12 word vs 24 word seed

[22bits]

I notice that ledger allows for a 24 word seed phrase, electrum uses a 12 word seed.  Also I see that a 24 word seed from ledger can be imported into electrum.  Is a 12 word seed generally viewed as a safe route from a security point of view? 

I know this is a different thing since the words were known, but it is interesting that the same technique would not work with a 24 word seed.
https://cointelegraph.com/news/bitcoin-advocate-cracks-known-12-word-seed-phrase-in-minutes

[1714185837]

1714185837

[1714185837]

1714185837

[1714185837]

1714185837

[1714185837]

1714185837

[1714185837]

1714185837

[hosseinimr93]

A 12 word seed phrase is secure enough.
A 12 word BIP39 seed phrase provides 128 bits of security and since a private key provides 128 bits of entropy, 12 words are enough.

It may worth mentioning that you can generate a 24 word seed phrase using electrum too.  To do so, you need to go to console tab and use the following command.

Code:

make_seed(256)

Just note that a seed phrase generated by electrum isn't BIP39. Electrum uses its own algorithm.

[Yamane_Keto]

https://cointelegraph.com/news/bitcoin-advocate-cracks-known-12-word-seed-phrase-in-minutes

Stop taking your information from sources that do not verify the accuracy of the data contained in them, Cointelegraph articles are not for educational purposes and most of them are for paid advertising.


12 word provides 128 bits of entropy which is 2^128 = 3.4028237e+38
24 word provides 256 bits of entropy which is 2^256 = 1.1579209e+77

But according to current data, even the most powerful devices need hundreds of years to guess these words, not to mention all the resources needed to achieve this. All you can do is transfer your transactions every year and you will be safe.

Notice that even if someone knows the 12 words but doesn't know the order, they still need 12! possible combinations (12! = 479.001.600) this is for non repeated words.

https://bitcointalk.org/index.php?topic=5450465.msg62160956#msg62160956
https://bitcointalk.org/index.php?topic=5450411.msg62158667#msg62158667

Unfortunately, the same article has been discussed several times here, which indicates the importance of knowing where we learn from and not believing any information without verifying its sources.

[jrrsparkles]

I know this is a different thing since the words were known, but it is interesting that the same technique would not work with a 24 word seed.
https://cointelegraph.com/news/bitcoin-advocate-cracks-known-12-word-seed-phrase-in-minutes

12 words or 24 words the possibility of cracking its almost impossible but if someone got your seeds but its not in the particular order then 24 words seeds is more secured compared to the 12 words but don't forget even with 12 words it will comes around half billion combinations.

As mentioned above both is secured enough and impossible to crack unless you exposes the word but the irony is the article says the one who cracked 12 words seeds got $29 worth of BTC as bounty.

[DireWolfM14]

I notice that ledger allows for a 24 word seed phrase, electrum uses a 12 word seed.  Also I see that a 24 word seed from ledger can be imported into electrum.  Is a 12 word seed generally viewed as a safe route from a security point of view?  

I know this is a different thing since the words were known, but it is interesting that the same technique would not work with a 24 word seed.
https://cointelegraph.com/news/bitcoin-advocate-cracks-known-12-word-seed-phrase-in-minutes

12-word seeds are plenty safe.  Cracking a 12-Word seed that was generated with the appropriate entropy (which any reputable hardware wallet would provide) would take the fastest computer many millennia.  The Trezor One will ask you if you want a 12 or 24 word phrase, but you are correct that the Trezor Model T will default to 12 words.  I recommend Trezor over Ledger, but if the 12-word phrase is stopping you from buying a Model T, don't let it.  You can use Electrum to initiate your Model T and it'll allow you a choice of 12, 18, or 24 words.  That's how I set up my Model T, and I use a 24-word phrase.

[22bits]

It may worth mentioning that you can generate a 24 word seed phrase using electrum too.  To do so, you need to go to console tab and use the following command.

Code:

make_seed(256)

Thank you a bunch for this.  Still somewhat used to a 24 word seed so this is very helpful. 

[mocacinno]

--snip--

I recommend Trezor over Ledger, but if the 12-word phrase is stopping you from buying a Model T, don't let it.
--snip--

Ledger got caught with their hands in the cookie jar again. In the past, they have claimed (on numerous occasions) that the private key could never leave their closed source secure element. Now, they released a "feature" that is able to shard your key into 3 pieces and send it to 3 corporations "for safe keeping".
At this point, i'd never promote ledger again, even if they automatically give the option of a 24 word seed... It's much better to have a 12 word seed that cannot leave the secure element (ever) than having a 24 word seed that could be extracted with (closed source!!!) firmware.

