600 word seed

[aurora]

i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool

[1714798954]

1714798954

[1714798954]

1714798954

[bitmover]

i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool

It is not safer. There is no need to use 2048^600 combinations. This is will be problematic for you to save and recover when needed.

It was not generated using iancoleman tool. The maximum number of word it takes is 24 words, as you can see in the picture below


https://iancoleman.io/bip39/

What you might have done, is to use 24 word + 576 passphrase words. This will make your wallet unsafe, risky and you will probably lose your funds when you need to recover it.

WHen you add custom 576 words, a small typo may cause your wallet to be lost forever. As there are too many words, it will be almost impossible for you to determine what could have gone wrong, and those words are custom: They do not come from a fixed 2048 list of words.

[ranochigo]

It was not generated using iancoleman tool. The maximum number of word it takes is 24 words, as you can see in the picture below

Possible, using custom entropy in the checkbox. The words will still be derived from the list.

@OP, the benefits of extra entropy diminishes with the increasing seed phrase length. 24 word seeds are already an overkill, 12 words is sufficient it provides for 128bits of entropy. It is far easier to have to type/store a 12 word seed than a 24 word seed and of course, 600 word seed. Most wallets do not support seed phrases that long and there is really no usecase for anything like that.

[HCP]

i know its way too much but how safe is it vs 24 word seed?

It's like saying "how difficult is it to get to Pluto vs how difficult is it to get to Jupiter"... For all intents and purposes, they are both "impossible".

As mentioned above, having a 600 word seed just adds in unnecessary complexity and is more prone to errors in transcribing and/or more likely to become problematic when attempting to restore.

[pooya87]

You should try to avoid doing things that are not "standard" because if you are lucky the worst thing that could happen is that you will have a lot of problems recovering your funds by duplicating that self-defined process but if you are not you would be creating a weaker method that could endanger your funds.
Try to stick to the standard defined methods that are created by experts and are used by many implementations and their users.

It's like saying "how difficult is it to get to Pluto vs how difficult is it to get to Jupiter"... For all intents and purposes, they are both "impossible".

I love how my analogy is catching on

[aurora]

I generated huge entropy because 256 bits of entropy didnt seem secure to me:   this is what 256 bits look like. 83926714dbf1948da358e3bddd99818d1b9fd3fd58c55e65765ffd780a4b4970   this is it. looks very breakable

[Lucius]

If someone really thinks he needs a 600 word seed let him use it, but before that we should really understand that a seed is just something that exists to make it easier for us humans to imagine some things. Behind all this is much more complicated mathematics that only a few can understand.

Someone said that there are already at least 1000 such questions and answers if the internet is searched, and for those who think they need more than 24 seed words, let them play a little with the number of grains of sand on earth or the number of atoms in space.

toSaturnAndBeyond
There are more seed combinations than grains of sand on Earth.

WannabeWonk
It's actually closer to the number of mother fxxking atoms in the universe.
204824 is roughly 3×1079 and scientists estimate the number of atoms in the universe is around 1080.

However, some may think that aliens have much more powerful computers, so if they start brute force BTC seeds, it is better to strengthen the protection a bit

[ranochigo]

I generated huge entropy because 256 bits of entropy didnt seem secure to me:   this is what 256 bits look like. 83926714dbf1948da358e3bddd99818d1b9fd3fd58c55e65765ffd780a4b4970   this is it. looks very breakable

Let's represent it with the number of permutations that a 12 words seed have.

2048^12 possible seeds, a little less than that if you want to adhere to the checksum (lowers from 132bits to 128 bits). 5.44 x 10^39 possible permutations. Let's say you can bruteforce 1 million seeds a second; giving you about 1.7264453e+32 years to exhaust the key space. It's roughly the security of a Bitcoin address. 24 word seeds has even more permutations.

[aurora]

2048^12 possible seeds

isnt chances much lower because of you only need to match few letters to know word?

[o_e_l_e_o]

2048^12 possible seeds

isnt chances much lower because of you only need to match few letters to know word?

Each word had a unique first 4 letters, but that doesn't change that there are 2048 different words, and each word encodes 11 bits of entropy.

Bitcoin private keys themselves only have 128 bits of security, so anything beyond that for a seed phrase is technically unnecessary. Further, regardless of how long your seed phrase is, it is passed through the exact same process to create a 256 bit master private key and a 256 bit master chain code. Therefore, a 12 word seed phrase is just as secure as a 600 word seed phrase.

All you are achieving here is making your seed phrase more difficult to back up and massively increasing the chance you make a mistake when writing it down. You are not gaining any meaningful additional security.

[o_e_l_e_o]

Purely by length (ignoring checksum, RNG, etc.), it's 2048⁶⁰⁰ / 2048²⁴ or 2048⁵⁷⁶ times more secure than 24 words.

