Lordhermes
|
|
March 11, 2021, 05:54:38 AM |
|
<...>
I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force. If you manually create a mnemonic like this, then it is no longer a "seed" but a brainwallet and it is not safe at all because there is no randomness in the entropy that was used at all. The time it takes to crack it is also in seconds not years because all it takes is someone trying all the combinations of 2048 words where all words are the same (check 2048 seed phrases in total).
I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing? Will it be possible to crack/brute force extended mnemonic seed phrase, if possible, then how long can it takes to be done. My questions might seem to be out of context, correct me if I'm wrong, I'm learning a lot.
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10558
|
I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing? Will it be possible to crack/brute force extended mnemonic seed phrase, if possible, then how long can it takes to be done.
My questions might seem to be out of context, correct me if I'm wrong, I'm learning a lot.
No they are not the same thing, the seed phrase itself (the 12 to 24 words) must be generated completely at random using a strong RNG and never manually. The extra word that extends this can be selected by the user "manually" because it was not meant to provide security but only "plausible deniability". Keep in mind that the extra word does NOT encrypt your seed, it just extends it using a very weak KDF. Breaking it depends on the phrase that was used as the 13th "word". For example 123 is easier to brute force than ?Z1y-R?lKT/}. The time it takes depends on the number of characters in that word, type of them (upper/lower case, numbers, symbols) and whether it is actually random or a known phrase, meaning a poem or a famous quote like "remember remember the fifth of November" is not considered safe even though it is long (39 byte).
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18515
|
I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force. Each word in a seed phrase encodes 11 bits of data. A 12 word seed phrase has 128 bits of entropy. The checksum is calculated using hash functions and then appended to the end of the 128 bits to give 132 bits in total, which then encodes in to 12 words. (12 words x 11 bits = 132 bits). The last word of the seed phrase, then, includes some entropy and the checksum. For a 24 word phrase, it is 256 bits of entropy and 8 bits of checksum. In terms of how this looks, a seed phrase with the incorrect checksum will have a different last word. In terms of being attacked by brute force, most attackers are presumably only going to try seed phrases with correct checksums since no wallet will generate a seed phrase with an incorrect checksum by default. I'm getting to understand something here, manually selecting randomness of seed and seed extension( I mean adding additional word making the 13th word) is the same thing? There is no such thing as manually selecting randomness. Humans cannot be truly random. Any source of entropy needs to come from something like coin flips or the /dev/urandom function.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
March 12, 2021, 01:56:28 PM |
|
I have some question to ask, what actually is checksum in mnemonic seed phrases, what's the difference between seed phrase with valid checksum and the one with invalid checksum in respect to wallet vulnerability to be easily attack/brute force.
A checksum is used to verify the integrity of data. In the case of a mnemonic code, the checksum assures that the mnemonic code has been entered correctly (it checks whether it is a valid mnemonic). A checksum is calculated from the data it verifies the integrity from. In regards to bruteforcing, it practically doesn't really matter. An attacker has to bruteforce a 128 bit secure (12 word) mnemonic code.
|
|
|
|
jerry0 (OP)
|
|
March 14, 2021, 02:12:07 AM |
|
Im still surprised by this. So how many total combinations are there with this many words and how many total address have coins? Like what what percentage?
I got to assume someone who brute force has to eventually hit just one address with coins right? I just find this really damn hard to believe. Surely someone has hit one bitcoin or crypto address right and not said anything about this?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18515
|
|
March 14, 2021, 09:22:23 AM |
|
So how many total combinations are there with this many words There are 5.44*10 39 possible 12 word seed phrases, if you don't pay attention to the checksum. There are 3.40*10 38 possible 12 word seed phrases with a valid checksum. and how many total address have coins? Like what what percentage? There are 2 160 unique addresses of each type (P2PKH, P2SH, P2WPKH), and there are approximately 800,000,000 used addresses. Therefore, we have used approximately 0.00000000000000000000000000000000000002% of all addresses. I got to assume someone who brute force has to eventually hit just one address with coins right?
