How long it takes to hack my wallet If someon would know my 24 words (no order)?

[mirek92]

Hello, I would like to ask how long it takes to someone to hack my wallet If he would know all my 24 words, but not their order.

I know that it would be counted like 24! and it is very less than 2048^24(<-- classic hacking without knowing any words).
Result of 24! is 6.204484e+23 .
Do you think there will be any machines and programs which would be able to try it in real time?

Thank you

[1713523256]

1713523256

[1713523256]

1713523256

[1713523256]

1713523256

[1713523256]

1713523256

[1713523256]

1713523256

[o_e_l_e_o]

It would be possible but highly impractical and hugely expensive at the moment, but that is unlikely to be the case forever.

24! is the equivalent of just over 2⁷⁹. The entire bitcoin network is producing 200 EH/s. While these two things are not directly comparable (since every valid seed phrase needs several more operations over and above the hash required to verify the checksum in order to check for balance), as a rough idea it would take the bitcoin network about 52 minutes to produce 2⁷⁹ hashes.

So unless an attacker could afford to rent enormous amounts of computing power for an extended period of time, then they will not be able to solve 24! at the moment. As processors continue to become cheaper and more powerful, though, then I would expect that cracking the seed phrase to become reasonably possible in the future.

[n0nce]

o_e_l_e_o's answer is correct, however I'd like to make sure this is not a XY problem.
If you're thinking of shuffling your seed as some kind of custom crypto, I'd highly suggest not to. It's way more likely for you to forget the order and lose the coins forever than the risk of someone finding your seed and stealing your coins.

For more info on this, check the last couple pages of this board; in the last few months, we had this topic at least once already.

[PrimeNumber7]

24! is the equivalent of just over 2⁷⁹. The entire bitcoin network is producing 200 EH/s. While these two things are not directly comparable (since every valid seed phrase needs several more operations over and above the hash required to verify the checksum in order to check for balance), as a rough idea it would take the bitcoin network about 52 minutes to produce 2⁷⁹ hashes.

The slow part would be trying to check the balance of calculated addresses.

ASICs perform calculations on an input, and will not compare the output of these calculations to a list. I don't think it is possible to develop an ASIC that can compare a calculated value to a list. So in theory, someone could calculate all potential seed combinations, however, they would be unable to efficiently compare this to a list of addresses that have ever received a transaction.

[bitmover]

Hello, I would like to ask how long it takes to someone to hack my wallet If he would know all my 24 words, but not their order.

I know that it would be counted like 24! and it is very less than 2048^24(<-- classic hacking without knowing any words).
Result of 24! is 6.204484e+23 .
Do you think there will be any machines and programs which would be able to try it in real time?

Thank you

It would take about 19 million years.

Even if you have the 24 words to guess from?

Still quite unfeasible:

https://bitcoin.stackexchange.com/questions/92540/bruteforcing-a-seed-with-24-words-of-a-unknown-order

Cryptography is really impressive.

This depends a little bit if all words are independent. If yes the will be 24! = 620.448.401.733.239.439.360.000 permutations of the words. Assuming that you computer can check 1 billion permutations per second (which is is way too optimistic as this would assume that a signature / public key could be computed within one clock cycle which he can't) this would mean that your computer still would need 620.448.401.733.239 seconds which is 19674289 (19.6 million) years as the absolut minor / lower bound. This estimation however does not take into account technological breakthroughs in computing hardware which could very well happen in that time frame (:

19 million years. I am impressed,  because at first when I read the topic I thought it was possible.

I think those questions are always interesting to see because people really have no idade how big those numbers are, and how secure our bitcoin is when our wallet is properly generated.

[PawGo]

4 months ago someone else asked the same question:
https://bitcointalk.org/index.php?topic=5377887.0 (How long to crack 24 word phrase if you know all 24 words out of order?)

I will quote one of answers:

For 14 words, 7 days.
For 15 words, 16 weeks.
For 16 words, 5 years.
For 17 words, 85 years.
For 18 words, 1500 years.

