Are the 12 worded seeds really secure from Brute force?

[HCP]

I have it running now but the only problem I see is that I need it for BCH, not BTC so I wonder if it will work. I tried to put in the new style BCH address but it gave an error. I found the "legacy" address for the BCH address so I used that and it ran. One thing I had to do was add 2 more words to my seed to make the program run. I guess it won't fill in the blanks. lol I'll report back when its finished.

You shouldn't need to add in 2 words... it should detect that your seed is short and add words as required. The only issue is that by default, I think seedrecover may only look for ONE completely incorrect word

Which wallet was your seed from? You might find that the "seedrecover" script will fail to find your correct seed, as it is setup for BTC and ETH... so the derivation path it defaults to is the BIP44 derivation path for BTC which is m/44'/0'/0'/0... unfortunately, you most likely need to use the derivation path: m/44'/145'/0'/0 to find your BCH address.

You can try running it using the --bip32-path parameter to force it to the BCH derivation like this:

Code:

./seedrecover.py --bip32-path "m/44'/145'/0'/0/"

If you find that it doesn't search for 2 incorrect words, you may or may not also need to add the following argument: --big-typos 2

It will likely generate MILLIONS AND MILLIONS of possible combinations if you use --big-typos 2... as I don't think you can specify where the missing words are. It'll test ALL combinations.


I have another possible solution. It's a custom python script that I hacked together that lets you specify the location of missing words like this:

Code:

python find_missing_seed_word.py sketch hockey elbow property symptom peanut genre bubble popular inherit x x

It'll try all the different combinations of valid words, replacing the x's, looking for valid seeds.

It isn't terribly difficult to use, but it doesn't automatically search the output for possible addresses. It just generates 100 addresses for each valid seed that it can find... and you can then search the files looking for a matching address.

[Cobalt9317]

In short 12 words seeds is unhackable, unbreakable, uncrackable and you can also add a custom words on your seed.
But a password for a privatekey is crackable in practice/theory.

[adaseb]

In short 12 words seeds is unhackable, unbreakable, uncrackable and you can also add a custom words on your seed.
But a password for a privatekey is crackable in practice/theory.

If the password is short then yes, but if its a very long password then most attackers would probably give up.

Either way, most people get their BTC stolen because they not only use a weak password but they usually keep their 12 worded seeds written down somewhere on their computer or leave it in their email or cloud storage. Even though there is a warning when you create a BTC electrum wallet to never have those words stored digitally.

[userpike0]

I have it running now but the only problem I see is that I need it for BCH, not BTC so I wonder if it will work. I tried to put in the new style BCH address but it gave an error. I found the "legacy" address for the BCH address so I used that and it ran. One thing I had to do was add 2 more words to my seed to make the program run. I guess it won't fill in the blanks. lol I'll report back when its finished.

You shouldn't need to add in 2 words... it should detect that your seed is short and add words as required. The only issue is that by default, I think seedrecover may only look for ONE completely incorrect word

Which wallet was your seed from? You might find that the "seedrecover" script will fail to find your correct seed, as it is setup for BTC and ETH... so the derivation path it defaults to is the BIP44 derivation path for BTC which is m/44'/0'/0'/0... unfortunately, you most likely need to use the derivation path: m/44'/145'/0'/0 to find your BCH address.

You can try running it using the --bip32-path parameter to force it to the BCH derivation like this:

Code:

./seedrecover.py --bip32-path "m/44'/145'/0'/0/"

If you find that it doesn't search for 2 incorrect words, you may or may not also need to add the following argument: --big-typos 2

It will likely generate MILLIONS AND MILLIONS of possible combinations if you use --big-typos 2... as I don't think you can specify where the missing words are. It'll test ALL combinations.


I have another possible solution. It's a custom python script that I hacked together that lets you specify the location of missing words like this:

Code:

python find_missing_seed_word.py sketch hockey elbow property symptom peanut genre bubble popular inherit x x

It'll try all the different combinations of valid words, replacing the x's, looking for valid seeds.

It isn't terribly difficult to use, but it doesn't automatically search the output for possible addresses. It just generates 100 addresses for each valid seed that it can find... and you can then search the files looking for a matching address.

When I get some free time I will try out those possible solutions. Thank you! The seed key is from Guarda Wallet for BCH it's a mobile phone Android app wallet.

[userpike0]

no go. Even after I put that command in it still asks for which standard and wallet type etc. I have contacted Guarda to ask them what standard they use for the 12 word seed key that is generated before you can use their wallet. I tried the --big-typos 2 also and the cmd window would just close.


There seems to be a checksum checker for the seeds in btcrecover, maybe it could be modified to produce all the 12 word seed keys with correct checksums that would use the partial seed key inputted into the app

So ideally it would produce every possible 12 word seed key with a correct checksum only utilizing in my instance the 10 words I gave it to use.

[HCP]

So ideally it would produce every possible 12 word seed key with a correct checksum only utilizing in my instance the 10 words I gave it to use.

That's pretty much what my script does... it simply checks every combination of words and when it finds valid ones, outputs a text file with 100 receive addresses and 100 change addresses and their private keys... So you end up with hundreds of files like this: https://pastebin.com/WeBPkxjN

This way, you can simply do a search in each file looking for a known address:

Code:

find . -name "keys_*.txt" | xargs grep 1BdvycQtKNAt89r6nUPtekb45NsR1YTy3o

gives:

Code:

./keys_7.txt:1BdvycQtKNAt89r6nUPtekb45NsR1YTy3o

It isn't anywhere near as polished or user-friendly as the btcrecover and seedrecover scripts... and you'd need to edit the source code to set the derivation path if you want to change it... and it'll probably take quite a while to check all the combinations of 2 missing words and output hundreds of files... but it *should* work.

Source code is here: https://pastebin.com/3veBTLFg

You run it by passing the "known" seed words... and use an "x" for missing word(s):

Code:

python find_missing_seed_word.py sketch hockey elbow property symptom peanut genre bubble popular inherit x x

or

Code:

python find_missing_seed_word.py sketch hockey elbow x symptom peanut genre bubble popular inherit x adult

etc etc...




NOTES:
- This script will NOT work if you don't know the position of the missing words
- There will probably be some Python library dependencies (like "bitcoin") that you might need to install... use pip
- if anyone wants to use this with a derivation path (it is currently set to m/44'/145'/0' for BCH)... you need to change the lines 466-469:

Code:

        #m/44'/145'/0'/0 - Receive
        xprvReceive = bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(xprv, 44 + 2**31), 145 + 2**31), 2**31), 0)
        #m/44'/145'/0'/1 - Change
        xprvChange = bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(xprv, 44 + 2**31), 145 + 2**31), 2**31), 1)

For instance, if you wanted to use BTC (m/44'/0'/0') you would need to change to:

       #m/44'/0'/0'/0 - Receive
        xprvReceive = bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(xprv, 44 + 2**31), 2**31), 2**31), 0)
        #m/44'/0'/0'/1 - Change
        xprvChange = bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(bitcoin.bip32_ckd(xprv, 44 + 2**31), 2**31), 2**31), 1)