Why you cannot enter an arbitrary seed in Electrum

[GODLIKE]

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

[1714620515]

1714620515

[1714620515]

1714620515

[1714620515]

1714620515

[jonald_fyookball]

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.

[GODLIKE]

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.

As I wrote: it's easy to put a check in it.
You press enter and there's no punctuation and no caps and the sentence is not long enough and various enough: the program won't accept it.
Easy.

[aakashsangwan]

Recently one of my friend's computer got hacked by downloading the exe file which was actually a keylogger and the hacker hacked his electrum seed key and now he is also operating his electrum address and what ever his address are receiving the bitcoins he is just simply withdrawing it.

So how can you help him to recover his old wallet from that hacker, can we change the seed pass phrase key . Please help me to recover that electrum wallet from the hacker as my friend is not have that much knowledge about the software 

[Decoded]

I believe that Electrum should be able to allow these seeds. Maybe there should be extensive warnings, but it should be allowed nevertheless.

I have a ledger wallet and Electrum, I want to be able to use both

[Financisto]

You can "input" custom seed to generate a BIP-32 Hierarchical Deterministic Wallet with this tool:

https://coinb.in

[cyberguy]

I used the wallet restore function and made a new wallet using a hexstring taken from the output of

echo -n "My own string"|sha256sum

in a linux conole. If a truly unique string (perhaps involving personal informtion) is used for "My own string" which can be easily remembered, (e.g. "cyberguy was born on the 29th of February 1976 in the middle of the atlantic") what are the security implications of this. Could this be considered an alternative for a "brain wallet"