How easy is it to brute force an electrum wallet password?

[mcplums]

Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

[Mikestang]

Electrum wallet or email account, it doesn't matter, a password is a password is a password.  Check out https://www.grc.com/haystack.htm, might help you out.

Real words are about the easiest passwords to break, but ultimately is has to do with the characters that make up the password.

As ever, google has all the aswers: https://www.google.com/search?q=brute+force+password+time

[CryptKeeper]

Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.

[mcplums]

Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.

I don't think the seed has anything to do with this? I'm talking specifically about my electrum wallet password- NOT my seed.

My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

Re the first response, you are surely incorrect- brute forcing takes a different amount of time depending on what you want to brute force? I suppose the specific question I am asking is: on a reasonably powerful computer, how many microseconds does it take to test one password? If a billion can be tested per second that's a problem- but if ten can be, that's not.

[Abdussamad]

My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

I believe it's not really designed to withstand brute forcing from an attacker. Just a single pass of AES 256. Bitcoin core, for example, does a variable number of passes depending on how much CPU power you have.

[Bitdonator]

It depends on what kind of variation of characters your password is.

And on what kind of pc/computer (quick/slow) the atatcker has.

[criptix]

Hello hello,

I'm just wondering how strong, or how many 'bits of entropy' as you chaps like to say, my electrum wallet password should be.

If my password was just a dictionary word, would that make it trivial, or is it still a major undertaking to crunch all dictionary words?

Thanks chaps!

Extracted from their wiki at http://electrum.orain.org/wiki/Frequently_Asked_Questions#How_secure_is_the_seed.3F

How secure is the seed?
The seed created by Electrum has 128 bits of entropy. This means that it provides the same level of security as a Bitcoin private key (of length 256 bits). Indeed, an elliptic curve key of length n provides n/2 bits of security.

I don't think the seed has anything to do with this? I'm talking specifically about my electrum wallet password- NOT my seed.

My question is, if someone gets a hold of my wallet for whatever reason, how easy is it for them to brute force it?

Re the first response, you are surely incorrect- brute forcing takes a different amount of time depending on what you want to brute force? I suppose the specific question I am asking is: on a reasonably powerful computer, how many microseconds does it take to test one password? If a billion can be tested per second that's a problem- but if ten can be, that's not.

We are talking about billions of pw per second depending on the hardware.

The average time depends on characters used, lenght of password, repititions etc