24 word seed?

[Mbidox]

I understand, that a bitcoin private key is about 256 bit. So it is unable to hack it at the moment.
I understand, that a 12 word seed of Electrum is 128 bit. This is also unable to hack at the moment. But 256 bit is much more than 128 bit.

So if anybody anytime in the future will be able to hack a 128 bit, he could steel a wallet and gets also the 256 bit private key from this wallet. So the seed does cave the 256 bit security of the bitcoin system with a 128 bit security.

Question 1:
I can not understand why electrum is designed this way. (Yes I know, other Wallet seeds are also 128 bit. This is not only up to electrum.)
Is this only for convenience? We have to write down and preserve 12 instead of 24 words. Or is there an other reason?

Question 2:
Is there a way to generate a 24 word seed with electrum?

Thank you for an answer.

[1715067610]

1715067610

[1715067610]

1715067610

[1715067610]

1715067610

[1715067610]

1715067610

[HCP]

Answer 1:
The seeds are for creating at least 128 bits of entropy, as per BIP39 specifications...

The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.

Just because you can "hack 128 bit" does not mean someone could come along and "steal a wallet"... anyone is free to generate all combinations of 12 word seeds right now, the wordlist is publicly available... but you don't see HD wallets being stolen left and right do you? Besides, I don't believe there is a way to reverse engineer anything in most wallets to allow someone to extract a properly encrypted seed (most wallets use AES256 to encrypt these things)... so you're pretty much covered by "256 bit" anyway

Answer 2:
You can click the "Options" button when the seed is displayed... and choose the "extend seed with custom words"... then add in 12 extra words... they don't even have to be from the wordlist... However, humans are really bad at picking random stuff... so maybe generate a 12 word seed, write it down... then don't complete that wallet... generate a new 12 word seed and add the first 12 word seed as "custom words"... et voilà a "24 word seed"

[Abdussamad]

In addition to what HCP said you can also generate a custom seed of 24 words using the command line option make_seed:

Code:

abdussamad@linux:~/temp/electrum/multisig_testnet> electrum make_seed --nbits 256 
rack spoon almost tissue wool area odor number matter home zero market cup baby gate idle spin okay net robust crane corn enrich address

`electrum help make_seed` will have more information

[HCP]

Which means that you can do this from within Electrum as well... I just tested on the Electrum console tab:

Code:

>> make_seed(256)
"kid thrive stove name envelope elite lottery inject huge federal tank inject hurry kit luggage ivory inside turkey decade hamster make child love image"
>> 

Thanks for the tip Abdussamad... that is really useful!  There are so many 'undocumented' (or poorly documented) commands available

[Mbidox]

@HCP and @Abdussamad

Thank you for teaching how to generate a 24 word seed. It's great that we can do it.

Nevertheless: It is only for interesst: I can still not understund why a 24 word seed is not the standard in Electrum and other wallets.

Just because you can "hack 128 bit" does not mean someone could come along and "steal a wallet"...

Why not? Someone who is able to "hack 128 bit" can check through each combnation of a 128 bit seed. And as it is public how the private key are calculated through the seed, he can check if there are used adresses with each seed. Nobody would try to check directly all ca. 256 bit private keys, if he know that mostly all keys are generated with a 128 bit seed. So 128 bit is unable to hack now, but 256 bit is much more unabler to hack. So I do not understand, why commen wallets make a 128 bit security from a nativ 256 bit security bitcoin system.

[Abdussamad]

128 bit is considered secure. 256 bit only adds computational overhead. That's why we just use 128 bit seeds.

You are free to use 256bit seeds for your wallet.