Like it has already been said: there are perfectly good ways of using a 24 word seed on a trezor, or on an other trusted hardware wallet without having to resort to a company that have been caught twisting the truth...

[o_e_l_e_o]

But according to current data, even the most powerful devices need hundreds of years to guess these words

Millions of years.

Notice that even if someone knows the 12 words but doesn't know the order, they still need 12! possible combinations (12! = 479.001.600) this is for non repeated words.

Yes, but this is an almost trivial amount to brute force, and can be done in under an hour. 24!, on the other hand, is impossible.

Regardless, if the security of your set up relies on someone not being able to descramble your words after they have found them, you are doing a lot of things very wrong. I would never recommend scrambling a seed phrase. The most likely outcome is not some added security, but that you are unable to recover your back up.

Like it has already been said: there are perfectly good ways of using a 24 word seed on a trezor, or on an other trusted hardware wallet without having to resort to a company that have been caught twisting the truth...

Seed phrases can be extracted from Trezor devices, with another exploit being demonstrated in just the last 24 hours (https://www.youtube.com/watch?v=50eiA-75NMY), not to mention Trezor's support of censorship and government blacklists. I would never use either a Ledger or a Trezor device.

[mocacinno]

--snip--

Like it has already been said: there are perfectly good ways of using a 24 word seed on a trezor, or on an other trusted hardware wallet without having to resort to a company that have been caught twisting the truth...

Seed phrases can be extracted from Trezor devices, with another exploit being demonstrated in just the last 24 hours (https://www.youtube.com/watch?v=50eiA-75NMY), not to mention Trezor's support of censorship and government blacklists. I would never use either a Ledger or a Trezor device.

I watched the video briefly... If i got it correctly, they required physical access to the device in order to do a flash dump which was then fed to a GPU cluster for brute forcing the pincode. IIRC, this is an old vulnerability that's just been brought up once again to show that there is no absolute safety. A hacker would need physical access to your device and access to a cluster to bruteforce your pin. I guess he'll be out of luck with my extended seed phrase tough

I do consider this to be different than the ledger attack vector which does not need physical access. As a matter of fact, ledger is actually sending 3 shards created by a  2 out of 3 ssss  scheme to 3 "trusted" companys. If 2 of those company's decide to work together, they can reconstruct all private keys from all clients that decided to enable this ledger "feature", and it also shows that if somebody is able to inject code into ledger's closed source firmware, the hardware will be capable of extracting the seed and sending it to wherever the person that injected the code wants without any physical access.

Ledger just went as far as extracting the key from your hardware wallet themselves (by design) using official firmware. You only need 2 employees that have access to 2 of the 3 key shards that decide to rob all their clients and it's done... I just think the scale, complexity, risk,... are completely different between this trezor vulnerability and the ledger vulnerability.

Don't get me wrong: i'm not on trezor's payroll... The vulnerability exists whilst in a best case scenario it shouldn't... If there are other vendors that are as thoroughly vetted as trezor without such a vulnerability, it would be better to use those... Or even better, use an airgapped setup with core or electrum... Or a properly generated paper wallet...

[o_e_l_e_o]

I guess he'll be out of luck with my extended seed phrase tough

Which would also be the same situation if someone compromised your seed phrase via Ledger Recover.

I do consider this to be different than the ledger attack vector which does not need physical access.

Only if you opt in to it. If you are smart and don't opt in to it, then an attacker would need physical access to your device to opt in to it on your behalf, and then compromise and decrypt your shares. At this point, breaking the Trezor device as demonstrated will probably be easier.

Ledger just went as far as extracting the key from your hardware wallet themselves (by design) using official firmware.

Also true, but again, couldn't Trezor just do the same thing on their device?

The only point I am making is that swapping one flawed hardware device for another flawed hardware device isn't exactly a smart move. Either find an open source hardware wallet which is permanently airgapped and never connects to a computer, or as you say (and my personal preference) used airgapped encrypted cold storage.

[Aikidoka]

There isn't a much difference in security between having a seed phrase containing 24 words versus 12 words. Both are highly secure and cannot be cracked or brute-forced using the current hardware available. So, going from 12 words to 24 words doesn't necessarily provide additional security. However, it's important to ensure that none of the words from your seed phrase are exposed and to store it offline. This can be done through a hardware wallet (Of course excluding Ledger) or an air-gapped device which is considered even safer.

