Bitcoin Forum
November 01, 2024, 11:50:24 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Create a seed from a selection of words  (Read 1186 times)
unamic (OP)
Jr. Member
*
Offline Offline

Activity: 35
Merit: 2


View Profile
May 26, 2022, 08:32:55 PM
 #1

Hello dear community,

I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.

I would prefer if the whole thing is open source and I can possibly create it on my computer without internet (maybe a github project based on python).

And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?

Best wishes,

unamic
LoyceMobile
Hero Member
*****
Offline Offline

Activity: 1696
Merit: 701


LoyceV on the road. Or couch.


View Profile WWW
May 26, 2022, 08:36:17 PM
 #2

Why would you want that? It's much less secure if you don't use a proper random.

LoyceV on the road Advertise here for LN Don't deal with this account (exception)
Advertise here for LN Tip my kids Exchange LN (20 coins). 1% fee. No KYC <€50/month
My useful topics: Meritt & Trust & Moreee Art Advertise here for LN Foru[url=https://bitcointalk.org/m
unamic (OP)
Jr. Member
*
Offline Offline

Activity: 35
Merit: 2


View Profile
May 26, 2022, 08:47:27 PM
 #3

because i want to try to recover a wallet for which i know the words but not the order of the words. I'm actually also missing a word, that is, the tool should be such that I can say these 23 words must definitely occur. The last word can be used from the 2048.
LoyceMobile
Hero Member
*****
Offline Offline

Activity: 1696
Merit: 701


LoyceV on the road. Or couch.


View Profile WWW
May 26, 2022, 09:02:02 PM
 #4

There's brute forcing software for this, but if you have 24 words in random order, you won't find it. With 12 words it might be possible.

LoyceV on the road Advertise here for LN Don't deal with this account (exception)
Advertise here for LN Tip my kids Exchange LN (20 coins). 1% fee. No KYC <€50/month
My useful topics: Meritt & Trust & Moreee Art Advertise here for LN Foru[url=https://bitcointalk.org/m
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3400



View Profile
May 26, 2022, 09:02:26 PM
Merited by vapourminer (3)
 #5

I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.
And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?

You can create a seed phrase from as few words as you like using your own method. But anyone who knows the words you are selecting from will have an easier time guessing the phrase. One problem with selecting from a subset of words is that the standard construction of the phrase involves a checksum. A wallet validating your phrase might say the phrase is invalid.

The probability of a word being repeated in a 12-word (from 2048 words) phrase is 1 - 2048!/(2036!204812) = 3%



Edit: I wrote that before reading your followup post.

The is no possibility of success with a 24-word phrase because there are just too many possibilities. A 12-word phrase will take a very long time. There are tools that might help: btcrecover and FinderOuter

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
unamic (OP)
Jr. Member
*
Offline Offline

Activity: 35
Merit: 2


View Profile
May 26, 2022, 09:10:26 PM
Last edit: May 26, 2022, 09:24:42 PM by unamic
 #6

even if it takes a long time let's assume i have 24 words then can this also occur in another existing sequence of the rhine?

simply combining the words somehow doesn't work, it has to have a certain validity

I know it's well meant to tell me how long it's going to take or why I shouldn't do it, but it also has a learning background for me even if I don't know much about programming I'd like to know to what extent that's possible and Is there a program for that already?
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
May 27, 2022, 03:42:52 AM
Last edit: May 27, 2022, 04:22:48 AM by nc50lc
 #7

simply combining the words somehow doesn't work, it has to have a certain validity
Yes, the last word is part of the "checksum". It has to be the right one to make the seed phrase valid.

I know it's well meant to tell me how long it's going to take or why I shouldn't do it, but it also has a learning background for me even if I don't know much about programming I'd like to know to what extent that's possible and Is there a program for that already?
The simplest bruteforce formula is 24^24 for disordered 24-word seed, which is 1,333,735,776,850,284,124,449,081,472,843,776 combinations.
Even if you can get up to 1trillions of combinations per second, it would still take 42,292,484,045,227 years to find the right order.
Even 10000-times that speed isn't any better.

