Brute Force And Seed Phrase Security Questions

[Lordhermes]

<...>

I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force.

If you manually create a mnemonic like this, then it is no longer a "seed" but a brainwallet and it is not safe at all because there is no randomness in the entropy that was used at all.
The time it takes to crack it is also in seconds not years because all it takes is someone trying all the combinations of 2048 words where all words are the same (check 2048 seed phrases in total).

I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing? Will it be possible to crack/brute force extended mnemonic seed phrase, if possible, then how long can it takes to be done.

My questions might seem to be out of context, correct me if I'm wrong, I'm learning a lot.

[1715547197]

1715547197

[1715547197]

1715547197

[pooya87]

I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing? Will it be possible to crack/brute force extended mnemonic seed phrase, if possible, then how long can it takes to be done.

My questions might seem to be out of context, correct me if I'm wrong, I'm learning a lot.

No they are not the same thing, the seed phrase itself (the 12 to 24 words) must be generated completely at random using a strong RNG and never manually. The extra word that extends this can be selected by the user "manually" because it was not meant to provide security but only "plausible deniability". Keep in mind that the extra word does NOT encrypt your seed, it just extends it using a very weak KDF.

Breaking it depends on the phrase that was used as the 13th "word". For example 123 is easier to brute force than ?Z1y-R?lKT/}. The time it takes depends on the number of characters in that word, type of them (upper/lower case, numbers, symbols) and whether it is actually random or a known phrase, meaning a poem or a famous quote like "remember remember the fifth of November" is not considered safe even though it is long (39 byte).

[o_e_l_e_o]

I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force.

Each word in a seed phrase encodes 11 bits of data. A 12 word seed phrase has 128 bits of entropy. The checksum is calculated using hash functions and then appended to the end of the 128 bits to give 132 bits in total, which then encodes in to 12 words. (12 words x 11 bits = 132 bits). The last word of the seed phrase, then, includes some entropy and the checksum. For a 24 word phrase, it is 256 bits of entropy and 8 bits of checksum. In terms of how this looks, a seed phrase with the incorrect checksum will have a different last word.

In terms of being attacked by brute force, most attackers are presumably only going to try seed phrases with correct checksums since no wallet will generate a seed phrase with an incorrect checksum by default.

I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing?

There is no such thing as manually selecting randomness. Humans cannot be truly random. Any source of entropy needs to come from something like coin flips or the /dev/urandom function.

[bob123]

I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force.

A checksum is used to verify the integrity of data.
In the case of a mnemonic code, the checksum assures that the mnemonic code has been entered correctly (it checks whether it is a valid mnemonic). A checksum is calculated from the data it verifies the integrity from.

In regards to bruteforcing, it practically doesn't really matter.
An attacker has to bruteforce a 128 bit secure (12 word) mnemonic code.

[jerry0]

Im still surprised by this.  So how many total combinations are there with this many words and how many total address have coins?  Like what what percentage?


I got to assume someone who brute force has to eventually hit just one address with coins right?  I just find this really damn hard to believe.  Surely someone has hit one bitcoin or crypto address right and not said anything about this? 

[o_e_l_e_o]

So how many total combinations are there with this many words

There are 5.44*10³⁹ possible 12 word seed phrases, if you don't pay attention to the checksum.
There are 3.40*10³⁸ possible 12 word seed phrases with a valid checksum.

and how many total address have coins?  Like what what percentage?

There are 2¹⁶⁰ unique addresses of each type (P2PKH, P2SH, P2WPKH), and there are approximately 800,000,000 used addresses. Therefore, we have used approximately 0.00000000000000000000000000000000000002% of all addresses.

I got to assume someone who brute force has to eventually hit just one address with coins right? 

No. The sun will die before we ever hit a private key collision.

[decodx]

I got to assume someone who brute force has to eventually hit just one address with coins right?  I just find this really damn hard to believe.  Surely someone has hit one bitcoin or crypto address right and not said anything about this? 

No, that's incorrect. It is impossible for anyone to generate a private key to a Bitcoin address and find the corresponding public key that has some bitcoin in it. There are simply too many combinations. 2^160 is such a ridiculously large number that it's hard to even imagine it.

[o_e_l_e_o]

Take note you got 3.40*10³⁸ by dividing 5.44*10³⁹ with 16 because the length of checksum for 12 word seed is 4 bit, where only 1 out of 2⁴ has valid checksum.

I actually got the second number simply because it is 2¹²⁸, which is the amount of entropy encoded by a 12 word BIP39 seed phrase. But yeah.

2048¹² is the same as 2¹³². Each one of the 12 words in a seed phrase encodes 11 bits of data, giving 132 bits of data altogether. With the last 4 bits being a checksum, that leaves 2¹²⁸ bits of entropy. 4 bits has 2⁴ = 16 combinations. 2¹³²/2⁴ = 2¹²⁸.

[avadhuta]

Now the electrum seed is 12 words.  The nano ledger is 24 words.  I know other wallets have 12 as well and others have 24 in general

In my wallet(https://bitcointalk.org/index.php?topic=5320048.0) I use a dictionary of 466550 words(https://github.com/dwyl/english-words), 12 of them give 10⁵⁶ combinations, this is an unthinkable amount.

[Dabs]

There is this "other" method of brute force, and it's commonly known as $5 wrench attack. Does not matter how many words you use if you will give it up to save your life or someone else's.

Aside from technical computer security and taking all proper precautions as well as OPSEC (don't go telling the world you have bitcoins or else someone will hunt you), do you also have physical security? Do you lock your doors at night and with what? Can someone kick the front door in? (use 3 inch or longer screws on your door hinges for example.)

If you have 12 or 24 words, don't worry about that part, worry about if someone can break a window and rob you or something.

[HCP]

There is this "other" method of brute force, and it's commonly known as $5 wrench attack. Does not matter how many words you use if you will give it up to save your life or someone else's.

Aside from technical computer security and taking all proper precautions as well as OPSEC (don't go telling the world you have bitcoins or else someone will hunt you), do you also have physical security? Do you lock your doors at night and with what? Can someone kick the front door in? (use 3 inch or longer screws on your door hinges for example.)

If you have 12 or 24 words, don't worry about that part, worry about if someone can break a window and rob you or something.

Please don't go down this rabbithole... we'll be back to ridiculous scenario's about co-ordinated attacks on bank vaults and safety deposit boxes and whether we should split our seed across 5 banks vaults or 6... and what happens if a concrete truck drives into one bank and destroys one part of the seed while there is simultaneously a fire at 2 of the others and a flood at the 4th...

[Dabs]

Your own personal security is real and very possible. People have been robbed, kidnapped or tortured for bitcoins. Your scenario about 5 or 6 banks exploding is unlikely.

Banks are known to close down and sometimes they drill out and empty all their safety deposit boxes, so you should keep an eye on them at least once a year or every 6 months. Talk to the bank often.