinations per second (and, AFAIK. key derivation and address check are actually much slower), checking all 1E24 combinations would require the amount of time orders of magnitude larger than the age of the universe.
full member
Activity: 1792
Merit: 186
December 21, 2017, 09:00:35 PM
#16
Where do you guys store your recovery phrase?  I mean if you store it somewhere physically, then what if someone finds it etc?  Do you have it in 2 different places?  However there is an issue with that in case something happens to one of it.  So do people do double backups?  Of course doing that increases more of it etc.


newbie
Activity: 13
Merit: 0
December 21, 2017, 07:03:47 PM
#15
Less secure than 24 word recovery phrases.

Each additional word makes the maths above stronger. The chances of getting a useful recovery phrase is already infinitesimal with 12 word phrases, it becomes even less likely with the addition of each word. Size does matter Wink
member
Activity: 154
Merit: 10
December 21, 2017, 02:53:48 PM
#14
It is basically another way to write down your private key.
Make sure you store it safely.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 21, 2017, 02:51:17 PM
#13
I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...
The number of possible words can vary per application, but let's assume there are 2048 possible words. That means using 2 words gives 2048*2048 or 2048^2 possibilities, 3 words gives 2048^3 possibilities, and 12 words gives 2048^12 = 5444517870735015415413993718908291383296 possible combinations.
If you assume 1 billion people each use this system on 10 wallets, and you can brute-force 10 billion combinations per second, it'll still take you a trillion years to find a match. It's a lot easier to just find the next Bitcoin block, which is more valuable than most wallets anyway.

I'm bored, I'll go over all replies to this thread:

To be honest, I made a normal text file, and later I copied it to external memory and to two other places outside of my personal computer (offline).
Did you only read the title?

How many words do we have? More than 150,000?
Most words are ignored for the list, to avoid confusion. For instance, Electrum uses "same", but not "sane". It uses "insane" again, which can't be confused with "same". It also excludes impractical long words, like "impractical".

To me i just save the 12 word seed in notepad and save after that i just make rar file included my 12 word seed in notepad.. with password..
You too didn't read more than the title. Either way, storing seed phrases in a txt-file is bad practice. Write it on paper, or at least use a password manager to store it.

The chances are very close to 0. The amount of calculations needed for this is incredibly large. Suppose you already know the set of 12 words, but not their order. The number of possible permutations is 12! (12 factorial), which is 479001600.
So far you're correct, although the possibility of duplicate seed words would reduce the number of permutations.

I assume the standard BIP0039 wordlist is used here. So you have 2048 words, repetition is also allowed.
Correct.

This article doesn't say the math is wrong, it says displaying the words is the weak link. And I'm pretty sure they are correct! Then again, you'll have similar problems on all other user security methods. Even if you write down your seed, put it in a safe, and store the safe in Fort Knox, it's still much more likely to be found by someone who gets physical access, than the odds of someone else creating the same seed.
jr. member
Activity: 56
Merit: 10
December 21, 2017, 11:36:18 AM
#12
There are some online creators which are great, mostly because coming from a person 12 thought words can be easily accessed by brute force attacks. I wouldnt suggest you to create your own 12 words
member
Activity: 350
Merit: 13
December 21, 2017, 11:34:43 AM
#11
Some say it isn't that secure
https://blog.edgesecure.co/why-a-12-word-mnemonic-is-an-insecure-bitcoin-wallet-backup-d56085da6c8d

In my opinion, it is harder to brute force a password if it has not only words and letters but also symbols.
Of course quantum computer could obliterate my opinion..

The article points out that Keyloggers and Screen capture malware are the biggest threat.
Well, this is more of a weakness on the computer and the user itself than the 12-word-mnemonic.

Even a 12000-word-mnemonic wouldn't be secure if you are already infected.
newbie
Activity: 36
Merit: 0
December 21, 2017, 11:29:36 AM
#10
Some say it isn't that secure
https://blog.edgesecure.co/why-a-12-word-mnemonic-is-an-insecure-bitcoin-wallet-backup-d56085da6c8d

In my opinion, it is harder to brute force a password if it has not only words and letters but also symbols.
Of course quantum computer could obliterate my opinion..
member
Activity: 350
Merit: 13
December 21, 2017, 11:27:07 AM
#9
I assume the standard BIP0039 wordlist is used here. So you have 2048 words, repetition is also allowed.

So you have a total of

2048! / (2048−12)! =  5271537971301488476000309317528177868800 permutations.

Well, good luck with landing on any wallets that have funds in.

It takes time to get the private key, derive the public key and addresses and then check them for balance.
sr. member
Activity: 350
Merit: 250
Bitcoin and co.
December 21, 2017, 10:45:42 AM
#8
the seedphrase is very secure and there is a minimum chance for anyone who wants to reveal it. Easier way how to get it from you would be stole it from your computer with any virus or just with remote control of your pc if you store it there.
full member
Activity: 336
Merit: 102
December 21, 2017, 03:52:59 AM
#7
The chances are very close to 0. The amount of calculations needed for this is incredibly large. Suppose you already know the set of 12 words, but not their order. The number of possible permutations is 12! (12 factorial), which is 479001600. But there are much more words used for seeds. A meager set of 100 gives the number of permutations of about 9E157 (9 with 157 zeroes), and only millions of them correspond to existing wallets.
legendary
Activity: 1638
Merit: 1046
December 21, 2017, 03:37:27 AM
#6
To me i just save the 12 word seed in notepad and save after that i just make rar file included my 12 word seed in notepad.. with password.. so that i can recover it in the future and upload in my drive in my gmail account..  for future recovery..
For me if your computer is safe in any viruses you are safe. .
newbie
Activity: 98
Merit: 0
December 21, 2017, 03:35:31 AM
#5
Chances are VERY VERY low. How many words do we have? More than 150,000? What are the chances that someone would actually land upon a wallet with the same words as you have? You have 12 words, if only 1 word out of those 12 is different, it would already be a different wallet. Not to mention the order of the words. etc. If 12 words wasn't safe enough the devs wouldn't have chose it.
im not talking about the chance they land on my wallet.

Its about they landing on any wallet. Out of the billions out there.
legendary
Activity: 4522
Merit: 3426
December 21, 2017, 03:07:30 AM
#4
I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...

Don't be lazy. Do the math. Assume 1 billion wallets and one trillion tries per second. Let us know what you come up with.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
December 20, 2017, 10:40:52 PM
#3
Chances are VERY VERY low. How many words do we have? More than 150,000? What are the chances that someone would actually land upon a wallet with the same words as you have? You have 12 words, if only 1 word out of those 12 is different, it would already be a different wallet. Not to mention the order of the words. etc. If 12 words wasn't safe enough the devs wouldn't have chose it.
sr. member
Activity: 629
Merit: 252
December 20, 2017, 08:19:53 PM
#2
I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...

To be honest, I made a normal text file, and later I copied it to external memory and to two other places outside of my personal computer (offline).
newbie
Activity: 98
Merit: 0
December 20, 2017, 07:55:38 PM
#1
I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...
Jump to: