My program allows you to do the search for the proper seed if you know words but do not know the order (+ other use cases of course).
https://github.com/PawelGorny/lostword
Yu may launch one of examples to see how it works - for 9 words in wrong order the result is quite fast:
https://github.com/PawelGorny/lostword/blob/master/examples/example_22.conf
Soft works for both ETH and BTC (with different derivation paths), so you may play a little.
There is also another worker, which just saves all the possible seeds into file, but number of correct seeds is insane and I cannot imagine why and how one would like to test them. If you do not know the target address, it makes things much more difficult.
Topic: Order of Seed Phrase (Read 172 times)
-snip-
As you may know, the seed phrases are just a more convinent way to represent your Private Key, meaning that behind these carefully placed seed words is a private key, which is the "master" key of your wallet and that it will be used to generate all your addresses. If we use a tool that allows us to see the private key "behind" those seed phrases - such as TP's Brainwallet[2] - we get the following private key (based on the previous seed phrases): -snip-
Nice "Brainwallet" explanation but the seed phrase works entirely different.As you may know, the seed phrases are just a more convinent way to represent your Private Key, meaning that behind these carefully placed seed words is a private key, which is the "master" key of your wallet and that it will be used to generate all your addresses. If we use a tool that allows us to see the private key "behind" those seed phrases - such as TP's Brainwallet[2] - we get the following private key (based on the previous seed phrases): -snip-
Brainwallet basically hashes the seed phrase (Brainwallet calls it passphrase) to get a 256bit result which will be used as the private key.
In BIP39, wrong arrangement will result with invalid seed phrase due to a wrong checksum.
In Electrum, wrong arrangement will invalidate the result because it will produce an invalid seed "version number".
So, does that mean that if Electrum disappeared from the face of the earth, that a tool, such as Ian Coleman's BIP39 tool https://forkdrop.io/using-ian-colemans-bip-39-tool would permit recovery of the private keys?
Not quite. Electrum seed phrases are different from BIP39 seed phrases, and so Ian Coleman's tool will not recover Electrum seed phrases as it stands. However, the differences are minimal, and a couple of tiny changes to the code will make Ian Coleman's tool work with Electrum seed phrases. There are also a couple of other wallets, such as Blue Wallet, which support the recovery of Electrum seed phrases.However, Electrum will never "disappear" from the face of the Earth. The number of people storing coins in Electrum wallets and Electrum seed phrases is huge. Even if the main website disappeared, dozens of alternative hosting sites would pop up hosting the latest version for download.
Thanks to all for the clear explanations.
So, does that mean that if Electrum disappeared from the face of the earth, that a tool, such as Ian Coleman's BIP39 tool https://forkdrop.io/using-ian-colemans-bip-39-tool would permit recovery of the private keys?
So, does that mean that if Electrum disappeared from the face of the earth, that a tool, such as Ian Coleman's BIP39 tool https://forkdrop.io/using-ian-colemans-bip-39-tool would permit recovery of the private keys?
Your seed phrase is simply an encoding of a number. Asking if the order matters is the same as asking if the order of digits in a number matters. The numbers 123,456,789 and 789,456,123 are clearly very different numbers, just as the same seed phrase words in a different order would produce very different numbers.
Just as the order of numbers in your credit card or its PIN matter, so too do the order of words in your seed phrase.
If you combine missing words with a scrambled seed phrase, then things become exponentially harder. A scrambled 12 word seed phrase with even 1 missing word turns the brute force time from hours to months. Scrambled plus 2 missing words and it is essentially impossible.
A 24 word scrambled seed phrase is also essentially impossible to brute force.
Just as the order of numbers in your credit card or its PIN matter, so too do the order of words in your seed phrase.
but if I remember correctly I think that more than 4 lost words (or maybe 5) are an almost impossible mission.
There was this guy - https://medium.com/@johncantrell97/how-i-checked-over-1-trillion-mnemonics-in-30-hours-to-win-a-bitcoin-635fe051a752 - who managed to brute force 4 words by writing custom code and renting cloud computing. So possible, but out of reach of the average user. If you use his numbers but go for 5 words, it would have taken him 7 years and cost him >$700,000.If you combine missing words with a scrambled seed phrase, then things become exponentially harder. A scrambled 12 word seed phrase with even 1 missing word turns the brute force time from hours to months. Scrambled plus 2 missing words and it is essentially impossible.