Compare it to 12 which is only 8,916,100,448,256 combinations.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
May 27, 2022, 03:52:43 AM
Merited by ABCbits (1), nc50lc (1)
 #8

The simplest bruteforce formula is 24^24 for disordered 24-word seed, which is 1,333,735,776,850,284,124,449,081,472,843,776 combinations.
Considering that OP said they have the words, you should use factorial to compute all the combinations not a power. We have 24 words and for first position we can select one out of 24, the second position one out of remaining 23 and so on. That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
May 27, 2022, 04:15:53 AM
 #9

-snip- That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000
Thanks, then it would only be an average of 19,674 years for 1trillion combinations per second bruteforce speed for a disarranged 24-words seed then.
And only 479,001,600 combinations for a disarranged 12-word seed.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
PawGo
Legendary
*
Offline Offline

Activity: 952
Merit: 1385


View Profile
May 27, 2022, 08:35:39 AM
 #10

I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.

Unusual use case, but you may try to play with my program lostwords : https://github.com/PawelGorny/lostword

You are probably interested in the feature PRINT_SEEDS, where you may provide the list of words you want to use (or '?' for all the words) and then select the seed you like.
 

because i want to try to recover a wallet for which i know the words but not the order of the words. I'm actually also missing a word, that is, the tool should be such that I can say these 23 words must definitely occur. The last word can be used from the 2048.

now we talk about something different, worker PERMUTATION. But with 24 words it a very difficult task.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
May 27, 2022, 08:46:37 AM
 #11

A 12-word phrase will take a very long time.
If you know all 12 words, then btcrecover could descramble this in a matter of hours even with modest hardware, or much faster with good hardware. See: https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example_Descrambling_a_12_word_seed/

However, since OP is talking about 24 words, descrambling this is already impossible. Add in an unknown word and it becomes 2048 times more impossible. Tongue
PawGo
Legendary
*
Offline Offline

Activity: 952
Merit: 1385


View Profile
May 27, 2022, 09:08:57 AM
 #12

However, since OP is talking about 24 words, descrambling this is already impossible. Add in an unknown word and it becomes 2048 times more impossible. Tongue

To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position. So, it is possible to optimize algorithm that after checking 8th correct checksum, it is smart to update 23 first words and do not waste time on the last one.
If you have unknown word in the middle, you may use similar evaluation, BUT it is not precise - because you modify checksum generator, you may say that statistically after 8 hits (for the given "checksum word" on the last position) you may skip work for that combination. Unfortunately, it could happen that more words modified in the middle produce the same checksum, so that approach is wrong (too optimistic). Maybe, maybe if you would set limit of hits to 9-10, it wild make more sense, but still - it is based on guessing.
Cricktor
Legendary
*
Offline Offline

Activity: 938
Merit: 1447


Crypto Swap Exchange


View Profile
May 28, 2022, 07:01:02 AM
Merited by vapourminer (3)
 #13

I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.
...
And I also wanted to ask how likely it is that a word occurs twice in the 12 seed?
Let's agree to some common semantics: seed = big random number; mnemonic seed (words) = the set of commonly 12 or 24 words which represent 128 or 256 bits of randomness/entropy. For HD wallets this entropy is processed by iteration of a key derivation function into a BIP39 seed of 512 bits length from which by rules of derivation path the private and public keys are derived.

Your smaller selection of words will likely leed to a less random seed. It may still be safe but you can't be sure of that. I won't be happy not to know that my seed isn't safely random enough. And as indicated below, usually the mnemonic words are derived from the random seed, not the other way around.

A repeated mnemonic word doesn't matter and can happen. This only means that a sequence of 11 bits is repeated in the seed at certain bit boundaries. While I don't think this happens often, I wouldn't worry too much about it. I'd be suspicious if a word is repeated three or more times because that means the seed is somewhat patterned (which technically can still happen with "true" randomness where every bit sequence in the seed is equally possible).

Considering that OP said they have the words, you should use factorial to compute all the combinations not a power. We have 24 words and for first position we can select one out of 24, the second position one out of remaining 23 and so on. That is 24*23*22*...*1=24! = 620,448,401,733,239,439,360,000
This is not the way a mnemonic seed is made, except you're foolish enough to pick the words yourself from a foolishly chosen set of 24 words out of 2048 and you pick those 24 randomly one after the other from a diminishing set of words. This might not necessarily leed to a weak seed but there's a high chance that something in the process goes (horribly) wrong.

The mnemonic seed words are a human readable representation of a random binary number. The random binary number comes first and is then translated into mnemonic words where every word out of 2048 represents 11 bits of that random binary number. A human is terrible to produce randomness by some arbitrary choice actions. Flipping a coin is OK, rolling dice is OK, if you want to produce 128 bits (12 words out of 2048) or 256 bits (24 words out of 2048) of random entropy.