The only thing it is more secure against is someone blindly trying to guess your seed phrase, which pretty much no one is ever going to do. It does not make your wallet, your private keys, or your coins any more secure.

You can't generate 600 words seed with iancoleman tool, but even if it's possible there's security concern generate random number with browser.

You can. Click on "Show entropy details", and then make sure the drop down box shows "Use Raw Entropy (3 words per 32 bits)". You can then enter as much entropy as you like and it will generate as long a seed phrase as you like. You will obviously need to generate your own entropy to do this.

[khaled0111]

Just to add to what have been said, if you have 600 words seed, you will have to copy paste it each time you need to recover your wallet. So, the seed needs to be saved on a digitally which represents another attack vector.
A 12 words seed is safe enough as long as the words have been randomly generated.

[Husires]

i know its way too much but how safe is it vs 24 word seed?
btw it was generated using iancoleman tool

BIP39 (Mnemonic Recovery Seed Phrase) is Bitcoin Improvement Proposal. Instead of memorizing a private key with a lot of characters, you should memorize 12 or 24 words you are familiar with.

The increase in words will be good but a lot of words will make the matter the opposite. The missed or lost word will increase and thus you will need to memorize it in digital form, which is aware of the increased risk.

[o_e_l_e_o]

Instead of memorizing a private key with a lot of characters, you should memorize 12 or 24 words you are familiar with.

No, you shouldn't. You should write it down on paper.

[aurora]

I know, but almost no one use the feature or use entropy from secure source

I always use my own entropy source to generate seed. cant trust iancoleman, ledger or any other wallets for that matter. I dont know why but i worry about address collision. Changes of it are very low but there is chance so with my luck I be first one.
Also i dont save 600 word seed i only save few key pairs. Thats all i need

[o_e_l_e_o]

I always use my own entropy source to generate seed.

There is nothing wrong with this, and in fact, it is a good idea in some circumstances. I've done the same for a number of long term cold storage wallets. I generally use the "flip a coin 256 times" method to generate a 256 bit number. From there, you can choose to either convert it to a seed phrase, first by calculating and appending the checksum and then manually converting each group of 11 bits to a word on the BIP39 word list, or you can use the 256 bit number directly as a private key.

I dont know why but i worry about address collision. Changes of it are very low but there is chance so with my luck I be first one.

There is only a theoretical chance of it happening. Practically, it will never happen. Here is a post of mine from a while ago explaining just how unlikely it is that someone guesses your private key:

Given that most 2FA codes are 6 digits long, there is a 1 in 10⁶ chance of someone guessing your 2FA code.
Assuming an average house lock has 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 10⁸ chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 10¹⁶ chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*10³¹ chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*10⁷⁷.

The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*10⁶¹, which is still around 2 thousand trillion times more likely than them guessing your private key.

Also i dont save 600 word seed i only save few key pairs. Thats all i need

Then using a 600 word seed phrase makes even less sense. It doesn't matter if you have 12 words, 24 words, 600 words, or a million words. The security of any individual private key will always be the same.

[aurora]

Then using a 600 word seed phrase makes even less sense.

i believe i'm overly paranoid but in order to have same privkeys attacker must generate same 600 words. no? to brute force privkey attacker needs to generate all of possible privkeys. which can only be done by alliens and their super computer. also keep in mind that pool of available keypairs getting smaller every second

[o_e_l_e_o]

i believe i'm overly paranoid but in order to have same privkeys attacker must generate same 600 words. no?

No. An attacker trying to brute force a single private key without any additional information is just going to attempt to brute force the private key rather than the seed phrase it was derived from.

If I generate a private key, to check for an address collision all I have to do is use elliptic curve multiplication to turn it to a public key, and then hash it a few times and convert to Base58.

If I generate a seed phrase, to check for an address collision I first have to go through 2048 rounds of HMAC-SHA512, and then multiple further rounds of HMAC-SHA512 to work down the derivation path to the relevant account and address index, and then elliptic curve multiplication and hash as above. It is a far more time consuming and resource intensive process. It makes much more sense for an attacker to try to brute force the individual key, which has the exact same security if you use 12 words or 600 words.

to brute force privkey attacker needs to generate all of possible privkeys. which can only be done by alliens and their super computer.

And to brute force a 24 word seed phrase, an attacker needs to generate all possible 24 word seed phrases. There are 2²⁵⁶ valid 24 word seed phrases, which is actually more than the number of valid private keys, which is slightly less than 2²⁵⁶.

[PonZZ]

What do you need it for? 24 word seed-phrases are safe enough to not be hacked. They also can be easily remembered.

[o_e_l_e_o]

They also can be easily remembered.

What's with everyone in this thread talking about memorizing seed phrases?

Write it down.