Simple question:
If I get my 12 word phrase, what are the odds someone else gets it too? Is it easier to add a pass phrase?
The pass phrase will just make it that much harder to unlock the bitcoin right?
The odds are very low[1]. If you're too bored to do the actual math, LoyceV has debated this same issue at least sometime during 2017 with more detail[2]:If I get my 12 word phrase, what are the odds someone else gets it too? Is it easier to add a pass phrase?
The pass phrase will just make it that much harder to unlock the bitcoin right?
I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...
The number of possible words can vary per application, but let's assume there are 2048 possible words. That means using 2 words gives 2048*2048 or 2048^2 possibilities, 3 words gives 2048^3 possibilities, and 12 words gives 2048^12 = 5444517870735015415413993718908291383296 possible combinations.If you assume 1 billion people each use this system on 10 wallets, and you can brute-force 10 billion combinations per second, it'll still take you a trillion years to find a match. It's a lot easier to just find the next Bitcoin block, which is more valuable than most wallets anyway.
You can, however, add a passphrase to it if you want to increase security. The way that passphrases work is that if someone do manage to get your seed phrases once they "open" your wallet they won't find any BTC in there simply because that they don't know which passphrase you've used as an additional security layer. You can have multiple passphrases in a wallet, each of them pointing over to different amounts of BTC. As Trezor support page puts it[3]:Quote
Once the passphrase feature is activated on the device, you can provide any input of your choosing and it will be used to generate a completely new wallet. To access this hidden wallet repeatedly, you will have to use the exact same passphrase in combination with the recovery seed on the device. Using the same seed with a different passphrase will generate a different wallet. Using a different seed with the "correct" passphrase will generate a different wallet.
I do recommend watching the video if you prefer[4]. In sum, not having a passphrase is not bad, but if you want to add another security layer, why not?[1]https://bitcoin.stackexchange.com/questions/71692/how-many-combinations-are-there-from-the-bip32-mnemonic-list
[2]https://bitcointalksearch.org/topic/how-secure-are-12-word-recovery-phrases-2622497
[3]https://wiki.trezor.io/Passphrase
[4]https://www.youtube.com/watch?v=DR5SKuhF-50
