How long to crack 24 word phrase if you know all 24 words out of order?

[pooya87]

The reason I don't like this is that it removes one of the main benefits of a seed phrase, which is that it is human readable, easy to write down accurately, easy to check for mistakes, and easy to error correct should you have a few smudged characters or a lost word or two. You lose all this if encrypt it, and should probably be using a printer to print it out rather than hand write it which adds another layer of risk.

No, you don't lose it. When you encrypt a 128-bit entropy for example, you end up with 128-bit encrypted data if you don't use IV. You can easily convert that to a human readable format, like with already available algorithm such as BIP39.
As an example you can check out BIP38 where we encrypt the 256-bit private key and get 256-bit result which we encode using base58. Just replace the last step with BIP39. You can even use a BIP39 library/tool that takes entropy.

[o_e_l_e_o]

So when you use this, what are you encrypting? The actual words of the seed phrase, or the binary representation?

I would argue that manually converting an encrypted seed phrase in to another set of BIP39 words is overly complicated for the majority of users. Some may well try to do it manually which creates the risk for error, and using a BIP39 tool could have unpredictable results as it tries to "fix" the incorrect checksum at the end or truncates some of the data you enter.

It would be better if there was a standardized way of doing this similar to BIP38. In the meantime I prefer to use methods which are standardized, such as multi-sig or passphrases.

[pooya87]

So when you use this, what are you encrypting? The actual words of the seed phrase, or the binary representation?

The binary, just like BIP38. In fact that is why I used that example above. If I do anything else the length could be arbitrary and encoding becomes slightly more complicated.

I would argue that manually converting an encrypted seed phrase in to another set of BIP39 words is overly complicated for the majority of users. Some may well try to do it manually which creates the risk for error, and using a BIP39 tool could have unpredictable results as it tries to "fix" the incorrect checksum at the end or truncates some of the data you enter.

It would be better if there was a standardized way of doing this similar to BIP38. In the meantime I prefer to use methods which are standardized, such as multi-sig or passphrases.

No arguments there. My method requires some knowledge of programming since there isn't any implementations of it as far as I know but it is pretty simple to do.
I really hope someone comes up with a BIP38 like proposal for mnemonics to standardize it (at least to some extent).

[alwaysmyn]

I also scrambled my 24 seedphrase and added 1 word to make it more difficult  saved it on my emails and other places less secured. I am confident that no one will be able to guess it including me. And that's the reason why I wrote down the sequence like a code and made it into an NFT so it have a record in blockchain and will never be lost. So when the time comes that I want to access my assets, I will just search for my NFT in opensea (contains the code) and then run through my email for my scrambled seed phrase then I'm good to go. Anyone wants to tell me what's the risk?

[o_e_l_e_o]

Anyone wants to tell me what's the risk?

• Your email provider going defunct, blocking your account, deleting your data, suffering a server failure, suffering malware, or any other reason which could result in loss of your scrambled seed phrase back up.
• Forgetting your additional word if it isn't also backed up.
• Not remembering your method, how to find your code, how to interpret your code, etc.
• Making a mistake in how you set up your code, so even if you find it you cannot unscramble your seed phrase.
• Someone who has hacked your email figuring out your scheme and stealing your coins.
• OpenSea is centralized. If OpenSea goes down (as it has in the past) then do you know how to extract the necessary information from the blockchain to access your code?

[Cricktor]

...

As o_e_l_e_o points out, I stopped counting single points of failure, you rely on too many parts that you have no control of. Despite that, have you actually verified that you can recreate your mnemonic words properly?

Keep it simple and you less likely shoot yourself into your foot. There's so much that could go wrong in your scheme...

[Fivestar4everMVP]

When I first read the question op asked,  I was just about to comment and say that it should take maybe 24 hours at most,  but reading the comments really made me amazed,  I am still finding it difficult to believe that it is actually impossible to get a correct order of 24 word seed phrase wrongly arranged,  maybe I personally would have to try this with a new wallet as an experiment for myself.

