Bitcoin Forum
April 22, 2018, 02:48:27 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [All]
  Print  
Author Topic: 21 word seed got exposed, is it bad ?  (Read 230 times)
simplyred
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
March 04, 2018, 11:01:29 PM
 #1

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

thanks
1524408507
Hero Member
*
Offline Offline

Posts: 1524408507

View Profile Personal Message (Offline)

Ignore
1524408507
Reply with quote  #2

1524408507
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524408507
Hero Member
*
Offline Offline

Posts: 1524408507

View Profile Personal Message (Offline)

Ignore
1524408507
Reply with quote  #2

1524408507
Report to moderator
1524408507
Hero Member
*
Offline Offline

Posts: 1524408507

View Profile Personal Message (Offline)

Ignore
1524408507
Reply with quote  #2

1524408507
Report to moderator
dimasinteger
Newbie
*
Offline Offline

Activity: 13
Merit: 1


View Profile
March 05, 2018, 12:00:11 AM
 #2

Not sure! but I would still move my wallet to a different one just to feel safe!
but If I were you, I would do 18 or 20 for paper and the rest for my brain Smiley

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 980
Merit: 1061

bc1qdj5v2q8p398rdy6sexc0fapk4hcq0p54xz56ez


View Profile
March 05, 2018, 12:39:02 AM
 #3

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

thanks


No. It'd be fairly easy (if they could work out what it was of course).

Your best bet would be to go with 12 words and then the other 12 words (if you input them the wrong way, it'll be rejected by the ledger nano anyway.

simplyred
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
March 05, 2018, 01:53:42 AM
 #4

Im just thinking, lets say there are 5000 words, then it would take long time to get these 3 right word in the right order, no ?
HCP
Hero Member
*****
Offline Offline

Activity: 574
Merit: 722

<insert witty quote here>


View Profile
March 05, 2018, 02:13:52 AM
Merited by bones261 (1), LoyceV (1)
 #5

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?
It depends on whether or not the order is known... for instance, if the attacker knew that they had words 1-21 or 4-24 (ie. the first 21 or the last 21 words) and were simply trying to find the missing 3 words... then the number of possible combinations would only be:

2048 * 2048 * 2048 = 8,589,934,592

Which really isn't a lot at all... and a simple script would crack that in minutes.

However, if the attacker had no clue as to the position of the missing words... ie. you'd taken 3 words from position 3, 17 and 23, but there was no indication of position/order of words on the paper (ie. they're not numbered)... then things become a lot more complicated. The number of combinations the attacker would need to test increases by several orders of magnitude and it would require a lot more work. It's possible the time required would extend to hours or days or years. I'm not not sure of the actual math... possibly something like:

(2048 * 24) * (2048 * 24) * (2048 * 24) = 118,747,260,000,000+ combinations (note, I'm very tired, so this math is probably really wrong Tongue)

Having said that... if you knew that your 21 words had been compromised, you should immediately generate a new seed and move all coins from the old wallet to the new one and then "burn" the old wallet/seed...



Im just thinking, lets say there are 5000 words, then it would take long time to get these 3 right word in the right order, no ?
There are 2048 words for BIP39 seeds: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

bob123
Sr. Member
****
Offline Offline

Activity: 532
Merit: 380



View Profile
March 05, 2018, 11:44:33 AM
Merited by DarkStar_ (2), bones261 (1)
 #6

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

If the position of these words is known, then yes. Definetely crackable. Within a short timeframe.



However, if the attacker had no clue as to the position of the missing words... ie. you'd taken 3 words from position 3, 17 and 23, but there was no indication of position/order of words on the paper (ie. they're not numbered)... then things become a lot more complicated. The number of combinations the attacker would need to test increases by several orders of magnitude and it would require a lot more work. It's possible the time required would extend to hours or days or years. I'm not not sure of the actual math... possibly something like:

(2048 * 24) * (2048 * 24) * (2048 * 24) = 118,747,260,000,000+ combinations (note, I'm very tired, so this math is probably really wrong Tongue)


If an attacker had 3 (out of 24) words without knowing any particular spot/order the amount of combinations would be:

Amount of 'iterations' when choosing 3 position out of 24 to guess (24 choose 3) = 2024 (without any order of these 3 words) -> (2024 * 3!) = 12 144 (considering all possible orders)

Now for each of these iteration you need to check 21 positions with 2048 words (204821) = 3,45087317 * 1069 combinations.

To sum it up: 12 144 * 3,45087317 * 1069 = 4,19074038 × 1073 would be the amount of combination.
Thats just slightly below the 2,96427748 × 1079 combinations from the full 24 words. Still considered safe.




Just saw its mentioned the other way around  Roll Eyes

With 21 out of 24 words known you have 2024 possibilities to chose the position of the word -> multiplied with 3! ->  12 144 combinations to check.

Now each of those combinations has 20483 possibilities to get 'filled' -> 20483 * 12 144 = 104 316 165 685 248 combinations an attacker had to check.


I would say this is definetely possible to crack.
If you aren't sure whether your seed got compromised (or if you are sure it got somehow lost/compromised) you should create a new wallet/seed ASAP.


cellard
Legendary
*
Offline Offline

Activity: 980
Merit: 1052


View Profile
March 05, 2018, 04:07:48 PM
 #7

It's specially bruteforceable because seeds use common words which means brute forcing software has an easy time with that since they use dictionary attacks. If you were using weird words that don't exist including special characters, then 3 of these "words" would be a pain in the ass for bruteforcing software.

If I depended on a seed I would definitely split it in two, but an attacker will easily realize that you are splitting a seed when he finds out random words here and there, and he will just join them, so keep them separated with different passwords if you are storing them digitally.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
Vladv26
Full Member
***
Online Online

Activity: 255
Merit: 100


Secure, scalable blockchain that actually works


View Profile
March 06, 2018, 11:28:57 AM
 #8

Any information about the wallet could help a hacker to crack your wallet, I doesn't really matter if it is one word or a number. Also you have have now exposed publicly that you phrase is compose out of 24 words so if the hacker finds your ip he could know you made a post on this forum about your wallet and finds out what exactly to look for.

I recommend you to move all your coins to another wallet that is not related at all with your old wallet(email, password, any words). This should be safe enough.

simplyred
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
March 06, 2018, 01:56:11 PM
 #9

Any information about the wallet could help a hacker to crack your wallet, I doesn't really matter if it is one word or a number. Also you have have now exposed publicly that you phrase is compose out of 24 words so if the hacker finds your ip he could know you made a post on this forum about your wallet and finds out what exactly to look for.

Its writen on a paper, its a seed that i wrote down on a paper. and it is possible that a person saw it, but i am not that sure. but i have already moved my coins so its ok.

thanks everyone for the answers.
simplyred
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
March 06, 2018, 02:00:12 PM
 #10

but the thing is i just cant see how it would be easy to find some 3 word in the exact right order. That would be so many possibilities.
bob123
Sr. Member
****
Offline Offline

Activity: 532
Merit: 380



View Profile
March 06, 2018, 02:19:19 PM
 #11

I doesn't really matter if it is one word or a number.

It does matter whether its a word or a number. This determines the searching space and therefore the amount of time you have to invest to crack that wallet.



Also you have have now exposed publicly that you phrase is compose out of 24 words

Most modern wallets use either a 12 or 24 word seed. Thats not an information which is hidden anyway.



so if the hacker finds your ip he could know you made a post on this forum about your wallet and finds out what exactly to look for.

For huge amounts thats true. But the average joe with a few btc shouldn't care too much about such targeted attacks.
It would be way more lucrative to just steal cryptos with malware.

HCP
Hero Member
*****
Offline Offline

Activity: 574
Merit: 722

<insert witty quote here>


View Profile
March 06, 2018, 10:41:37 PM
 #12

but the thing is i just cant see how it would be easy to find some 3 word in the exact right order. That would be so many possibilities.
Because, as previously explained, the word list is known: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

There are only 2048 words in this list... so the total number of combinations is "only": 2048 * 2048 * 2048 = 8,589,934,592 combinations.

While that might look like a large number (and it is, if you're attempting to test them manually), computers are particularly good at doing repetitive things quite fast... a simple python script can generate all of those combinations in a matter of hours (if not minutes)

Additionally, not ALL combinations are actually valid seeds, the last word is a form of "checksum"... so the number of VALID seeds is actually a LOT less than the total number of combinations... for instance, I ran a script I use for finding missing seed words... I stopped it after it had tested a little over 500,000 combinations (in about 3 or 4 minutes)... it had only found 1960 valid combinations.

The real time consuming part is actually converting these seeds to addresses and checking if they have any BTC value (or match a known address)... It would no doubt take days to check all combinations for a match when trying to find the missing 3 words... but it would certainly be doable in a "reasonable" amount of time.

However, if the order/position of the words is not known, the difficulty increases by a significant amount... as the number of combinations that need to be checked increases by orders of magnitude.

boy130
Sr. Member
****
Offline Offline

Activity: 434
Merit: 263



View Profile
March 06, 2018, 10:48:50 PM
 #13

Did they see the words in the correct order, and do they have a copy of the words to hand? If so, your wallet is probably screwed. If it was just a visual exposure, where a person saw the words but didn't take the time to memorize them, then I would say you're are almost certainly safe. Just in case though, you should move your coins to another wallet, better to be safe than sorry.

tokexchain
Jr. Member
*
Offline Offline

Activity: 107
Merit: 0


View Profile
March 08, 2018, 03:15:28 PM
 #14

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

thanks


Yes is the simple answer, the remaining three words out of the eighteen could be dictionary brute force attacked, it is not a hard task and would be easier and faster than cracking some missing characters in a private key. If you have been exposed, move to a new wallet at once.
bob123
Sr. Member
****
Offline Offline

Activity: 532
Merit: 380



View Profile
March 08, 2018, 03:40:10 PM
 #15

the remaining three words out of the eighteen could be dictionary brute force attacked

Its 3 out of 24.



it is not a hard task and would be easier and faster than cracking some missing characters in a private key.

3 words (with a character set of 2048) conforms 8.589.934.592 possibilities.
Where 3 missing characters of a private key (with a char set of 16, assuming hex represantation) conforms to 4.096 possibilities.

So, no it would NOT be easier to crack a few words in a seed than a few chars in a priv key.

McPhillipX
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
March 08, 2018, 03:55:52 PM
 #16

Still, I'd consider just not using that address anymore and have peace of mind.
HCP
Hero Member
*****
Offline Offline

Activity: 574
Merit: 722

<insert witty quote here>


View Profile
March 08, 2018, 08:09:52 PM
 #17

My "old" Core i5-3570K with 8Gigs (and a bunch of stuff running on it Tongue) was able to generate and test approximately 500,000 seeds in around 4 or 5 minutes... Call it 100K combinations/minute... By my calculations, it would take me around 60 days to generate and test all the missing 3 word combinations if testing 24x7... Not exactly an "instant" hack... but certainly doable for a determined hacker.

Also, I'm sure better hardware and a better optimised script/program than my hacked together and unoptimised Python script would probably be able to bring that total time down.

btccrusher
Member
**
Offline Offline

Activity: 126
Merit: 10

IOS - The secure, scalable blockchain


View Profile
March 09, 2018, 10:51:52 PM
 #18

I'm giving you option C. Make it in three-piece of paper, keep the middle one in extremely safe place. (Try remembering the middle phase). But it's always better to move your funds after compromising any keys/passes or anything that can be harmful to your finance.

signalbitbot
Jr. Member
*
Offline Offline

Activity: 98
Merit: 0


View Profile WWW
March 10, 2018, 10:25:37 PM
 #19

My advice, write down 24 words and encrypt everything with a password (aes++++). Password in the brain.

🌐 World Cryptocurrency Betting
📊 Cryptocurrency analysis
cydrix
Full Member
***
Offline Offline

Activity: 224
Merit: 105


View Profile
March 11, 2018, 12:28:18 AM
 #20

i got 24 word seed for my ledger nano s. And i split it up on two papers.

21 words on one paper and 3 words on the other one.

Lets say my 21 word paper would be exposed. Would it be hard for the persona that has this 21 word seed to crack the wallet ?

thanks

Everything could happen in an instant it's your choice isn't it? If you rather leave it be or be paranoid and make sure your money is safe.
My advice relocate all your money in another wallet and make a new one in your ledger wallet just to make safe. I know you will lose money from relocating all your money because of fees but would you rather lose all your money in an instant.

