unamic (OP)
Jr. Member
Offline
Activity: 35
Merit: 2
|
|
May 26, 2022, 08:32:55 PM |
|
Hello dear community,
I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.
I would prefer if the whole thing is open source and I can possibly create it on my computer without internet (maybe a github project based on python).
And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?
Best wishes,
unamic
|
|
|
|
LoyceMobile
|
|
May 26, 2022, 08:36:17 PM |
|
Why would you want that? It's much less secure if you don't use a proper random.
|
|
|
|
unamic (OP)
Jr. Member
Offline
Activity: 35
Merit: 2
|
|
May 26, 2022, 08:47:27 PM |
|
because i want to try to recover a wallet for which i know the words but not the order of the words. I'm actually also missing a word, that is, the tool should be such that I can say these 23 words must definitely occur. The last word can be used from the 2048.
|
|
|
|
LoyceMobile
|
|
May 26, 2022, 09:02:02 PM |
|
There's brute forcing software for this, but if you have 24 words in random order, you won't find it. With 12 words it might be possible.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3400
|
I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words. And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?
You can create a seed phrase from as few words as you like using your own method. But anyone who knows the words you are selecting from will have an easier time guessing the phrase. One problem with selecting from a subset of words is that the standard construction of the phrase involves a checksum. A wallet validating your phrase might say the phrase is invalid. The probability of a word being repeated in a 12-word (from 2048 words) phrase is 1 - 2048!/(2036!2048 12) = 3% Edit: I wrote that before reading your followup post. The is no possibility of success with a 24-word phrase because there are just too many possibilities. A 12-word phrase will take a very long time. There are tools that might help: btcrecover and FinderOuter
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
unamic (OP)
Jr. Member
Offline
Activity: 35
Merit: 2
|
|
May 26, 2022, 09:10:26 PM Last edit: May 26, 2022, 09:24:42 PM by unamic |
|
even if it takes a long time let's assume i have 24 words then can this also occur in another existing sequence of the rhine?
simply combining the words somehow doesn't work, it has to have a certain validity
I know it's well meant to tell me how long it's going to take or why I shouldn't do it, but it also has a learning background for me even if I don't know much about programming I'd like to know to what extent that's possible and Is there a program for that already?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6310
Self-proclaimed Genius
|
|
May 27, 2022, 03:42:52 AM Last edit: May 27, 2022, 04:22:48 AM by nc50lc |
|
simply combining the words somehow doesn't work, it has to have a certain validity
Yes, the last word is part of the " checksum". It has to be the right one to make the seed phrase valid. I know it's well meant to tell me how long it's going to take or why I shouldn't do it, but it also has a learning background for me even if I don't know much about programming I'd like to know to what extent that's possible and Is there a program for that already?
The simplest bruteforce formula is 24^24 for disordered 24-word seed, which is 1,333,735,776,850,284,124,449,081,472,843,776 combinations. Even if you can get up to 1trillions of combinations per second, it would still take 42,292,484,045,227 years to find the right order. Even 10000-times that speed isn't any better. Compare it to 12 which is only 8,916,100,448,256 combinations.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 10994
Crypto Swap Exchange
|
The simplest bruteforce formula is 24^24 for disordered 24-word seed, which is 1,333,735,776,850,284,124,449,081,472,843,776 combinations.
Considering that OP said they have the words, you should use factorial to compute all the combinations not a power. We have 24 words and for first position we can select one out of 24, the second position one out of remaining 23 and so on. That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6310
Self-proclaimed Genius
|
|
May 27, 2022, 04:15:53 AM |
|
-snip- That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000
Thanks, then it would only be an average of 19,674 years for 1trillion combinations per second bruteforce speed for a disarranged 24-words seed then. And only 479,001,600 combinations for a disarranged 12-word seed.
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1385
|
|
May 27, 2022, 08:35:39 AM |
|
I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.
Unusual use case, but you may try to play with my program lostwords : https://github.com/PawelGorny/lostwordYou are probably interested in the feature PRINT_SEEDS, where you may provide the list of words you want to use (or '?' for all the words) and then select the seed you like. because i want to try to recover a wallet for which i know the words but not the order of the words. I'm actually also missing a word, that is, the tool should be such that I can say these 23 words must definitely occur. The last word can be used from the 2048.
now we talk about something different, worker PERMUTATION. But with 24 words it a very difficult task.
|
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1385
|
|
May 27, 2022, 09:08:57 AM |
|
However, since OP is talking about 24 words, descrambling this is already impossible. Add in an unknown word and it becomes 2048 times more impossible. To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position. So, it is possible to optimize algorithm that after checking 8th correct checksum, it is smart to update 23 first words and do not waste time on the last one. If you have unknown word in the middle, you may use similar evaluation, BUT it is not precise - because you modify checksum generator, you may say that statistically after 8 hits (for the given "checksum word" on the last position) you may skip work for that combination. Unfortunately, it could happen that more words modified in the middle produce the same checksum, so that approach is wrong (too optimistic). Maybe, maybe if you would set limit of hits to 9-10, it wild make more sense, but still - it is based on guessing.
|
|
|
|
Cricktor
Legendary
Offline
Activity: 938
Merit: 1447
Crypto Swap Exchange
|
I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words. ... And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?
