Passphrase wallet

[Jumperman4]

Simple question:

If I get my 12 word phrase, what are the odds someone else gets it too? Is it easier to add a pass phrase?

The pass phrase will just make it that much harder to unlock the bitcoin right?

[BlackHatCoiner]

No one will be able to guess the 12 words you've generated realistically. There're more chances for you to win the lottery a dozen of times on a row, than guess someone else's seed.

I wonder, though. Even if you didn't get the above answer, wouldn't it alert you to use a passphrase if having *just* the seed wasn't secure enough?

what are the odds someone else gets it too? Is it easier to add a pass phrase?

Alright, let's calculate it. The mnemonic that is given to you is a representation of a 128-bit entropy to words. So, in order for someone to generate exactly the same phrase with you, they'd have 1 in 2¹²⁸ chances.

To make this look huge, I'll write it decimally:

Code:

340282366920938463463374607431768211456

Note that generating a seed and deriving its addresses (to check if they're funded) isn't a procedure similar to counting. It requires much more computational power to calculate the seed of a number. There are hash functions involved such as HMAC-512, which will slow down the process.

The pass phrase will just make it that much harder to unlock the bitcoin right?

If we assume that there's a strange person who wants to brute force the entire 128-bit range, then yeah. It'll be much harder.

[RickDeckard]

Simple question:

If I get my 12 word phrase, what are the odds someone else gets it too? Is it easier to add a pass phrase?

The pass phrase will just make it that much harder to unlock the bitcoin right?

The odds are very low[1]. If you're too bored to do the actual math, LoyceV has debated this same issue at least sometime during 2017 with more detail[2]:

I imagine someone could write code that keeps trying to repeat 12 different combinations of words, after a while he must get results and control someone’s funds, no? With the amount of wallets out there now...

The number of possible words can vary per application, but let's assume there are 2048 possible words. That means using 2 words gives 2048*2048 or 2048^2 possibilities, 3 words gives 2048^3 possibilities, and 12 words gives 2048^12 = 5444517870735015415413993718908291383296 possible combinations.
If you assume 1 billion people each use this system on 10 wallets, and you can brute-force 10 billion combinations per second, it'll still take you a trillion years to find a match. It's a lot easier to just find the next Bitcoin block, which is more valuable than most wallets anyway.

You can safely rest at night knowing that probably no one in the world will ever get the same combination of seed phrases that you got You can, however, add a passphrase to it if you want to increase security. The way that passphrases work is that if someone do manage to get your seed phrases once they "open" your wallet they won't find any BTC in there simply because that they don't know which passphrase you've used as an additional security layer. You can have multiple passphrases in a wallet, each of them pointing over to different amounts of BTC. As Trezor support page puts it[3]:

Once the passphrase feature is activated on the device, you can provide any input of your choosing and it will be used to generate a completely new wallet. To access this hidden wallet repeatedly, you will have to use the exact same passphrase in combination with the recovery seed on the device. Using the same seed with a different passphrase will generate a different wallet. Using a different seed with the "correct" passphrase will generate a different wallet.

I do recommend watching the video if you prefer[4]. In sum, not having a passphrase is not bad, but if you want to add another security layer, why not?
[1]https://bitcoin.stackexchange.com/questions/71692/how-many-combinations-are-there-from-the-bip32-mnemonic-list
[2]https://bitcointalk.org/index.php?topic=2622497.0
[3]https://wiki.trezor.io/Passphrase
[4]https://www.youtube.com/watch?v=DR5SKuhF-50

[dkbit98]

If I get my 12 word phrase, what are the odds someone else gets it too? Is it easier to add a pass phrase?

If you generate seed words randomly, correctly and offline, using standard words and backing them up in safe place, there is no chance someone else could guess them or unlock anything.
There is however always a chance you made a mistake with leaking your words or someone could steal them from you and spend your bitcoin.

The pass phrase will just make it that much harder to unlock the bitcoin right?

