Topic: Passphrase wallet (Read 265 times)

Zedpastin wasn't talking about generating the same 12 words, which would obviously be 1 in 2¹²⁸, but rather generating a seed phrase made up of the same word 12 times. Since there are 2048 words, then there are 2048 possible seed phrases which are made up of the same word 12 times. Only 1 in 16 of these will be valid (give or take) due to the checksum, so that leaves 128 out of 2¹²⁸, which is the same as 1 in 2¹²¹.

I don't think that's right.
You are thinking in terms of "words" but you should be thinking in terms of the "entropy" itself.
In order to generate the same exact words you should generate the same exact entropy and that entropy (for 12 word mnemonic) is 128 bits so the odds are in fact 1 in 2¹²⁸.

You needed to do these before too. What you ensure is that your random number generator doesn't take part into the procedure of wallet's generation, which is kind of significant if you understand that there's no way to truly confirm it returns you random numbers. The other activities can be confirmed if someone wanted to rip you off.

Yeah, I forgot to say this. I included the possibility for someone to have just generate their wallet without the checksum verification. Almost all wallets do that, but I included they could have done it manually.

Yep, they're very large numbers.

---

@Zedpastin, no one is ever going to steal your money by brute forcing.

Depends on what you mean by "safer". If you mean that you don't trust your wallet to generate truly random entropy, then the method I would suggest would be flipping a coin 128 times. However, you still need to calculate the checksum, so will need to input your entropy in to some software since you cannot do that by hand, and you will still need to turn the resulting 132 bit number in to a seed phrase, which is prone to error if you are doing it manually, and you will still need to import that seed phrase in to some wallet software to generate private keys and addresses.

Time to be completely pedantic, but actually it's around 1 in 2¹²¹, rather than 1 in 2¹²⁸.

We know there are 2048 possible 12 word seed phrases which repeat the same word 12 times. Of these, we know that only 128 will have a valid checksum, since the checksum has 2⁴ = 16 possibilities. (Note that this is an average. I've not actually tested every seed phrase to see if we end up with exactly 128 valid ones.) So you have 128 (2⁷) possible seed phrases out of 2¹²⁸. 2¹²⁸/2⁷ = 2¹²¹.

Not that any of that matters. They are equally impossible.

If you don't have a hardware wallet? Download your non-custodial wallet, verify its signature, format the computer you'll generate the seed, run an open-source operating system (such as a Linux based) from a CD, disable internet connection, install the wallet there, generate the seed, write it down, eject the CD. Done.

If you feel your RNG will betray you, just roll a dice or toss a coin. That proves the source of randomness.

As I said above, it's 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. That's:

What is the safest way of generating a 12 word seed then? Is there any safer options than allowing the wallet to generate it? My steps would be offline computer, generate 12 words through wallet software and then store that seed offline on some paper than is stored in a vault.
I understand this is correct I have made this mistake in the past with using very long passwords when they were not needed because past 15 characters is usually too hard to brute force for any one and it makes it more complex for me.

Yes I understand that it is probably the least odds to generate the same word 12 times in a row but it is possible. I do not know the math it prolly is below 0.000001% chance but for the sake of being accused to be wrong I included it is possible but IRL it is not likely.

Sure, but any seed phrase with the same word 12 times in a row will not have been generated randomly but rather chosen manually, and any seed phrase chosen manually will be highly insecure.

You should never manually generate a seed phrase. If you want your seed phrase to be BIP39 compatible, then the words must come from the set wordlist of 2048 words.

A pointless task. Your seed phrase with more words or a bigger wordlist might be harder for someone to brute force compared to a standard seed phrase, but no one can brute force a standard seed phrase anyway. The resulting wallet and private keys it generates will not be any more secure.

What may not be clear from other comments is that the wallet that generates these seed words isn't actually selecting random words from the list. In reality it is generating a random entropy (a stream of bits) then encodes those bits to be human readable form which is represented by those words (so that you can easily write down words instead of bits).

Usually such encoding methods contain a checksum to quickly figure out mistakes if user entered wrong words in the future while recovering.

Each word represents 11 bits, and part of the last word is the checksum. So when you select random words, they are decoded to an entropy + checksum with the checksum having a high chance of being wrong.
12 words * 11 bits = 132 bits = 128 bit entropy + 4 bit checksum.

it is randomized and is a 12 word pass phrase for a reason. There are hundreds of thousands of words in the English language that people barely know most of them. Not to mention the combination of the words which could go up to billions. So if you're scared that someone might get to your precious account and take your hard-earned holdings, be at ease knowing that as long as they don't have a quantum computer at hand (not yet released in the public, sometimes existence is even debated if true or not). Your funds are safe. Which is why the system does the randomizing for us, so we don't have to use system of counting and randomizing like the Geiger's counter just so we can rest ease that no one with a full working brain could get to our bitcoins and assets in general. People who randomize the words for themselves risk letting their own heuristics and instinctive biases get a hold of their judgement which is very fatal in the crypto world. I am well aware that even if I don't know or notice, some biases tend to leak out of my decisions so for instances like these, I let the machines do the work for me