Anyone wants to tell me what's the risk?

What If your email gets hacked?
What if for some reason, you lost access to your email?
What if opensea goes down in the future?
Or maybe gets hacked?
It is not my prayer for you,  but what If sudden death happens,  how will your family have access to your scrambled 24 word seed phrase,  how will they know how to unscramble it so they can gain access to the funds.?
How will they know theres an NFT you kept on opensea that holds the key to your funds?
(except you are going to show them this things).

[o_e_l_e_o]

maybe I personally would have to try this with a new wallet as an experiment for myself.

Feel free, but you won't get very far.

You can figure out why just by looking at the math without having to run any simulations yourself. You have 24 scrambled words. For the 1st word, you can pick any of the 24. For the second word, there are 23 words left to pick from. For the third word, there are 22 words left to pick from. For the fourth word, 21 words left. And so on. 24*23*22*21*......*3*2*1. Also known as 24!. This gives you the following number:

Code:

620,448,401,733,239,439,360,000

How many possibilities can your computer try in a second? A few million? Let's say a billion to be generous? The number above divided by a billion a second, 60 seconds in a minute, 60 minutes in an hour, 24 hours in a day, 365 days in a year, comes out to just short of 20 million years.

[Pmalek]

<Snip>

You did all those things and yet you managed to create a setup that is much less secure than taking a pen and a piece of paper and writing down 24 words nicely and in correct order. Was it worth it?

It's better to use simple and offline storage options and methods that have been working flawlessly for years. You now rely on several centralized services that have to stay online and operational until it's time for you or a successor to recover those coins.

[goldkingcoiner]

However,  if you know the location  of some of those words it would be easier (maybe possible) to brute force it. Because the difficulty increases exponentially

With good hardware, btcrecover will descramble a 12 word BIP39 seed phrase in an hour: https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example_Descrambling_a_12_word_seed/. Although not exactly the same due to the checksum, lets assume that if you know 12 out of the 24 words then you could descramble the remaining 12 words in roughly the same amount of time.

If you don't know the position of 13 words instead of 12, then there are 13x as many combinations to try, so that would take roughly 13 hours.
For 14 words, 7 days.
For 15 words, 16 weeks.
For 16 words, 5 years.
For 17 words, 85 years.
For 18 words, 1500 years.

No point calculating beyond that really.

Not with quantum computers. I assume we won't need to wait 1500 years for the next generation computer to be developed.

Still, at current present technology levels we do not even need to talk about whether or not its possible to crack it because theoretically it is possible but its just technically impossible. Which to humans is almost exactly the same as literally impossible.

Also it bears reminding that by the time we have quantum computers powerful enough to do the entire cracking in minutes or hours or even days, at that point in the future we will have already upgraded the security where even quantum computers cannot crack it.

Its just a simple matter of adding more words.

[o_e_l_e_o]

Not with quantum computers. I assume we won't need to wait 1500 years for the next generation computer to be developed.

Quantum computers are not a magical bullet that can instantly solve any problem. They provide an exponential speed up to attempts to solve the ECDLP, and this is the main way they would be used to attack bitcoin. They provide a much smaller speed up to any hash functions, which is the limiting step in attempting to unscramble a seed phrase, since you must use a SHA256 to calculate the checksum, followed by 2048 rounds of SHA512 to generate the seed number, followed by several more rounds of SHA512 to work down the derivation path and generate the necessary addresses to check for funds. They will be able to speed the process up, sure, but they are unlikely to make unscrambling 18 words any less unfeasible for the average person.

Its just a simple matter of adding more words.

The security of your wallet should never depend on there being enough words in your seed phrase so that an adversary with access to all the words cannot unscramble them, but rather on an adversary never having access to your seed phrase in the first place. I would never scramble the words in a seed phrase to begin with, for the exact reasons highlighted above - if you mess up then wave goodbye to all your coins.