Based on the comments The odds are in your side though you should be calm and pick what's best for you if you think my advice is not worth it then ignore me and pick whatever means necessary.

«««▬▬▬▬▬▬▬ Yo coin ▬▬▬▬▬▬▬»»»
P2P Digital Currency ◘    ◘ Maximize your YOLIFE design your own future ◘
Come join our great community on Telegram
imjustagirl
Jr. Member
*
Offline Offline

Activity: 100
Merit: 3


View Profile WWW
March 11, 2018, 10:29:07 AM
 #21

No, it would not. 3 missing seed words are recoverable, however the attacker would need to at least know some of your wallet addresses in order for it to work 100 %.  The more information an attacker has, the more chances he has to be able to break it. If you are not sure on the best way to back up this information, just input an extra word into your seed (just remember which one it is). Scrambling to find which word is fake and which ones are real, now that's a challenge I hardly think anyone could solve.

MUNcoin ❱❭ When outstanding features meet perfect development team (http://muncoin.net/)
bob123
Sr. Member
****
Offline Offline

Activity: 532
Merit: 380



View Profile
March 11, 2018, 10:36:33 AM
 #22

No, it would not. 3 missing seed words are recoverable, however the attacker would need to at least know some of your wallet addresses in order for it to work 100 %. 

Actually an attacker woulnd not need to know an address from this wallet.
An attacker could easily just derive the priv-/pub- keypairs from each valid seed (using the most common derivation paths), and then check (e.g. via API) for unspent outputs.
Knowing an address of the wallet does increase the speed of this attack. But its definetely not necessary to perform such an 'attack'.

posi
Sr. Member
****
Offline Offline

Activity: 350
Merit: 256



View Profile
March 11, 2018, 01:51:26 PM
 #23

With my understand is good to expose your wallet seed because recovery seeds is like your best friend and it the only thing you need to maintain the safety or recover of your coins.

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 980
Merit: 1061

bc1qdj5v2q8p398rdy6sexc0fapk4hcq0p54xz56ez


View Profile
March 11, 2018, 04:11:03 PM
 #24

With my understand is good to expose your wallet seed because recovery seeds is like your best friend and it the only thing you need to maintain the safety or recover of your coins.

What? Exposing your wallet seed is the worst thing you could do with a wallet that you are using as the person it is exposed to will have access to everything in your wallet.

Unless you mean exposing the seed in order to be able to write it down somewhere and not publicly exposing it OP is referring to).

posi
Sr. Member
****
Offline Offline

Activity: 350
Merit: 256



View Profile
March 12, 2018, 12:51:22 PM
 #25

With my understand is good to expose your wallet seed because recovery seeds is like your best friend and it the only thing you need to maintain the safety or recover of your coins.

What? Exposing your wallet seed is the worst thing you could do with a wallet that you are using as the person it is exposed to will have access to everything in your wallet.

Unless you mean exposing the seed in order to be able to write it down somewhere and not publicly exposing it OP is referring to).
The OP was actually referring to wallet recovery seed and he asked if 21 out 24 get exposed, is it possible for anyone to crack remain 3 and my own answer is yes because some people totally good in doing the cracking and guessing thing.

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 980
Merit: 1061

bc1qdj5v2q8p398rdy6sexc0fapk4hcq0p54xz56ez


View Profile
March 12, 2018, 05:05:20 PM
 #26

With my understand is good to expose your wallet seed because recovery seeds is like your best friend and it the only thing you need to maintain the safety or recover of your coins.

What? Exposing your wallet seed is the worst thing you could do with a wallet that you are using as the person it is exposed to will have access to everything in your wallet.

Unless you mean exposing the seed in order to be able to write it down somewhere and not publicly exposing it OP is referring to).
The OP was actually referring to wallet recovery seed and he asked if 21 out 24 get exposed, is it possible for anyone to crack remain 3 and my own answer is yes because some people totally good in doing the cracking and guessing thing.

If you look at the first few replies, you'd see that I understood this. And HCP and a few other users added calculations to how easy it'd be. Their calculations are an optimistic approach as it'll be much easier possibility wise as there are an even fewer number of sets than were estimated by them.

Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!