You can use a smaller word dictionary but then you'd have to use more words for the encoding into mnemonic seed words.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
May 28, 2022, 07:36:01 AM
 #14

This is not the way a mnemonic seed is made,
We weren't talking about creating the seed phrase either!

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5659



View Profile
May 28, 2022, 08:39:02 AM
Last edit: May 28, 2022, 04:11:34 PM by hosseinimr93
 #15

To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average.
It's not that there are always exactly 8 possibilities for the last word.

Edit:
I stand corrected.
Thank you j2002ba2 and PawGo for your explanation.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
May 28, 2022, 09:36:29 AM
 #16

I'd be suspicious if a word is repeated three or more times because that means the seed is somewhat patterned (which technically can still happen with "true" randomness where every bit sequence in the seed is equally possible).
For a 24 word seed, there is a 12.65% of the same word appearing twice or more, and a 0.0479% of the same word appearing three times or more. So one in every 2,000 seed phrases roughly would have the same word three times. So not that unlikely by any means.

The random binary number comes first and is then translated into mnemonic words where every word out of 2048 represents 11 bits of that random binary number.
The last word only contains 7 bits of that number in a 12 word seed phrase, or 3 bits of that number in a 24 word seed phrase. The rest is checksum.
j2002ba2
Full Member
***
Offline Offline

Activity: 206
Merit: 447


View Profile
May 28, 2022, 09:43:34 AM
Merited by hosseinimr93 (6), vapourminer (3)
 #17

To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average.
It's not that there are always exactly 8 possibilities for the last word.
There are always exactly 8 possibilities for the last word for BIP39 (in the 24-word case).

Last word represents 11 bits, 8 of which are checksum. For every of the 3 bits we choose, there is always exactly one word with the needed checksum bits.
PawGo
Legendary
*
Offline Offline

Activity: 952
Merit: 1385


View Profile
May 28, 2022, 10:04:09 AM
Merited by hosseinimr93 (6)
 #18

To be more precise, we may say that if unknown word is on the last position, could be treated as a checksum word (word which contains binary checksum), then the rest (23 words) produce 8 possibilities at the last position.
Assuming the first 23 words are known, there are 8 possibilities for the last word on average.
It's not that there are always exactly 8 possibilities for the last word.
There are always exactly 8 possibilities for the last word for BIP39 (in the 24-word case).
Last word represents 11 bits, 8 of which are checksum. For every of the 3 bits we choose, there is always exactly one word with the needed checksum bits.

Exactly.
In other words:
11 bits * 23 words = 253 bits. But you want to have 256. Each word encodes 11 bits, so any word you take will give you 3 bits of "data" + 8 bits of "checksum". Which means you may have 8 possibilities for a "beginning" of word and 256 possibilities for "end" of word. Any 3 bits you select, produces (with the rest) one of 256 possible checksum.
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7547



View Profile WWW
May 30, 2022, 01:57:04 PM
Merited by vapourminer (3)
 #19

I would like to know if there is a possibility to create a 12 or 24 digit seed from a selection of words and not the whole 2048 words.
You can do that but human brain is known to be bad for creating random results, so I would not do this if you want to hold larger amount of coins.
You could use any eleven words you want and calculate last word to create entropy.
There is a website called seedpicker that can calculate everything for you, you can select any 23 words you want from all 2048 words and last word will be calculated.
This is open source tool, but use it carefully, read their guide and only do it if you know what you are doing:
https://seedpicker.net/calculator/last-word.html

I would prefer if the whole thing is open source and I can possibly create it on my computer without internet (maybe a github project based on python).
You could use iancoleman website totally offline, and it is even advised to be always used like that.
In your browser, select file save-as, and save this page as a file, than double click that file to open it in a browser on your offline computer:
https://iancoleman.io/bip39/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
May 31, 2022, 02:46:09 AM
 #20

You could use any eleven words you want and calculate last word to create entropy.
There is a website called seedpicker that can calculate everything for you, you can select any 23 words you want from all 2048 words and last word will be calculated.
That would give you 121 (instead of 128) bits and 253 (instead of 256) bits of entropy respectively. It may not be important for the second one but your first entropy is going to be a slightly weaker one than the security that bitcoin keys need (at least 128-bits).
This is because the last word is not the checksum, it contains checksum.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!