But again - all is matter of luck, maybe someone will shuffle words and hit your seed at the first time?

Conclusion: save your seed as it is, do not invent new ways of protection.

[o_e_l_e_o]

I will quote one of answers:

My answer that you quoted there was based on the assumption that someone was trying to crack this using their own home PC and nothing more. In that case there is no point in even trying, as 24! would take millions, if not billions, of years with current technology. This obviously becomes significantly quicker (but still completely impractical) if someone is renting vast amounts of computing power, as I outlined above. However, I still wouldn't assume that this will be safe forever.

If you're thinking of shuffling your seed as some kind of custom crypto, I'd highly suggest not to.

Agreed. If you aren't comfortable with the security of your seed phrase, then you should use one of the following standardized methods for adding additional security - passphrases, multi-sig, encryption. Coming up with your own scrambling scheme will likely lead to loss of your coins.

[Welsh]

So unless an attacker could afford to rent enormous amounts of computing power for an extended period of time, then they will not be able to solve 24! at the moment. As processors continue to become cheaper and more powerful, though, then I would expect that cracking the seed phrase to become reasonably possible in the future.

Although, will likely for a long time only be used against high profile targets. So, in other words a target which they know has a lot of Bitcoin stored with that seed. Obviously, this has very limited use cases, since it would require someone storing their seed in a randomised way at least compared to how they generated the seed, and the attack would have to know they've got enough Bitcoin in it to justify the attack. So, while it will definitely get more probable in time, the use case of it is limited to say the least.

It's way more likely for you to forget the order and lose the coins forever than the risk of someone finding your seed and stealing your coins.

Even if you were somehow confident you couldn't forget it in the traditional ways of forgetting. There could be potential issues with your health, which means you could be the victim of memory loss, rather than just simply forgetting. That isn't something you can plan for, however if someone in your family knows you were into Bitcoin, and you discovered the seed in a safe location, but didn't know what it was initially, likely you could or your family could piece two, and two together if the seed was stored in the correct sequence. That possibility is largely lost if the seed is stored any different to how it was originally generated.

[n0nce]

Even if you were somehow confident you couldn't forget it in the traditional ways of forgetting. There could be potential issues with your health, which means you could be the victim of memory loss, rather than just simply forgetting. That isn't something you can plan for, however if someone in your family knows you were into Bitcoin, and you discovered the seed in a safe location, but didn't know what it was initially, likely you could or your family could piece two, and two together if the seed was stored in the correct sequence. That possibility is largely lost if the seed is stored any different to how it was originally generated.

I feel this is only going to get more relevant as OG Bitcoiners are starting to get older, and some already left us (R.I.P. Hal - read something from him the other day again).

I'd also argue that if you're storing amounts that could make sense to store in such a risky way such as proposed here, you should just afford (and invest in) an adequate physical security measure, such as buying a few safes and distributing copies of the seed in various locations where you put those safes. Or make it a multisig while you're at it.

Passphrase would be the one tricky thing where I'd say: it's standardized, so you can use it, but do make sure you leave behind the passphrase together with the seed if something's going to happen to you (memory loss, ...). At that point (if it's written / stamped) you could also argue its usefulness in terms of added security, though. So standard passphrase feature would be the maximum 'cryptography added to a seed' that I feel comfortable recommending.

[larry_vw_1955]

Coming up with your own scrambling scheme will likely lead to loss of your coins.

what if it is a very simple scrambling scheme? like swapping the first two words.

[n0nce]

Coming up with your own scrambling scheme will likely lead to loss of your coins.

what if it is a very simple scrambling scheme? like swapping the first two words.

You better be dead sure that whoever you'd like to pass the coins down to in case of memory loss or other unfortunate event remembers this. But it does sound less tricky than a complete scramble of all words.
It will be easier to crack, though. Especially with it being the first two (and not 'two random') words, in a simple brute-force 'descrambling' script this would probably be the very first attempt (at least how I would code it)...

[dkbit98]

what if it is a very simple scrambling scheme? like swapping the first two words.

