Bitcoin Forum

How secure is a 12-word mnemonic phrase from brute force and hacking? Total 2048 words

Try brute forcing it and you will know how hard it is :).
There are multiple topics similar or same like this one on forum. Try searching.

But here is your TLDR:
You would need to guess the right one of 2048^12 combinations, 5.4445179 * 10³⁹ (5.4445179e+39).

And let's say that you can check 100 per day before you get bored, by that pace, you would need 5.4445179 * 10³⁷ days.

Good luck with that!

You can gather more information on Google if you try to search that question.

According to some result from Google the 2048 words pool make 11 bits of entrophy per word. So for 12 words seed phrase, it has 132 bits of entrophy and someone said that 128 bits of entrophy is considered enough as secured.

And someone said that it takes 1 million years to bruteforce or hack so 12 words seed must be secured.

Much better read the source from this link below

- Is 12-word seed phrase safe enough? (https://bitcoin.stackexchange.com/questions/38512/is-12-word-seed-phrase-safe-enough)
- Are 12-word Seeds for Bitcoin Private Keys Secure? (A Mathematical Adventure) (https://www.reddit.com/r/Bitcoin/comments/6twuj1/are_12word_seeds_for_bitcoin_private_keys_secure/)

I think you only have three options.

1. Store on the internet by creating a file of your seed and try to save like into cloud storage.
Dropbox and Google Drive.

2. You will store your seed phrase file with different devices/storage like your
Hard drive
Flash drive
Disk drive

3. Is one of the best and immune to hacking. Store in a paper wallet just write down the seed phrase and duplicate better if you made a lot of copies like more than three(3) to make sure you won't lose or forget the seed. Also, you can distribute it to your house.

I always do the third option the more you store offline the more your safe.

I think it should be permutations not a combinations of seed phrases since the repetition of words are allowed and the arrangements of words are necessary.

₂₀₄₈ P ₁₂ = 5.271537971 * 10 ³⁹

I think OP isn't talking about handling of seed phrases to reach an optimum security. Either way, storing your seed phrases online written on a plain text is a malpractice.

By hacking, do you mean storing seed digitally? If so, it's only as secure as medium you use (e.g. as secure as your computer), which is usually considered as bad practice.


Additionally you also need to check the generated seed match specific address you're looking for or one of it's address contain Bitcoin, which significantly reduce brute-force speed.


Additionally, the last word of mnemonic works as checksum you could change it to ₂₀₄₈ P ₁₁ and just use first 11 words to compute the checksum.

the last word contains the checksum but is not the checksum itself. in 12-word mnemonics, checksum is only 4 bits out of the 11 bits of the last word. even in 24-word mnemonics (the longest defined by BIP-39) only 8 bits out of 11 bits of the last word is checksum. so you can't compute the checksum, even with 1 missing word (last word) you still have to brute force it.

Half as secure as a 24 word seed, which for now, is sufficient.
To improve security, it is better to use multisig, not increase the difficulty to hack 1 seed.

it is like saying travelling to Pluto is harder than traveling to Neptune! while it is technically correct, but in reality it doesn't matter if one is harder than the other (or one entropy is bigger than the other) while both of them are impossible and will remain impossible in our lifetime.

Although it's from 2018, some useful numbers, explanations and links are also here: 12 word vs 24 word seeds (https://bitcointalk.org/index.php?topic=5078657.0)

It's quite funny to still see people think about hacking Bitcoin addresses, when Bitcoin (and the main wallets too) is this old and relies on funds' safety. Do they really think that nobody asked themselves the same questions years ago?

A 12 word seed phrase has 128 bits of entropy. The final 4 bits are a checksum.

1 million years is an understatement. Even if you could try 1 trillion combinations every second, it would still take over 5 billion billion years to try 50% of the possibilities.

It's actually the square root as secure as a 24 word seed. (2²⁵⁶)/2 is equal to 2²⁵⁵. (2¹²⁸)*2 is equal to 2¹²⁹. It is 2¹²⁸ * 2¹²⁸ which is equal to 2²⁵⁶.

that is true for BIP39 not for Electrum.
since the checksum concept is very different in Electrun, it starts by actually creating 132 bits of entropy then increment it one bit at a time until it finds a good entropy that results in the desired "checksum" (which is checking first couple of bits of HMACSHA512 of the entropy then discarding the calculated hash). then the mnemonic is created using all of that 132 bits.

https://github.com/spesmilo/electrum/blob/fc97181aa554a3f7bc0a50068f68a830286f8796/electrum/mnemonic.py#L202

i lost both things, password and seed in electrum. is there a way or someone can help me to crack or brute-force to login again in my wallet? i have 1.4 btc, i can pay 0.4 btc for crack my seed and password .
thank you

Do you have the wallet file? Do you have any idea what the password might be? If the answer to both of those questions is yes, then this is the best solution: https://github.com/3rdIteration/btcrecover/.

Follow the instructions on this page (https://github.com/3rdIteration/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial) to set up a password token file, provide a copy of your Electrum wallet file, and have the software try brute forcing every combination it can. Whether or not you are successful will depend on how complex your password is, how much of it you can or cannot remember, and the speed your computer can run the software.

If you cannot remember your password at all, you can still use the above program to just try to bruteforce every possible combination, but the chances of being successfully are incredibly small unless you password was very short.

Having said all that, the easiest way is going to be to find your seed phrase back up.

Bruteforcing the seed is not feasible.

Bruteforcing the password depends on how much information about the password you have.
Do you remember things like

• Minimum / maximum length of the password
• Chars you for sure have used
• Chars you for sure did not use
• Lower / Upper Case
• Char set (Numbers, special chars, ..)

Basically any information is extremely helpful.
If you password isn't too long or you still know quite a lot about it, bruetforcing it might be possible.

Its funny that you ask this because almost exactly 4 years ago, I had the same worry. So I made a similar thread

https://bitcointalk.org/index.php?topic=1716725

Did my own calculation there and had lots of replies that went into depth on pretty much coming to the conclusion that, its pretty safe. See the thread if you want more info.

I think Electrum is a great wallet. There was some Ledger email leak apparently and some phishing attack is going on. So in my opinion an offline electrum cold storage is a very very safe way to hold your bitcoins.