A 24 word scrambled seed phrase is also essentially impossible to brute force.
Is the order of the 12 words in the seed phrase important?
If you have ever created such a crypto wallet, then you must have noticed that any serious wallet will warn the user that it is extremely important that they write their words in the correct order as they are shown. Many for some reason mix up these words (for safety's sake), but then forget the right order afterward - fortunately, there is a way already mentioned that can correct this.
What is much more important is that you do not lose part of your seed, so even then there is a possibility that you can find them out by brute force method - but if I remember correctly I think that more than 4 lost words (or maybe 5) are an almost impossible mission.
To complement Rath_ reply, let me show you how your private address changes based on the order of your seed phrase. Let's assume the following:
EDIT: If you're interesting in the checksum section, the previously linked website also has a tool[4] that let's you see that the public key for each private key shown before. Enter the private key on the field Private ECDSA Key and the public key will appear right next to it - on the Public ECDSA Key field.
As a closing remark we can - in a very simple matter - represent the process behind generating addresses like this:
[1]https://www.blockplate.com/pages/bip-39-wordlist
[2]https://gobittest.appspot.com/Brainwallet
[3]https://bitcoin.stackexchange.com/questions/32353/how-do-i-check-the-checksum-of-a-bitcoin-address
[4]https://gobittest.appspot.com/Address
- we are using the BIP39 Word list[1] to choose our seed words
- We are going to "generate" 12 words
Code:
tide recipe tool client camp clerk maze change nephew destroy elbow loud
As you may know, the seed phrases are just a more convinent way to represent your Private Key, meaning that behind these carefully placed seed words is a private key, which is the "master" key of your wallet and that it will be used to generate all your addresses. If we use a tool that allows us to see the private key "behind" those seed phrases - such as TP's Brainwallet[2] - we get the following private key (based on the previous seed phrases):Code:
218A23AEC2D8590C94D29E561D7BE734A696F5FA1ACD77A3B85321536D624704
This generates the following address:Code:
1HGTrcYytcf6KzGeN9Qu2VQ7HMmkBUNLyi
However, if I just switch the order of the first and the last word in my previous list like this:Code:
loud recipe tool client camp clerk maze change nephew destroy elbow tide
We get a totally different private key:Code:
0E424F2BBF5C82CE2A5EBCBFA3C1196988F245F55A92175F058390B1DB4D0326
With a totally different address:Code:
18Vmh59S7EnKHwFaawmphUNbGoe2NsUbXh
This would result in a totally different wallet whose addresses wouldn't be "connected" at all with your previous ones even though you've "just" switched two words. The way that the "system" checks if your address is valid is by check sum - You can understand a bit more about the "math" behind it in this graph (taken from here[3]):EDIT: If you're interesting in the checksum section, the previously linked website also has a tool[4] that let's you see that the public key for each private key shown before. Enter the private key on the field Private ECDSA Key and the public key will appear right next to it - on the Public ECDSA Key field.
As a closing remark we can - in a very simple matter - represent the process behind generating addresses like this:
Quote
Seed phrase -> Private Key -> Public Key -> Public Address
-> Represents derivation from the previous concept
Each time you "generate" a new address you're basically building a new private key and public key, which were themself "born" from your own and unique seed phrase.-> Represents derivation from the previous concept
[1]https://www.blockplate.com/pages/bip-39-wordlist
[2]https://gobittest.appspot.com/Brainwallet
[3]https://bitcoin.stackexchange.com/questions/32353/how-do-i-check-the-checksum-of-a-bitcoin-address
[4]https://gobittest.appspot.com/Address
Is the order of the 12 words in the seed phrase important?
Yes, it is. You won't be able to recover your wallet if you mess up the order of the words. If someone finds all of your words in a scrambled order then that person needs to check 12! (479001600) seed phrases in the worst case. It should take only a few hours on a modern PC with a mid-tier CPU using a tool like btcrecover.
Is the order of the 12 words in the seed phrase important?
Jump to: