Seed Security - Is what I am guessing correct? Or wrong in technical nature?

[samaney]

I am not a tech nerd - so this question might seem stupid.

My question:

Everyone says Electrum seeds are xxxx bits (128? 256?) and can be cracked in 100 years.  Whatever the numbers are.

Here comes my point: Yes - if the attack is towards someone specific, it would be hundred years to find the seed of that person.

But as I understand, in any electrum, you can try seed variations randomly (not attacking one specific person) and keep on doing that.

I do not know how many people use Electrum. But lets say 1000 people use it. (Can be higher - mine is just to demonstrate).

Doesn't it make finding a random seed 1.000 times easier? 1.000 times quicker? Just like, as if I had 1000 different passwords for a same login name for some service? A hacker can find it easier?

As there is not a login-password system in Electrum, and directly entering the seed gives all bitcoin addresses and private keys, just entering random seeds would bring someones account information much more easier, does not matter who it is?

May be I am getting it wrong - there can be a technical definition that more users would not mean seeds can be cracked significantly easier. But I just would like to get this correct. What I am explaining above does not make sense at all? Or if it is somewhat correct, would there be some protective measures needed to avoid this from happening?

Yes, again, the risk is same every specific person, if more users mean randomly finding a seed is easier, it is again same and a very low chance that it will be you, me, Joe etc. But the risk of someone random losing his account is increasing. And if this thing would be easier, more people will attempt to do that and risk for every specific person will increase.

I do not understand these encryption things - but as an outsider, the only risk about a seed that comes to my mind. However, of course mathematically this would not make sense in encryption - I have no clue about these things.

[RoxxR]

This is actually a very good question. What you are saying makes sense to me, so I'm also really interested to hear from the experts. (Is this an example of the so-called birthday paradox?)

[samaney]

Thanks RoxxR, nice to hear an opinion and as I understand what I think is a bit logical.

Yes - I want to hear from everyone. Is it a wise idea to create seeds, store the paper seeds very securely and wait a few months or years. Or the seeds, even I do not touch them for long months or years, pose a threat in the Electrum system itself already?

What do people think about my point of view on Electrum seeds on the original post?

[Abdussamad]

The numbers are too large so that even if you were to go through it randomly or even sequentially you won't find a wallet with coins in it.

If you want an example see this: http://directory.io . That is a list of every bitcoin private key that can possibly exist ever. Try finding one with coins in it.

PS: To the nit pickers, yes, bitcoin private keys are 256bits and electrum seeds are "only" 128 bits. The concept is the same though - too large a hay stack.

[samaney]

OK - I saw the numbers in the link. What concerned me was the numbers that were quoted some time ago (like it takes 100 years to crack someones seed. But if there are 1000 users, a random seed can be cracked 1000 times quicker, I thought). And I believe most of the Electrum users should have Bitcoins in the addresses, not empty, compared to most popular Bitcoin clients (just a baseless thought though, many newcomers might test the most popular ones without adding Bitcoins in them). This was just a surmise - however again, my example was, lets say there was 1.000 Electrum users with Bitcoins. And many more numbers of users without Bitcoins.).

The numbers you provided are all of the Bitcoin addresses it seems, Electrum seeds different? Anyway - I am just trying to get information here - so all your opinions that matters. Not trying to judge here, sharing my concerns (not backed by any knowledge), and if you clarify this - then fine. That's why I am asking here.

So as to summarize - Can I use 40-50 seeds with Bitcoins in it for months or even years untouched and unseen comfortably? The risk is almost non-existent? If paper wallets etc. does not add a very significant security (because Electrum is already almost impossible to crack) then I will go for Electrum. And start sending them Bitcoins in a few days, knowing that there is no risk. Actually that's more preferable to myself, not to learn paper wallets, testing them, becoming comfortable to use etc. Most of my Electrum wallets are already ready. Just I want to know I am not doing anything wrong using Electrum.

And - I would like to check the balances with the Electrum master private keys  in my main computer throughout that time (other seeds etc. stored unseen elsewhere unseen securely) - would this create problems - or Master Private Key is totally harmless?

[samaney]

The numbers are too large so that even if you were to go through it randomly or even sequentially you won't find a wallet with coins in it.

If you want an example see this: http://directory.io . That is a list of every bitcoin private key that can possibly exist ever. Try finding one with coins in it.

PS: To the nit pickers, yes, bitcoin private keys are 256bits and electrum seeds are "only" 128 bits. The concept is the same though - too large a hay stack.

One point - though. You seem to talk about Bitcoin Addresses and Private Keys. You have to work and insist on a Bitcoin address to find the Private Key of it. And it would be worthless. (like a password attack on a username?)

However, on Electrum, there is no username/password or PublicAddress/PrivateKey combination. Simply a text with some dictionary words (not random alphanumeric) and that can lead you to any wallet randomly. You do not need to insist on cracking a specific wallet and spend time on a one single wallet.

I guess as no longer anyone answers my original post, then I will not dig this issue further, that would put Electrum author in a bad position. This kind of monologue I am insisting on would be really baseless, as I do not understand encryption etc. I would not create some fog on an issue I really have no clue and even understand.

I just wanted to make an informed move to avoid some jeopardy (due to lack of knowledge). As not too much replies came, there seems to be no risk and if there was any, Bitcoin community would have realized that much more before than me. . Now I feel it would be OK to create Electrum wallets, put Bitcoins in it, then forget about it for some time.

In any case, if Electrum author sees this message, and clarifies that, that would add an extra comfort.

[BkkCoins]

You're probably getting little response here because this has been asked so many times over that a bit of searching would get you some answers. I know I've repeated my answer below in similar ad-hoc terms at least 5 times over the last year.

An Electrum seed is 128 bits so there are 2^128 possible seeds. Let's say there are 1 billion seeds in use by users which contain some balance.

2^128 = 3.402823669×10³⁸

1 billion = 1.0 x 10⁹

So you would have to search a space of 3.402823669×10³⁸ / 1.0 x 10⁹, or

3.402823669×10²⁹ seeds.

For each wallet check you need to generate the seed, and check a few addresses against the blockchain. If you used a local RAM copy of the blockchain and you were able to check 1000000 seeds / second then in one year you could check 60*60*24*365*1000000 seeds. Or about,

3.1536×10¹³

Leaving you with a task that would take 1.079028307×10¹⁶ years. But wait that's still too long so we better assign a cluster of a 1000000 computers to generating and checking seeds, because any tiny balance on any of a billion seeds may be worth it...

Now we're down to, 10,790,283,070 years.

We'd better get right on it.

[samaney]

Thanks.

[Abdussamad]

However, on Electrum, there is no username/password or PublicAddress/PrivateKey combination. Simply a text with some dictionary words (not random alphanumeric) and that can lead you to any wallet randomly. You do not need to insist on cracking a specific wallet and spend time on a one single wallet.

Also, since you asked above about the seed as 12 words, well, I asked that question myself when I was new to Electrum. The 12 words have the same entropy as the hexadecimal representation of the seed i.e. 128 bits. You are just encoding the seed as a human friendly set of words as opposed to an ugly number. They are as random as the hexadecimal version.