It's not a good idea to do this and depend on your fragile memory to remember this, without making some written backup.
I will give one real life example of password I use everyday for entering one building all the time, and I thought that I memorized it very well.
One day I was not felling good and when I got to the building my brain was just stuck and I couldn't remember combination to open the door.
As we get older this is is going to get worse for most people, that is without serious illnesses like Alzheimer's, so I don't consider BRAIN to be good long term hardware device for keeping secrets

[nullama]

You're much better off creating a passphrase along with your 24 words.

Just memorize the passphrase and keep the 24 words in the original order.

Even if an attacker gets your words, they won't have your passphrase, so it's still safe.

But if you move the words around you'll probably forget about it, and lose all your money, no attacker needed.

[larry_vw_1955]

You're much better off creating a passphrase along with your 24 words.

Just memorize the passphrase and keep the 24 words in the original order.

Even if an attacker gets your words, they won't have your passphrase, so it's still safe.

But if you move the words around you'll probably forget about it, and lose all your money, no attacker needed.

i dont know about that. if someone's memory is so good that they can memorize a high entropy passphrase then why can't they just commit their 24 word seed phrase to their memory instead?

OTOH, if we could agree that the passphrase must be stored somewhere then isn't that the same as storing the details about how the seed phrase was scrambled?

people might argue that they can easily remember a passphrase maybe that is true for one single passphrase but try and do that for multiple things and it might get alot harder unless you use the same passphrase for all of them.

[PrimeNumber7]

Coming up with your own scrambling scheme will likely lead to loss of your coins.

what if it is a very simple scrambling scheme? like swapping the first two words.

<>
It will be easier to crack, though. Especially with it being the first two (and not 'two random') words, in a simple brute-force 'descrambling' script this would probably be the very first attempt (at least how I would code it)...

How would you even know that the words are scrambled, or even that the set of words you have are a seed?

If someone is keeping their seed hidden in what they hope to be a safe place, they likely are not going to want to label the seed, or advertise how much coin is "in" the seed.

For an adversary, I don't think it would be a good use of resources to attempt to (efficiently) brute force the seed with a given set of words.

[Charles-Tim]

Conclusion: save your seed as it is, do not invent new ways of protection.

I think probably mirek92 just want to have knowledge about it, the worst thing someone can do to seed phrase is to disarrange the seed words.

@mirek92
That should just be for the sake of knowing, best to backup your seed phrase rather than looking for a ways you think is secure but that can lead to you losing your seed phrase and your coins.

what if it is a very simple scrambling scheme? like swapping the first two words.

Not recommendable, backup the seed phrase as it is, if you think you are not secure enough about it, you can add passphrase to it and/or make use of multisig wallet, or the use of sharmir secret sharing encryption or any other recommended means ofencryption.

memorize the passphrase and keep the 24 words in the original order.

Better not to only memorize passphrase and never depend on anything you memorize. You can backup the passphrase on a different paper and stored in a different location, this is much better.

[PawGo]

Coming up with your own scrambling scheme will likely lead to loss of your coins.

what if it is a very simple scrambling scheme? like swapping the first two words.

I would be more "smart".
In my opinion, if you really want to do it, you should shuffle that way that you will receive a correct seed.
That way, someone who intercept it, will not know what something is wrong - seed is correct (checksum ok), just no coins.

[o_e_l_e_o]

(R.I.P. Hal - read something from him the other day again).

It was the anniversary of this post - Bitcoin and me (Hal Finney)

At that point (if it's written / stamped) you could also argue its usefulness in terms of added security, though.

Your passphrase should absolutely be backed up on paper on steel, but crucially stored separately to your seed phrase. A strong passphrase will then provide a significant amount of additional security.

what if it is a very simple scrambling scheme? like swapping the first two words.

If it's easy to remember then it's easy to crack.

Just memorize the passphrase and keep the 24 words in the original order.

No - back up your passphrase, but store it separately to your seed phrase. Remembering a complex enough passphrase is just as risky as trying to remember some custom order of words.