ROFL !!! ... Tomorrow I will go buy and make my own! <3
But what happens if you lose 1 or the order of them?
... I guess its a guessing game then...
O(n!) for the order. If you totally lose the order, then it depends on how many of those precious washers there are to permute.
12! is only 479,001,600, easy for a computer to bruteforce search. 24! is an awful lot bigger, and would require over 2
79 work to bruteforce—say goodbye to your coins, unless you have a vast amount of supercomputing resources. For BIP 39 (not Electrum), the checksum bits can help to optimize the work that you do when searching; but you will still need to do the search.
(For comparison, the ordering of a deck of cards has 52! permutations, about 2
225.)
If you lose only a part of the order—say, if just a few washers fall off the end and scatter across the floor—then recovery will accordingly be easier.
What about dealing with a "losing one" scenario that STRF had mentioned?
You suggesting that "cool" people do not have the right (if that's an appropriate word choice?) to lose any of those 12, 18 or 24 washers?
Each washer that you totally lose means 2048 trial-and-error attempts to replace it,
if you still know the ordering of all washers (including the blank spots). That’s exponential, to the power of the number of lost washers.
Losing
one is easy to fix!
If you lose up to 3–4 washers, it should be feasible to recover your coins with a home PC and much patience. If you lose 5–6, recovery will be awfully expensive; it may still be worthwhile for a whale wallet. If you lose 7, I would guess that the NSA’s supercomputers could still recover your coins—maybe. If you lose 12, recovery will be
far beyond the combined capability of all computers on earth; that is why 12 words is the minimum seed length.
I myself use 24-word seeds, for to protect even against superintelligent space aliens with star-sized computers and a few billion years of spare time. But note that
Bitcoin’s public-key security level is the same level as that of a 12-word seed,
i.e. 128 bits. (Bitcoin uses 256-bit elliptic curve keys, but brute force is
not the best known way to attack that class of cryptography;
this is many orders of magnitude faster.)
If you lose the ordering
and lose some washers, then—eh, good luck, LOL!
You add the index number, possibly obfuscated (reversed order, as a simpler example)
get creative
I don’t think that obfuscation is in any way useful to protect you there. Indeed, it is more likely to frustrate you—after you forget how you obfuscated. Just rely on keeping the whole thing secret, which it
needs to be anyway.
Just seeing this for the first time. Damn, I like it. Though you probably want to research the properties of your washer material carefully, if you want for it to be fire-resistant, etc. Compare
Jameson Lopp’s trials of various seed-storage products.
Most importantly, this requires
no Bitcoin-specific hardware purchases that are usually infeasible to make anonymously. Inexpensive materials available at any hardware store, and maybe even already on-hand in your garage—excellent!
Final edit: Thinking over those numbers, and the BIP 39 use of a bit of PBKDF2, I am slightly revising down my estimates of how many lost washers you can recover. I am accustomed to thinking pessimistically from a defender’s perspective, and thus making somewhat liberal assumptions about what a cracker can do. Whereas I don’t want to dose people with hopium about how many lost seed words they can get back, realistically. Let’s put it this way: I would not be surprised if somebody can crack 4 words on high-end home PC hardware in a semi-reasonable time; but if you rely on doing that, you may be in for a lot of pain!