Adding a passphrase is like adding a salt that adds extra layer of protection, but only if you keep it safe and separate from your seed words, this adds more complexity and more security.
You can have multiple passphrases but keeping them all together with backup phrase makes them useless, and losing any of your passphrase is permanent loses of coins associated with them.

[Jumperman4]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

[BlackHatCoiner]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

You can also randomly pick a number between 1 and 340,282,366,920,938,463,463,374,607,431,768,211,456, but I guess that doesn't sound neat. 

[dkbit98]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

Humans are usually bad at randomness and good at repeating stuff, so randomly picking words from your brain or some list is not really random.
Easiest way would be using dices or cards, but I saw some crazy stuff people are doing with Geiger's counter recently, because radioactive particles are random.
This is one example of fun and extreme geek tech using python 3 script generating BIP39 mnemonic codes with random data coming from a Geiger counter, and other guy even added RaspberyPi, Audio interface and Americium 241 from a Smoke Detector  


https://twitter.com/danieldemercado/status/1437033277358022657?s=21
Github: https://github.com/danieldemercado/GeigerBIP39Generator

PS
My point is that true randomness is not easy like it seems, but you shouldn't use Geiger's counter for generating your bitcoin wallet if you are a newbie.

[Jumperman4]

So far every 12 words I've chosen have not opened a wallet

[wxa7115]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

If you use an actual method that can produce random results then the answer is yes, you could just pick your seed words from the list of words and get a wallet that way.

However if you are going to do this simply by reading the words and then selecting them then this has an incredible bias and your selection will not truly be random so this is not recommended at all and if you do so you better accept the fact you could lose your coins by doing something like that.

[Jumperman4]

How come the fees for legacy addresses are so much high then addresses that start with a 3?

[o_e_l_e_o]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

No, you can't.

So far every 12 words I've chosen have not opened a wallet

The final word in every seed phrase contains a checksum. If the checksum is not correct then usually the software you are using will not accept the seed phrase. By randomly picking words, you only have a 1 in 16 chance of selecting a word with the correct checksum for a 12 word seed phrase. This falls to 1 in 256 for a 24 word seed phrase.

But more importantly, selecting words yourself is a terrible way to generate a wallet, will massively decrease your security, and could easily lead to loss of funds. Don't do it.

How come the fees for legacy addresses are so much high then addresses that start with a 3?

Some address which start with a 3 are nested segwit addresses. Segwit moves part of the transaction data (the witness) to a separate section and counts it differently when calculating the weight of the transaction. Since these transactions now have a lower weight, they will pay a lower fee. Addresses which start with bc1 are native segwit addresses and will reduce the fee even further.

[Zedpastin]

Without any fancy calculations the chances are close enough to 0 you do not have to worry there has been no known collisions from wallet seeds. It is possible but the odds are very slim have you heard about people saying that to win the lottery you would have to be very lucky and you have a better chance to get striked by lightening than to win the lottery well guessing someone elses seed would be even more rare than winning the lottery. Think about it the lottery you only have to guess 6 numbers out of >50 numbers but with a seed you have to guess 12 words which are from a dictionary with hundreds of words. You do not have to worry about losing any funds because someone guessed your seed. The only seeds which are guessed would be ones which have repeated words.

[o_e_l_e_o]

The only seeds which are guessed would be ones which have repeated words.

Why do you say this? There is nothing inherently wrong with repeated words in seed phrases, and there is absolutely nothing in the code to prevent words being repeated in seed phrases. Assuming your seed phrase is generated truly randomly, then you have around a 1 in 31 chance of a 12 word seed phrase naturally containing the same word twice, and you have around a 1 in 8 chance for a 24 word seed phrase.

Sure, if your seed phrase contains the same word 4+ times, then it is probably because you have manually picked the words, but any seed phrase with manually chosen words will have very poor security.

[Zedpastin]

The only seeds which are guessed would be ones which have repeated words.

Why do you say this? There is nothing inherently wrong with repeated words in seed phrases, and there is absolutely nothing in the code to prevent words being repeated in seed phrases. Assuming your seed phrase is generated truly randomly, then you have around a 1 in 31 chance of a 12 word seed phrase naturally containing the same word twice, and you have around a 1 in 8 chance for a 24 word seed phrase.