Let's agree to some common semantics: seed = big random number; mnemonic seed (words) = the set of commonly 12 or 24 words which represent 128 or 256 bits of randomness/entropy. For HD wallets this entropy is processed by iteration of a key derivation function into a BIP39 seed of 512 bits length from which by rules of derivation path the private and public keys are derived. Your smaller selection of words will likely leed to a less random seed. It may still be safe but you can't be sure of that. I won't be happy not to know that my seed isn't safely random enough. And as indicated below, usually the mnemonic words are derived from the random seed, not the other way around. A repeated mnemonic word doesn't matter and can happen. This only means that a sequence of 11 bits is repeated in the seed at certain bit boundaries. While I don't think this happens often, I wouldn't worry too much about it. I'd be suspicious if a word is repeated three or more times because that means the seed is somewhat patterned (which technically can still happen with "true" randomness where every bit sequence in the seed is equally possible). Considering that OP said they have the words, you should use factorial to compute all the combinations not a power. We have 24 words and for first position we can select one out of 24, the second position one out of remaining 23 and so on. That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000
This is not the way a mnemonic seed is made, except you're foolish enough to pick the words yourself from a foolishly chosen set of 24 words out of 2048 and you pick those 24 randomly one after the other from a diminishing set of words. This might not necessarily leed to a weak seed but there's a high chance that something in the process goes (horribly) wrong. The mnemonic seed words are a human readable representation of a random binary number. The random binary number comes first and is then translated into mnemonic words where every word out of 2048 represents 11 bits of that random binary number. A human is terrible to produce randomness by some arbitrary choice actions. Flipping a coin is OK, rolling dice is OK, if you want to produce 128 bits (12 words out of 2048) or 256 bits (24 words out of 2048) of random entropy. You can use a smaller word dictionary but then you'd have to use more words for the encoding into mnemonic seed words.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 10994
Crypto Swap Exchange
|
|
May 28, 2022, 07:36:01 AM |
|
This is not the way a mnemonic seed is made,
We weren't talking about creating the seed phrase either!
|
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2576
Merit: 5659
|
|
May 28, 2022, 08:39:02 AM Last edit: May 28, 2022, 04:11:34 PM by hosseinimr93 |
|
To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average. It's not that there are always exactly 8 possibilities for the last word. Edit: I stand corrected. Thank you j2002ba2 and PawGo for your explanation.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
May 28, 2022, 09:36:29 AM |
|
I'd be suspicious if a word is repeated three or more times because that means the seed is somewhat patterned (which technically can still happen with "true" randomness where every bit sequence in the seed is equally possible).
For a 24 word seed, there is a 12.65% of the same word appearing twice or more, and a 0.0479% of the same word appearing three times or more. So one in every 2,000 seed phrases roughly would have the same word three times. So not that unlikely by any means. The random binary number comes first and is then translated into mnemonic words where every word out of 2048 represents 11 bits of that random binary number. The last word only contains 7 bits of that number in a 12 word seed phrase, or 3 bits of that number in a 24 word seed phrase. The rest is checksum.
|
|
|
|
j2002ba2
|
|
May 28, 2022, 09:43:34 AM |
|
To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average. It's not that there are always exactly 8 possibilities for the last word. There are always exactly 8 possibilities for the last word for BIP39 (in the 24-word case). Last word represents 11 bits, 8 of which are checksum. For every of the 3 bits we choose, there is always exactly one word with the needed checksum bits.
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1385
|
To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average. It's not that there are always exactly 8 possibilities for the last word. There are always exactly 8 possibilities for the last word for BIP39 (in the 24-word case). Last word represents 11 bits, 8 of which are checksum. For every of the 3 bits we choose, there is always exactly one word with the needed checksum bits. Exactly. In other words: 11 bits * 23 words = 253 bits. But you want to have 256. Each word encodes 11 bits, so any word you take will give you 3 bits of "data" + 8 bits of "checksum". Which means you may have 8 possibilities for a "beginning" of word and 256 possibilities for "end" of word. Any 3 bits you select, produces (with the rest) one of 256 possible checksum.
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7547
|
I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words. You can do that but human brain is known to be bad for creating random results, so I would not do this if you want to hold larger amount of coins. You could use any eleven words you want and calculate last word to create entropy. There is a website called seedpicker that can calculate everything for you, you can select any 23 words you want from all 2048 words and last word will be calculated. This is open source tool, but use it carefully, read their guide and only do it if you know what you are doing: https://seedpicker.net/calculator/last-word.htmlI would prefer if the whole thing is open source and I can possibly create it on my computer without internet (maybe a github project based on python).
You could use iancoleman website totally offline, and it is even advised to be always used like that. In your browser, select file save-as, and save this page as a file, than double click that file to open it in a browser on your offline computer: https://iancoleman.io/bip39/
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 10994
Crypto Swap Exchange
|
|
May 31, 2022, 02:46:09 AM |
|
You could use any eleven words you want and calculate last word to create entropy. There is a website called seedpicker that can calculate everything for you, you can select any 23 words you want from all 2048 words and last word will be calculated.
That would give you 121 (instead of 128) bits and 253 (instead of 256) bits of entropy respectively. It may not be important for the second one but your first entropy is going to be a slightly weaker one than the security that bitcoin keys need (at least 128-bits). This is because the last word is not the checksum, it contains checksum.
|
|
|
|
|