No. The sun will die before we ever hit a private key collision.
|
|
|
|
decodx
|
|
March 14, 2021, 09:49:39 AM |
|
I got to assume someone who brute force has to eventually hit just one address with coins right? I just find this really damn hard to believe. Surely someone has hit one bitcoin or crypto address right and not said anything about this?
No, that's incorrect. It is impossible for anyone to generate a private key to a Bitcoin address and find the corresponding public key that has some bitcoin in it. There are simply too many combinations. 2^160 is such a ridiculously large number that it's hard to even imagine it.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | ██░░░░░░░░░░░░░░░░░░░░░░██ ▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀ ▄▄███░░░░░░░░░░░░░░███▄▄ ▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀ ▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄ █░▄▄▄██████▄▄▄░█ █░▀▀████████▀▀░█ █░█▀▄▄▄▄▄▄▄▄██░█ █░█▀████████░█ █░█░██████░█ ▀▄▀▄███▀▄▀ ▄▀▄▀▄▄▄▄▀▄▀▄ ██▀░░░░░░░░▀██ | | | | | | | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄██████▀████░███▄▀██▄ ███░█████████▀██░████░███ ███░████░█▄████▀░████░███ ███░████░███▄████████░███ ▀██▄▀███░█████▄█████▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP FAZE CLAN SSC NAPOLI | | |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18515
|
|
March 14, 2021, 12:50:00 PM |
|
Take note you got 3.40*1038 by dividing 5.44*1039 with 16 because the length of checksum for 12 word seed is 4 bit, where only 1 out of 24 has valid checksum.
I actually got the second number simply because it is 2 128, which is the amount of entropy encoded by a 12 word BIP39 seed phrase. But yeah. 2048 12 is the same as 2 132. Each one of the 12 words in a seed phrase encodes 11 bits of data, giving 132 bits of data altogether. With the last 4 bits being a checksum, that leaves 2 128 bits of entropy. 4 bits has 2 4 = 16 combinations. 2 132/2 4 = 2 128.
|
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
March 16, 2021, 04:16:02 PM |
|
There is this "other" method of brute force, and it's commonly known as $5 wrench attack. Does not matter how many words you use if you will give it up to save your life or someone else's.
Aside from technical computer security and taking all proper precautions as well as OPSEC (don't go telling the world you have bitcoins or else someone will hunt you), do you also have physical security? Do you lock your doors at night and with what? Can someone kick the front door in? (use 3 inch or longer screws on your door hinges for example.)
If you have 12 or 24 words, don't worry about that part, worry about if someone can break a window and rob you or something.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
March 18, 2021, 10:15:04 PM |
|
There is this "other" method of brute force, and it's commonly known as $5 wrench attack. Does not matter how many words you use if you will give it up to save your life or someone else's.
Aside from technical computer security and taking all proper precautions as well as OPSEC (don't go telling the world you have bitcoins or else someone will hunt you), do you also have physical security? Do you lock your doors at night and with what? Can someone kick the front door in? (use 3 inch or longer screws on your door hinges for example.)
If you have 12 or 24 words, don't worry about that part, worry about if someone can break a window and rob you or something.
Please don't go down this rabbithole... we'll be back to ridiculous scenario's about co-ordinated attacks on bank vaults and safety deposit boxes and whether we should split our seed across 5 banks vaults or 6... and what happens if a concrete truck drives into one bank and destroys one part of the seed while there is simultaneously a fire at 2 of the others and a flood at the 4th...
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
March 19, 2021, 02:39:59 PM |
|
Your own personal security is real and very possible. People have been robbed, kidnapped or tortured for bitcoins. Your scenario about 5 or 6 banks exploding is unlikely.
Banks are known to close down and sometimes they drill out and empty all their safety deposit boxes, so you should keep an eye on them at least once a year or every 6 months. Talk to the bank often.
|
|
|
|
|