Sure, if your seed phrase contains the same word 4+ times, then it is probably because you have manually picked the words, but any seed phrase with manually chosen words will have very poor security.

I am using a extreme example of if a seed was 12 of the same words in a row they will be attempted by amateur people trying to get into wallets. If you have a passphrase that is dog dog dog dog instead of cat dog cat cat someone is more likely to attempt dog dog dog dog and gain access. If you have a wallet which has a seed of dog dog dog dog dog dog dog dog dog dog dog dog then that is more likely to be cracked. I know the probability of that happening is very very unlikely but that is why random generation is more secure than choosing the words yourself. I only included "the only seeds that are guessed is repeated words" is for this example above and to save myself from being accused to be wrong. In the real world no one has a seed like that and if you did generate a seed like this you would generate another one.

Sure, if your seed phrase contains the same word 4+ times, then it is probably because you have manually picked the words, but any seed phrase with manually chosen words will have very poor security.

I have never tried to manually generate a seed can you pick words which are not in the random list that wallets have or do you pick from the words already there? I think manually choosing a bigger database of words and then randomly selecting them could be safer. If the wallet seed generation has 100 words to pick from but allows custom words you could use 1000 words and then use a script that randomly chooses from that list which would make it more secure than if you used the wallet generation script.

[pinggoki]

it is randomized and is a 12 word pass phrase for a reason. There are hundreds of thousands of words in the English language that people barely know most of them. Not to mention the combination of the words which could go up to billions. So if you're scared that someone might get to your precious account and take your hard-earned holdings, be at ease knowing that as long as they don't have a quantum computer at hand (not yet released in the public, sometimes existence is even debated if true or not). Your funds are safe.

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

Humans are usually bad at randomness and good at repeating stuff, so randomly picking words from your brain or some list is not really random.
Easiest way would be using dices or cards, but I saw some crazy stuff people are doing with Geiger's counter recently, because radioactive particles are random.
This is one example of fun and extreme geek tech using python 3 script generating BIP39 mnemonic codes with random data coming from a Geiger counter, and other guy even added RaspberyPi, Audio interface and Americium 241 from a Smoke Detector 


https://twitter.com/danieldemercado/status/1437033277358022657?s=21
Github: https://github.com/danieldemercado/GeigerBIP39Generator

PS
My point is that true randomness is not easy like it seems, but you shouldn't use Geiger's counter for generating your bitcoin wallet if you are a newbie.

Which is why the system does the randomizing for us, so we don't have to use system of counting and randomizing like the Geiger's counter just so we can rest ease that no one with a full working brain could get to our bitcoins and assets in general. People who randomize the words for themselves risk letting their own heuristics and instinctive biases get a hold of their judgement which is very fatal in the crypto world. I am well aware that even if I don't know or notice, some biases tend to leak out of my decisions so for instances like these, I let the machines do the work for me

[pooya87]

So I can randomly select 12 words from the 2048 and generate a bitcoin wallet? Thats pretty neat

So far every 12 words I've chosen have not opened a wallet

What may not be clear from other comments is that the wallet that generates these seed words isn't actually selecting random words from the list. In reality it is generating a random entropy (a stream of bits) then encodes those bits to be human readable form which is represented by those words (so that you can easily write down words instead of bits).

Usually such encoding methods contain a checksum to quickly figure out mistakes if user entered wrong words in the future while recovering.

Each word represents 11 bits, and part of the last word is the checksum. So when you select random words, they are decoded to an entropy + checksum with the checksum having a high chance of being wrong.
12 words * 11 bits = 132 bits = 128 bit entropy + 4 bit checksum.

[o_e_l_e_o]

I am using a extreme example of if a seed was 12 of the same words in a row they will be attempted by amateur people trying to get into wallets.

Sure, but any seed phrase with the same word 12 times in a row will not have been generated randomly but rather chosen manually, and any seed phrase chosen manually will be highly insecure.

