Electrum: How can it be safe?

[QuietOne]

If in the future there was an easy way to brute force seed phrases, wouldn't your wallet be unsafe sometime in the future?

[DannyHamilton]

If in the future there was an easy way to brute force seed phrases, wouldn't your wallet be unsafe sometime in the future?

Yes, "if there was an easy way to brute force seed phrases", then your wallet would be unsafe.

Why do you believe that it will be any easier to brute force seed phrases than it is to brute force private keys?

[QuietOne]

If in the future there was an easy way to brute force seed phrases, wouldn't your wallet be unsafe sometime in the future?

Yes, "if there was an easy way to brute force seed phrases", then your wallet would be unsafe.

Why do you believe that it will be any easier to brute force seed phrases than it is to brute force private keys?

Shorter and composed of actual words, I think.

[DannyHamilton]

Shorter and composed of actual words, I think.

Ah, I just took a quick look at the Electrum website.  You are correct.  The Electrum Seed phrase is generated as 128 random bits.  A private key on the other hand is 256 random bits.  So apparently, once 128 bit keys can be brute-forced, then Electrum passphrases will be brute-forceable as well.  Personally, I'm not concerned about an ability to brute force a random 128 bit passphrase in my lifetime.  I suppose if technology does get close to that, then people with Electrum wallets will need to upgrade and move their coins to a new wallet with higher entropy passphrases.

[QuietOne]

Shorter and composed of actual words, I think.

Ah, I just took a quick look at the Electrum website.  You are correct.  The Electrum Seed phrase is generated as 128 random bits.  A private key on the other hand is 256 random bits.  So apparently, once 128 bit keys can be brute-forced, then Electrum passphrases will be brute-forceable as well.  Personally, I'm not concerned about an ability to brute force a random 128 bit passphrase in my lifetime.  I suppose if technology does get close to that, then people with Electrum wallets will need to upgrade and move their coins to a new wallet with higher entropy passphrases.

So the endgame for those types of wallets would be to send all coins to a different wallet, incurring a transaction fee? I'd assume if you could regenerate it from a seed, the master key would be compromised.

[noeatnosleep]

Honestly, using normal hardware available non-commercially, it would take you approximately a year to bruteforce a 10 didget alpha-numeric dual-case pass phrase's hash, and that's if you actually have the hash, and it's not salted.. I think we'll be fine for a while. =)

[DannyHamilton]

So the endgame for those types of wallets would be to send all coins to a different wallet, incurring a transaction fee? I'd assume if you could regenerate it from a seed, the master key would be compromised.

Yes.  Depending on the size of the transaction and the popularity of bitcoin at the time a fee may or may not be required.  If a fee is required, it may or may not be large enough at that time to be of concern to the individual making the transfer.  But, any bitcoins left behind at an address that resulted from a cracked (or otherwise compromised) seed phrase would be vulnerable.  The only way to be sure that the funds were secure would be to transfer them to a new address that was not derived from the compromised seed.

[DannyHamilton]

it would take you approximately a year to bruteforce a 10 didget alpha-numeric dual-case pass phrase's hash

10 character pass phrase??  That's only something like 64 bits.

Electrum uses 128 bits.  That is a HUGE difference. 

[noeatnosleep]

You're absolutely correct.

I was simply using a 64 bit password hash to illustrate that a 128 bit brute force isn't exactly a walk in the park. You would have to *really* want to get in there, and have lots of time to do it.

[flatfly]

You're absolutely correct.

I was simply using a 64 bit password hash to illustrate that a 128 bit brute force isn't exactly a walk in the park. You would have to *really* want to get in there, and have lots of time to do it.

Just to add my 2 cents: if by "lots of time" you mean "10 times the age of Earth" you would still be underestimating how long it takes on average.

[ThomasV]

I suppose if technology does get close to that, then people with Electrum wallets will need to upgrade and move their coins to a new wallet with higher entropy passphrases.

Exactly. If a technological breakthrough, such as quantum computing, was even remotely threatening 128 bit seeds, we would upgrade immediately.
The same is true for Bitcoin addresses, which have 160 bits of entropy.

btw, thank you OP for the fear mongering thread title.

[romerun]

If the technology reaches that point we pry have other bigger problems to worry about.

[noeatnosleep]

Yeah, like completely abandoning everything we know about cryptology. Lol.