I am using a extreme example of if a seed was 12 of the same words in a row they will be attempted by amateur people trying to get into wallets. If you have a passphrase that is dog dog dog dog instead of cat dog cat cat someone is more likely to attempt dog dog dog dog and gain access. If you have a wallet which has a seed of dog dog dog dog dog dog dog dog dog dog dog dog then that is more likely to be cracked. I know the probability of that happening is very very unlikely but that is why random generation is more secure than choosing the words yourself. I only included "the only seeds that are guessed is repeated words" is for this example above and to save myself from being accused to be wrong. In the real world no one has a seed like that and if you did generate a seed like this you would generate another one.

I have never tried to manually generate a seed can you pick words which are not in the random list that wallets have or do you pick from the words already there? I think manually choosing a bigger database of words and then randomly selecting them could be safer. If the wallet seed generation has 100 words to pick from but allows custom words you could use 1000 words and then use a script that randomly chooses from that list which would make it more secure than if you used the wallet generation script.

Why do you say this? There is nothing inherently wrong with repeated words in seed phrases, and there is absolutely nothing in the code to prevent words being repeated in seed phrases. Assuming your seed phrase is generated truly randomly, then you have around a 1 in 31 chance of a 12 word seed phrase naturally containing the same word twice, and you have around a 1 in 8 chance for a 24 word seed phrase.

Sure, if your seed phrase contains the same word 4+ times, then it is probably because you have manually picked the words, but any seed phrase with manually chosen words will have very poor security.

Without any fancy calculations the chances are close enough to 0 you do not have to worry there has been no known collisions from wallet seeds. It is possible but the odds are very slim have you heard about people saying that to win the lottery you would have to be very lucky and you have a better chance to get striked by lightening than to win the lottery well guessing someone elses seed would be even more rare than winning the lottery. Think about it the lottery you only have to guess 6 numbers out of >50 numbers but with a seed you have to guess 12 words which are from a dictionary with hundreds of words. You do not have to worry about losing any funds because someone guessed your seed. The only seeds which are guessed would be ones which have repeated words.

No, you can't.

The final word in every seed phrase contains a checksum. If the checksum is not correct then usually the software you are using will not accept the seed phrase. By randomly picking words, you only have a 1 in 16 chance of selecting a word with the correct checksum for a 12 word seed phrase. This falls to 1 in 256 for a 24 word seed phrase.

But more importantly, selecting words yourself is a terrible way to generate a wallet, will massively decrease your security, and could easily lead to loss of funds. Don't do it.

Some address which start with a 3 are nested segwit addresses. Segwit moves part of the transaction data (the witness) to a separate section and counts it differently when calculating the weight of the transaction. Since these transactions now have a lower weight, they will pay a lower fee. Addresses which start with bc1 are native segwit addresses and will reduce the fee even further.

How come the fees for legacy addresses are so much high then addresses that start with a 3?

If you use an actual method that can produce random results then the answer is yes, you could just pick your seed words from the list of words and get a wallet that way.

However if you are going to do this simply by reading the words and then selecting them then this has an incredible bias and your selection will not truly be random so this is not recommended at all and if you do so you better accept the fact you could lose your coins by doing something like that.

So far every 12 words I've chosen have not opened a wallet

Humans are usually bad at randomness and good at repeating stuff, so randomly picking words from your brain or some list is not really random.
Easiest way would be using dices or cards, but I saw some crazy stuff people are doing with Geiger's counter recently, because radioactive particles are random.
This is one example of fun and extreme geek tech using python 3 script generating BIP39 mnemonic codes with random data coming from a Geiger counter, and other guy even added RaspberyPi, Audio interface and Americium 241 from a Smoke Detector  


https://twitter.com/danieldemercado/status/1437033277358022657?s=21
Github: https://github.com/danieldemercado/GeigerBIP39Generator

PS
My point is that true randomness is not easy like it seems, but you shouldn't use Geiger's counter for generating your bitcoin wallet if you are a newbie.

You can also randomly pick a number between 1 and 340,282,366,920,938,463,463,374,607,431,768,211,456, but I guess that doesn't sound neat. 

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

If you generate seed words randomly, correctly and offline, using standard words and backing them up in safe place, there is no chance someone else could guess them or unlock anything.
There is however always a chance you made a mistake with leaking your words or someone could steal them from you and spend your bitcoin.

Adding a passphrase is like adding a salt that adds extra layer of protection, but only if you keep it safe and separate from your seed words, this adds more complexity and more security.
You can have multiple passphrases but keeping them all together with backup phrase makes them useless, and losing any of your passphrase is permanent loses of coins associated with them.