I have never tried to manually generate a seed can you pick words which are not in the random list that wallets have or do you pick from the words already there?

You should never manually generate a seed phrase. If you want your seed phrase to be BIP39 compatible, then the words must come from the set wordlist of 2048 words.

I think manually choosing a bigger database of words and then randomly selecting them could be safer. If the wallet seed generation has 100 words to pick from but allows custom words you could use 1000 words and then use a script that randomly chooses from that list which would make it more secure than if you used the wallet generation script.

A pointless task. Your seed phrase with more words or a bigger wordlist might be harder for someone to brute force compared to a standard seed phrase, but no one can brute force a standard seed phrase anyway. The resulting wallet and private keys it generates will not be any more secure.

[Zedpastin]

What is the safest way of generating a 12 word seed then? Is there any safer options than allowing the wallet to generate it? My steps would be offline computer, generate 12 words through wallet software and then store that seed offline on some paper than is stored in a vault.

A pointless task. Your seed phrase with more words or a bigger wordlist might be harder for someone to brute force compared to a standard seed phrase, but no one can brute force a standard seed phrase anyway. The resulting wallet and private keys it generates will not be any more secure.

I understand this is correct I have made this mistake in the past with using very long passwords when they were not needed because past 15 characters is usually too hard to brute force for any one and it makes it more complex for me.

I am using a extreme example of if a seed was 12 of the same words in a row they will be attempted by amateur people trying to get into wallets.

Sure, but any seed phrase with the same word 12 times in a row will not have been generated randomly but rather chosen manually, and any seed phrase chosen manually will be highly insecure.

Yes I understand that it is probably the least odds to generate the same word 12 times in a row but it is possible. I do not know the math it prolly is below 0.000001% chance but for the sake of being accused to be wrong I included it is possible but IRL it is not likely.

[BlackHatCoiner]

What is the safest way of generating a 12 word seed then?

If you don't have a hardware wallet? Download your non-custodial wallet, verify its signature, format the computer you'll generate the seed, run an open-source operating system (such as a Linux based) from a CD, disable internet connection, install the wallet there, generate the seed, write it down, eject the CD. Done.

If you feel your RNG will betray you, just roll a dice or toss a coin. That proves the source of randomness.

Yes I understand that it is probably the least odds to generate the same word 12 times in a row but it is possible. I do not know the math it prolly is below 0.000001% chance but for the sake of being accused to be wrong I included it is possible but IRL it is not likely.

As I said above, it's 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. That's:

0.00000000000000000000000000000000000000293873587705571876992184134305561419454 666389193021880377187926569604314863681793212890625%

[o_e_l_e_o]

Is there any safer options than allowing the wallet to generate it?

Depends on what you mean by "safer". If you mean that you don't trust your wallet to generate truly random entropy, then the method I would suggest would be flipping a coin 128 times. However, you still need to calculate the checksum, so will need to input your entropy in to some software since you cannot do that by hand, and you will still need to turn the resulting 132 bit number in to a seed phrase, which is prone to error if you are doing it manually, and you will still need to import that seed phrase in to some wallet software to generate private keys and addresses.

Yes I understand that it is probably the least odds to generate the same word 12 times in a row but it is possible. I do not know the math it prolly is below 0.000001% chance but for the sake of being accused to be wrong I included it is possible but IRL it is not likely.

As I said above, it's 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456.

Time to be completely pedantic, but actually it's around 1 in 2¹²¹, rather than 1 in 2¹²⁸.

We know there are 2048 possible 12 word seed phrases which repeat the same word 12 times. Of these, we know that only 128 will have a valid checksum, since the checksum has 2⁴ = 16 possibilities. (Note that this is an average. I've not actually tested every seed phrase to see if we end up with exactly 128 valid ones.) So you have 128 (2⁷) possible seed phrases out of 2¹²⁸. 2¹²⁸/2⁷ = 2¹²¹.

Not that any of that matters. They are equally impossible.