As mentioned above both is secured enough and impossible to crack unless you exposes the word but the irony is the article says the one who cracked 12 words seeds got $29 worth of BTC as bounty.

I've seen this article few weeks ago and It was clear that it's crack-able seeing how much the bounty is lol , exposing your 12 words in a random positions is brut-forced in a few minutes as the article mentioned, but it is generally advised not to tamper with the order of seed phrase words or engage in risky practices. Instead, it is recommended to follow proper security measures such as keeping the seed phrase private, offline, and stored in a secure location or using a trusted hardware wallet.

[dkbit98]

I notice that ledger allows for a 24 word seed phrase, electrum uses a 12 word seed.  Also I see that a 24 word seed from ledger can be imported into electrum.  Is a 12 word seed generally viewed as a safe route from a security point of view?  

Twelve words are perfectly safe, and some security experts even claim that it is easier to keep safe (and maybe even remembered) 12 words instead of 24, and there is lees chance of making any mistakes.
However, I wouldn't dare of trusting my brain and memory for storing seed words, especially when I have perfectly good stainless steel and perfectly simple piece of paper.
Always remember to first check if seed words correct by restoring wallet and testing with small transaction, than make multiple backups.

[Wronsk]

A 12 word seed phrase is secure enough.
A 12 word BIP39 seed phrase provides 128 bits of security and since a private key provides 128 bits of entropy, 12 words are enough.

It may worth mentioning that you can generate a 24 word seed phrase using electrum too.  To do so, you need to go to console tab and use the following command.

Code:

make_seed(256)

Just note that a seed phrase generated by electrum isn't BIP39. Electrum uses its own algorithm.

How to generate a 24 words seed with a passphrase ? I just tested to select "add words" and put a password when I import a seed but it's impossible to click on next.

[hosseinimr93]

How to generate a 24 words seed with a passphrase ? I just tested to select "add words" and put a password when I import a seed but it's impossible to click on next.

It should work. You probably did something wrong.
Use the above command on console to generate a 24 word seed phrase. Create a new wallet. Select "Standard wallet" and then "I already have a seed". Click on "options" and check "Extend this seed with custom words". Enter your 24 word seed phrase, then your passphrase and click "Next".

[Yamane_Keto]

How to generate a 24 words seed with a passphrase ? I just tested to select "add words" and put a password when I import a seed but it's impossible to click on next.

According to this https://github.com/spesmilo/electrum/blob/master/electrum/commands.py
we have

Code:

@command('')
    async def create(self, passphrase=None, password=None, encrypt_file=True, seed_type=None, wallet_path=None):
        """Create a new wallet.
        If you want to be prompted for an argument, type '?' or ':' (concealed)
        """

so command is

Code:

create(passphrase=YOUR_PASSPHARE_HERE,seed_type=None)

If GUI option does not work, then this code will work.

I do not advise you to try, it is a double-edged option. It is true that you will enjoy the maximum safety, as it is very very very impossible to brute force 25 words, but on the other hand, the possibility of missing or not correct arrangement of these words is higher than 12 words.

12 words are safe against bruteforce attacks and passphare is extra security vs physical attracts but24 words seed with a passphrase are complicating the recovery mechanism for no additional benefit.

[Wronsk]

How to generate a 24 words seed with a passphrase ? I just tested to select "add words" and put a password when I import a seed but it's impossible to click on next.

It should work. You probably did something wrong.
Use the above command on console to generate a 24 word seed phrase. Create a new wallet. Select "Standard wallet" and then "I already have a seed". Click on "options" and check "Extend this seed with custom words". Enter your 24 word seed phrase, then your passphrase and click "Next".

https://i.ibb.co/JyPM7H3/electrum.png

As you can see I can't click on "next"

[hosseinimr93]

As you can see I can't click on "next"

You shouldn't enter your passphrase there.
Enter your 24 words without the passphrase and click on "Next" button. After that, you will see a new window in which you will be asked to enter your passphrase.

[Wronsk]

As you can see I can't click on "next"

You shouldn't enter your password there.
Enter your 24 words without the passphrase and click on "Next" button. After that, you will see a new window in which you will be asked to enter your passphrase.

Oh thank you so much I missed that. Don't worry, it's not my password or my seed.